From sle-updates at lists.suse.com Mon Apr 3 13:08:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Apr 2017 21:08:25 +0200 (CEST) Subject: SUSE-OU-2017:0911-1: Initial update for locale-formula Message-ID: <20170403190825.22808FF71@maintenance.suse.de> SUSE Optional Update: Initial update for locale-formula ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:0911-1 Rating: low References: #1027642 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the new package locale-formula. locale-formula provides a Salt Formula for SUSE Manager and sets up the locale. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-530=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): locale-formula-0.1-2.1 References: https://bugzilla.suse.com/1027642 From sle-updates at lists.suse.com Mon Apr 3 13:08:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Apr 2017 21:08:51 +0200 (CEST) Subject: SUSE-SU-2017:0912-1: important: Security update for the Linux Kernel Message-ID: <20170403190851.DF8C0FF71@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0912-1 Rating: important References: #1027565 Cross-References: CVE-2017-2636 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege escalation (bnc#1027565) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-13047=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-13047=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13047=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13047=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-97.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-97.1 kernel-default-base-3.0.101-97.1 kernel-default-devel-3.0.101-97.1 kernel-source-3.0.101-97.1 kernel-syms-3.0.101-97.1 kernel-trace-3.0.101-97.1 kernel-trace-base-3.0.101-97.1 kernel-trace-devel-3.0.101-97.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-97.1 kernel-ec2-base-3.0.101-97.1 kernel-ec2-devel-3.0.101-97.1 kernel-xen-3.0.101-97.1 kernel-xen-base-3.0.101-97.1 kernel-xen-devel-3.0.101-97.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-97.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-97.1 kernel-bigmem-base-3.0.101-97.1 kernel-bigmem-devel-3.0.101-97.1 kernel-ppc64-3.0.101-97.1 kernel-ppc64-base-3.0.101-97.1 kernel-ppc64-devel-3.0.101-97.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-97.1 kernel-pae-base-3.0.101-97.1 kernel-pae-devel-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-97.1 kernel-default-debugsource-3.0.101-97.1 kernel-trace-debuginfo-3.0.101-97.1 kernel-trace-debugsource-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-97.1 kernel-trace-devel-debuginfo-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-97.1 kernel-ec2-debugsource-3.0.101-97.1 kernel-xen-debuginfo-3.0.101-97.1 kernel-xen-debugsource-3.0.101-97.1 kernel-xen-devel-debuginfo-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-97.1 kernel-bigmem-debugsource-3.0.101-97.1 kernel-ppc64-debuginfo-3.0.101-97.1 kernel-ppc64-debugsource-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-97.1 kernel-pae-debugsource-3.0.101-97.1 kernel-pae-devel-debuginfo-3.0.101-97.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://bugzilla.suse.com/1027565 From sle-updates at lists.suse.com Mon Apr 3 13:09:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Apr 2017 21:09:20 +0200 (CEST) Subject: SUSE-SU-2017:0913-1: important: Security update for the Linux Kernel Message-ID: <20170403190920.CC2FBFF71@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0913-1 Rating: important References: #1027565 Cross-References: CVE-2017-2636 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege escalation (bnc#1027565) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-kernel-13048=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-kernel-13048=1 - SUSE Manager 2.1: zypper in -t patch sleman21-kernel-13048=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13048=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13048=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13048=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13048=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): kernel-bigsmp-3.0.101-0.47.99.1 kernel-bigsmp-base-3.0.101-0.47.99.1 kernel-bigsmp-devel-3.0.101-0.47.99.1 kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Manager Proxy 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.99.1 kernel-bigsmp-base-3.0.101-0.47.99.1 kernel-bigsmp-devel-3.0.101-0.47.99.1 kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Manager 2.1 (s390x x86_64): kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 - SUSE Manager 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.99.1 kernel-bigsmp-base-3.0.101-0.47.99.1 kernel-bigsmp-devel-3.0.101-0.47.99.1 kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Manager 2.1 (s390x): kernel-default-man-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.99.1 kernel-bigsmp-base-3.0.101-0.47.99.1 kernel-bigsmp-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.99.1 kernel-pae-base-3.0.101-0.47.99.1 kernel-pae-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.99.1 kernel-trace-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-pae-3.0.101-0.47.99.1 kernel-pae-base-3.0.101-0.47.99.1 kernel-pae-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.99.1 kernel-default-debugsource-3.0.101-0.47.99.1 kernel-trace-debuginfo-3.0.101-0.47.99.1 kernel-trace-debugsource-3.0.101-0.47.99.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.99.1 kernel-ec2-debugsource-3.0.101-0.47.99.1 kernel-xen-debuginfo-3.0.101-0.47.99.1 kernel-xen-debugsource-3.0.101-0.47.99.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.99.1 kernel-bigsmp-debugsource-3.0.101-0.47.99.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.99.1 kernel-pae-debugsource-3.0.101-0.47.99.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://bugzilla.suse.com/1027565 From sle-updates at lists.suse.com Mon Apr 3 13:09:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Apr 2017 21:09:44 +0200 (CEST) Subject: SUSE-SU-2017:0914-1: important: Security update for ruby19 Message-ID: <20170403190944.5493EFF71@maintenance.suse.de> SUSE Security Update: Security update for ruby19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0914-1 Rating: important References: #1018808 #986630 Cross-References: CVE-2016-2339 Affected Products: SUSE Studio Onsite Runner 1.3 SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ruby19 fixes the following issues: Security issue fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) Bugfixes: - fix small mistake in the backport for (bsc#986630) - HTTP Header injection in 'net/http' (bsc#986630) - make the testsuite work with our new openssl requirements Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite Runner 1.3: zypper in -t patch slestso13-ruby19-13046=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby19-13046=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite Runner 1.3 (s390x): ruby19-1.9.3.p392-0.26.1 - SUSE Studio Onsite 1.3 (x86_64): ruby19-1.9.3.p392-0.26.1 ruby19-devel-1.9.3.p392-0.26.1 ruby19-devel-extra-1.9.3.p392-0.26.1 References: https://www.suse.com/security/cve/CVE-2016-2339.html https://bugzilla.suse.com/1018808 https://bugzilla.suse.com/986630 From sle-updates at lists.suse.com Mon Apr 3 13:10:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Apr 2017 21:10:18 +0200 (CEST) Subject: SUSE-RU-2017:0915-1: moderate: Recommended update for drbd-utils Message-ID: <20170403191018.13B39FF71@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0915-1 Rating: moderate References: #1006105 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd-utils fixes the following issues: - initialize node id when creating md (bsc#1006105) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-529=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): drbd-utils-8.9.6-8.3.5 drbd-utils-debuginfo-8.9.6-8.3.5 drbd-utils-debugsource-8.9.6-8.3.5 References: https://bugzilla.suse.com/1006105 From sle-updates at lists.suse.com Tue Apr 4 07:08:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Apr 2017 15:08:51 +0200 (CEST) Subject: SUSE-SU-2017:0918-1: moderate: Security update for GraphicsMagick Message-ID: <20170404130851.075A5FF71@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0918-1 Rating: moderate References: #1027255 Cross-References: CVE-2017-6335 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2017-6335: Heap out of bounds write issue when reading CMYKA TIFF files which claim to offer fewer samples per pixel than required (bsc#1027255). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13049=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13049=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13049=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.65.1 libGraphicsMagick2-1.2.5-4.65.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.65.1 libGraphicsMagick2-1.2.5-4.65.1 perl-GraphicsMagick-1.2.5-4.65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.65.1 GraphicsMagick-debugsource-1.2.5-4.65.1 References: https://www.suse.com/security/cve/CVE-2017-6335.html https://bugzilla.suse.com/1027255 From sle-updates at lists.suse.com Tue Apr 4 10:15:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Apr 2017 18:15:46 +0200 (CEST) Subject: SUSE-RU-2017:0930-1: moderate: Recommended update for libzypp, zypper Message-ID: <20170404161546.149C6FF71@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0930-1 Rating: moderate References: #1014265 #1024909 #1028492 #1030136 #1030827 #1030919 #985390 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - Fix X-libcurl-Empty-Header-Workaround. (bsc#1030919, bsc#1030827) - Treat HTTP response 410 (Gone) like 404 (Not Found). (bsc#1030136) - Properly escape XML node content. (bsc#1024909) - Add parsable XML output for listing locks. (bsc#985390) - Don't raise FileCheckException if user accepted a package with wrong digest. (bsc#1014265) - Add more details to pattern documentation. zypper: - Don't show installed system packages if list command is restricted to repos. (bsc#1028492) - Fix invalid XML in GPG key info output. (bsc#1024909) - Add parsable XML output to 'zypper locks'. (bsc#985390) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-538=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-538=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): zypper-log-1.11.62-2.56.3 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libsolv-debugsource-0.6.22-2.22.8.1 libsolv-tools-0.6.22-2.22.8.1 libsolv-tools-debuginfo-0.6.22-2.22.8.1 libzypp-14.45.3-2.62.2 libzypp-debuginfo-14.45.3-2.62.2 libzypp-debugsource-14.45.3-2.62.2 perl-solv-0.6.22-2.22.8.1 perl-solv-debuginfo-0.6.22-2.22.8.1 python-solv-0.6.22-2.22.8.1 python-solv-debuginfo-0.6.22-2.22.8.1 zypper-1.11.62-2.56.3 zypper-debuginfo-1.11.62-2.56.3 zypper-debugsource-1.11.62-2.56.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libsolv-debugsource-0.6.22-2.22.8.1 libsolv-tools-0.6.22-2.22.8.1 libsolv-tools-debuginfo-0.6.22-2.22.8.1 libzypp-14.45.3-2.62.2 libzypp-debuginfo-14.45.3-2.62.2 libzypp-debugsource-14.45.3-2.62.2 perl-solv-0.6.22-2.22.8.1 perl-solv-debuginfo-0.6.22-2.22.8.1 python-solv-0.6.22-2.22.8.1 python-solv-debuginfo-0.6.22-2.22.8.1 zypper-1.11.62-2.56.3 zypper-debuginfo-1.11.62-2.56.3 zypper-debugsource-1.11.62-2.56.3 - SUSE Linux Enterprise Server 12-LTSS (noarch): zypper-log-1.11.62-2.56.3 References: https://bugzilla.suse.com/1014265 https://bugzilla.suse.com/1024909 https://bugzilla.suse.com/1028492 https://bugzilla.suse.com/1030136 https://bugzilla.suse.com/1030827 https://bugzilla.suse.com/1030919 https://bugzilla.suse.com/985390 From sle-updates at lists.suse.com Tue Apr 4 13:08:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Apr 2017 21:08:27 +0200 (CEST) Subject: SUSE-RU-2017:0931-1: moderate: Recommended update for libzypp, zypper Message-ID: <20170404190827.C6F4BFF71@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0931-1 Rating: moderate References: #1004096 #1030012 #1030827 #1030919 #683914 #932393 #985390 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for libzypp and zypper fixes the following issues: libzypp: - Add support for repository authentication using SSL client certificates. (bsc#683914) - Fix SSL client certificate authentication via URL option ssl_clientcert/ssl_clientkey. (bsc#932393, bsc#1030012) - Fix X-libcurl-Empty-Header-Workaround. (bsc#1030919, bsc#1030827) - Let 'dup --from' leave updateTestcase logs in /var/log. (bsc#1004096) zypper: - Add parseable XML output to "zypper locks". (bsc#985390) - Add --matches and --solvables options to "zypper locks". Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-libzypp-13050=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-libzypp-13050=1 - SUSE Manager 2.1: zypper in -t patch sleman21-libzypp-13050=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libzypp-13050=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libzypp-13050=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-libzypp-13050=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libzypp-13050=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libzypp-13050=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libzypp-9.40.5-19.1 zypper-1.6.335-29.9 zypper-log-1.6.335-29.9 - SUSE Manager Proxy 2.1 (x86_64): libzypp-9.40.5-19.1 zypper-1.6.335-29.9 zypper-log-1.6.335-29.9 - SUSE Manager 2.1 (s390x x86_64): libzypp-9.40.5-19.1 zypper-1.6.335-29.9 zypper-log-1.6.335-29.9 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libzypp-devel-9.40.5-19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libzypp-9.40.5-19.1 zypper-1.6.335-29.9 zypper-log-1.6.335-29.9 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libzypp-9.40.5-19.1 zypper-1.6.335-29.9 zypper-log-1.6.335-29.9 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libzypp-9.40.5-19.1 zypper-1.6.335-29.9 zypper-log-1.6.335-29.9 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libzypp-debuginfo-9.40.5-19.1 libzypp-debugsource-9.40.5-19.1 zypper-debuginfo-1.6.335-29.9 zypper-debugsource-1.6.335-29.9 References: https://bugzilla.suse.com/1004096 https://bugzilla.suse.com/1030012 https://bugzilla.suse.com/1030827 https://bugzilla.suse.com/1030919 https://bugzilla.suse.com/683914 https://bugzilla.suse.com/932393 https://bugzilla.suse.com/985390 From sle-updates at lists.suse.com Wed Apr 5 10:13:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2017 18:13:35 +0200 (CEST) Subject: SUSE-RU-2017:0936-1: Recommended update for crda, wireless-regdb Message-ID: <20170405161335.3329BFF71@maintenance.suse.de> SUSE Recommended Update: Recommended update for crda, wireless-regdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0936-1 Rating: low References: #1030085 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update brings the latest version (2017.03.07) of regulatory domain data for wireless communication devices. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-541=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-541=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-541=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-541=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): wireless-regdb-2017.03.07-3.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): crda-1.1.3-3.1 crda-debuginfo-1.1.3-3.1 crda-debugsource-1.1.3-3.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): crda-1.1.3-3.1 crda-debuginfo-1.1.3-3.1 crda-debugsource-1.1.3-3.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): wireless-regdb-2017.03.07-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): crda-1.1.3-3.1 crda-debuginfo-1.1.3-3.1 crda-debugsource-1.1.3-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): wireless-regdb-2017.03.07-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): wireless-regdb-2017.03.07-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): crda-1.1.3-3.1 crda-debuginfo-1.1.3-3.1 crda-debugsource-1.1.3-3.1 References: https://bugzilla.suse.com/1030085 From sle-updates at lists.suse.com Wed Apr 5 10:17:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2017 18:17:31 +0200 (CEST) Subject: SUSE-SU-2017:0940-1: Security update for audiofile Message-ID: <20170405161731.BBDB8FF71@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0940-1 Rating: low References: #1026978 #1026979 #1026980 #1026981 #1026982 #1026983 #1026984 #1026985 #1026986 #1026987 #1026988 #949399 Cross-References: CVE-2015-7747 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This audiofile update fixes the following issue: Security issues fixed: - CVE-2015-7747: Fixed buffer overflow issue when changing both number of channels and sample format. (bsc#949399) - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-542=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-542=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-542=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-542=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-542=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-542=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-542=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 audiofile-devel-0.3.6-10.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 audiofile-devel-0.3.6-10.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libaudiofile1-32bit-0.3.6-10.1 libaudiofile1-debuginfo-32bit-0.3.6-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libaudiofile1-32bit-0.3.6-10.1 libaudiofile1-debuginfo-32bit-0.3.6-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-32bit-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 libaudiofile1-debuginfo-32bit-0.3.6-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-32bit-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 libaudiofile1-debuginfo-32bit-0.3.6-10.1 References: https://www.suse.com/security/cve/CVE-2015-7747.html https://www.suse.com/security/cve/CVE-2017-6827.html https://www.suse.com/security/cve/CVE-2017-6828.html https://www.suse.com/security/cve/CVE-2017-6829.html https://www.suse.com/security/cve/CVE-2017-6830.html https://www.suse.com/security/cve/CVE-2017-6831.html https://www.suse.com/security/cve/CVE-2017-6832.html https://www.suse.com/security/cve/CVE-2017-6833.html https://www.suse.com/security/cve/CVE-2017-6834.html https://www.suse.com/security/cve/CVE-2017-6835.html https://www.suse.com/security/cve/CVE-2017-6836.html https://www.suse.com/security/cve/CVE-2017-6837.html https://www.suse.com/security/cve/CVE-2017-6838.html https://www.suse.com/security/cve/CVE-2017-6839.html https://bugzilla.suse.com/1026978 https://bugzilla.suse.com/1026979 https://bugzilla.suse.com/1026980 https://bugzilla.suse.com/1026981 https://bugzilla.suse.com/1026982 https://bugzilla.suse.com/1026983 https://bugzilla.suse.com/1026984 https://bugzilla.suse.com/1026985 https://bugzilla.suse.com/1026986 https://bugzilla.suse.com/1026987 https://bugzilla.suse.com/1026988 https://bugzilla.suse.com/949399 From sle-updates at lists.suse.com Wed Apr 5 10:22:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2017 18:22:15 +0200 (CEST) Subject: SUSE-RU-2017:0943-1: moderate: Recommended update for nfs-utils Message-ID: <20170405162215.89069FF71@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0943-1 Rating: moderate References: #1005609 #1019211 #945937 #990356 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - Make mount.nfs return failure if statd is being slow to start due to DNS issues. (bsc#945937) - Include various upstream systemd unit file updates to ensure correct starting dependencies of nfsd and rpcbind. (bsc#990356) - Fix typos relating to version setting in nfs-utils_env.sh. (bsc#990356) - Only require a filesystem to be mounted if it isn't marked 'noauto' in /etc/fstab. (bsc#1019211) - Move rpc.svcgssd and corresponding man page from nfs-client package to nfs-kernel-server. For NFSv4.0 this is needed on client as well as the server to support the back-channel. (bsc#1005609) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-540=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-540=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-540=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): nfs-client-1.3.0-30.2 nfs-client-debuginfo-1.3.0-30.2 nfs-doc-1.3.0-30.2 nfs-kernel-server-1.3.0-30.2 nfs-kernel-server-debuginfo-1.3.0-30.2 nfs-utils-debugsource-1.3.0-30.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): nfs-client-1.3.0-30.2 nfs-client-debuginfo-1.3.0-30.2 nfs-doc-1.3.0-30.2 nfs-kernel-server-1.3.0-30.2 nfs-kernel-server-debuginfo-1.3.0-30.2 nfs-utils-debugsource-1.3.0-30.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): nfs-client-1.3.0-30.2 nfs-client-debuginfo-1.3.0-30.2 nfs-kernel-server-1.3.0-30.2 nfs-kernel-server-debuginfo-1.3.0-30.2 nfs-utils-debugsource-1.3.0-30.2 References: https://bugzilla.suse.com/1005609 https://bugzilla.suse.com/1019211 https://bugzilla.suse.com/945937 https://bugzilla.suse.com/990356 From sle-updates at lists.suse.com Wed Apr 5 13:08:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2017 21:08:05 +0200 (CEST) Subject: SUSE-SU-2017:0945-1: moderate: Security update for gimp Message-ID: <20170405190805.5F95DF7D1@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0945-1 Rating: moderate References: #1025717 #1032241 Cross-References: CVE-2007-3126 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gimp fixes the following issues: This security issue was fixed: - CVE-2007-3126: Context-dependent attackers were able to cause a denial of service via an ICO file with an InfoHeader containing a Height of zero (bsc#1032241). These non-security issues were fixed: - bsc#1025717: Prefer lcms2 over lcms1 if both are available - bgo#593576: Preven crash in PDF Import filter when importing large image PDF or specifying high resolution Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-545=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-545=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-545=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gimp-lang-2.8.18-8.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gimp-2.8.18-8.1 gimp-debuginfo-2.8.18-8.1 gimp-debugsource-2.8.18-8.1 gimp-plugins-python-2.8.18-8.1 gimp-plugins-python-debuginfo-2.8.18-8.1 libgimp-2_0-0-2.8.18-8.1 libgimp-2_0-0-debuginfo-2.8.18-8.1 libgimpui-2_0-0-2.8.18-8.1 libgimpui-2_0-0-debuginfo-2.8.18-8.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gimp-debuginfo-2.8.18-8.1 gimp-debugsource-2.8.18-8.1 gimp-devel-2.8.18-8.1 gimp-devel-debuginfo-2.8.18-8.1 libgimp-2_0-0-2.8.18-8.1 libgimp-2_0-0-debuginfo-2.8.18-8.1 libgimpui-2_0-0-2.8.18-8.1 libgimpui-2_0-0-debuginfo-2.8.18-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gimp-2.8.18-8.1 gimp-debuginfo-2.8.18-8.1 gimp-debugsource-2.8.18-8.1 gimp-plugins-python-2.8.18-8.1 gimp-plugins-python-debuginfo-2.8.18-8.1 libgimp-2_0-0-2.8.18-8.1 libgimp-2_0-0-debuginfo-2.8.18-8.1 libgimpui-2_0-0-2.8.18-8.1 libgimpui-2_0-0-debuginfo-2.8.18-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gimp-lang-2.8.18-8.1 References: https://www.suse.com/security/cve/CVE-2007-3126.html https://bugzilla.suse.com/1025717 https://bugzilla.suse.com/1032241 From sle-updates at lists.suse.com Wed Apr 5 13:08:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2017 21:08:41 +0200 (CEST) Subject: SUSE-SU-2017:0946-1: important: Security update for jasper Message-ID: <20170405190841.6DABCF7D1@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0946-1 Rating: important References: #1010977 #1010979 #1011830 #1012530 #1015400 #1015993 #1018088 #1020353 #1021868 #1029497 Cross-References: CVE-2016-10251 CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec (bsc#1012530) - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment (bsc#1010977). - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed. (bsc#1010979) - CVE-2016-9560: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) (bsc#1011830) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy (bsc#1015993) - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-jasper-13051=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-jasper-13051=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-jasper-13051=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libjasper-devel-1.900.14-134.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libjasper-1.900.14-134.32.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libjasper-32bit-1.900.14-134.32.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libjasper-x86-1.900.14-134.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): jasper-debuginfo-1.900.14-134.32.1 jasper-debugsource-1.900.14-134.32.1 References: https://www.suse.com/security/cve/CVE-2016-10251.html https://www.suse.com/security/cve/CVE-2016-8654.html https://www.suse.com/security/cve/CVE-2016-9395.html https://www.suse.com/security/cve/CVE-2016-9398.html https://www.suse.com/security/cve/CVE-2016-9560.html https://www.suse.com/security/cve/CVE-2016-9583.html https://www.suse.com/security/cve/CVE-2016-9591.html https://www.suse.com/security/cve/CVE-2016-9600.html https://www.suse.com/security/cve/CVE-2017-5498.html https://www.suse.com/security/cve/CVE-2017-6850.html https://bugzilla.suse.com/1010977 https://bugzilla.suse.com/1010979 https://bugzilla.suse.com/1011830 https://bugzilla.suse.com/1012530 https://bugzilla.suse.com/1015400 https://bugzilla.suse.com/1015993 https://bugzilla.suse.com/1018088 https://bugzilla.suse.com/1020353 https://bugzilla.suse.com/1021868 https://bugzilla.suse.com/1029497 From sle-updates at lists.suse.com Wed Apr 5 13:10:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2017 21:10:39 +0200 (CEST) Subject: SUSE-RU-2017:0947-1: important: Recommended update for crowbar-openstack Message-ID: <20170405191039.605CCF7D1@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-openstack ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0947-1 Rating: important References: #1004056 #1005120 #1011655 #1013549 #1015324 #1016302 #1018332 #1019668 #1020121 #1030318 #970648 #974495 #976778 #979067 #989783 #990664 #997607 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has 17 recommended fixes can now be installed. Description: This update for crowbar-openstack fixes the following issues: - Disable image_cache_manager_interval. (bsc#1015324) - Fix undefined method [] for nil:NilClass. (bsc#1013549) - cinder: Add configuration option for multipath. (bsc#997607) - cinder: Add Hitachi HUSVM backend support. - cinder: Add NFS backend support. - heat: Change clients endpoints on publicURL. - neutron: Avoid adding a g-neutron group. (bsc#1030318) - neutron: Use internal endpoint for nova notifications - neutron: Improve opflex integration. (bsc#1004056) - neutron: Improve infoblox integration. (bsc#1020121) - neutron: Use internal endpoint for nova notifications. - neutron: Allow deployment of DVR in a cluster. (bsc#974495, bsc#1005120) - neutron: Enable support for LBaaSv2, F5 LBaaS and explicit enablement of l2pop. (bsc#989783) - neutron_service: Allow deployment of DVR in a cluster. (bsc#974495) - neutron-ha-tool: Increase start timeout to 1800 seconds. (bsc#1011655) - nova: Allow to define a custom network for xCAT access. (bsc#976778) - nova: Use a random z/VM instance root password by default. - nova: Allow defining on which network live migration happens. (bsc#990664) - nova: Always set live_migration_flag/block_migration_flag for kvm. - trove: Move missing migration to the proper folder. (bsc#1018332) - trove: Fix configuration when other services are using HA. (bsc#970648) - swift: Disable splice. (bsc#1019668) - swift: Correctly configure memcache for object-expirer. (bsc#979067) - upgrade: Check for run_list_map when searching for ceph nodes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-544=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-openstack-3.0+git.1490730586.690018b-38.1 References: https://bugzilla.suse.com/1004056 https://bugzilla.suse.com/1005120 https://bugzilla.suse.com/1011655 https://bugzilla.suse.com/1013549 https://bugzilla.suse.com/1015324 https://bugzilla.suse.com/1016302 https://bugzilla.suse.com/1018332 https://bugzilla.suse.com/1019668 https://bugzilla.suse.com/1020121 https://bugzilla.suse.com/1030318 https://bugzilla.suse.com/970648 https://bugzilla.suse.com/974495 https://bugzilla.suse.com/976778 https://bugzilla.suse.com/979067 https://bugzilla.suse.com/989783 https://bugzilla.suse.com/990664 https://bugzilla.suse.com/997607 From sle-updates at lists.suse.com Thu Apr 6 07:10:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2017 15:10:43 +0200 (CEST) Subject: SUSE-SU-2017:0948-1: moderate: Security update for ruby Message-ID: <20170406131043.83123F7D1@maintenance.suse.de> SUSE Security Update: Security update for ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0948-1 Rating: moderate References: #926974 #959495 #986630 Cross-References: CVE-2015-1855 CVE-2015-7551 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification (bsc#926974) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) Bugfixes: - fix small mistake in the backport for (bsc#986630) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-ruby-13052=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby-13052=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ruby-13052=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ruby-13052=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ruby-13052=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-ruby-13052=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.19.1 - SUSE Studio Onsite 1.3 (x86_64): ruby-devel-1.8.7.p357-0.9.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.19.1 ruby-doc-html-1.8.7.p357-0.9.19.1 ruby-doc-ri-1.8.7.p357-0.9.19.1 ruby-examples-1.8.7.p357-0.9.19.1 ruby-test-suite-1.8.7.p357-0.9.19.1 ruby-tk-1.8.7.p357-0.9.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.19.1 ruby-doc-html-1.8.7.p357-0.9.19.1 ruby-tk-1.8.7.p357-0.9.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ruby-debuginfo-1.8.7.p357-0.9.19.1 ruby-debugsource-1.8.7.p357-0.9.19.1 - SUSE Lifecycle Management Server 1.3 (x86_64): ruby-devel-1.8.7.p357-0.9.19.1 References: https://www.suse.com/security/cve/CVE-2015-1855.html https://www.suse.com/security/cve/CVE-2015-7551.html https://bugzilla.suse.com/926974 https://bugzilla.suse.com/959495 https://bugzilla.suse.com/986630 From sle-updates at lists.suse.com Thu Apr 6 07:11:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2017 15:11:31 +0200 (CEST) Subject: SUSE-RU-2017:0949-1: Recommended update for harfbuzz Message-ID: <20170406131131.488DFF7D1@maintenance.suse.de> SUSE Recommended Update: Recommended update for harfbuzz ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0949-1 Rating: low References: #1030465 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Harfbuzz was updated to version 1.4.5, which brings several fixes and enhancements: - Fix buffer-overrun in Bengali. - Route Adlam script to Arabic shaper. - Implement OpenType Font Variation tables avar/fvar/HVAR/VVAR. - hb-shape and hb-view now accept --variations. - Always build and use UCDN for Unicode data by default. - Add core of support for OpenType 1.8 Font Variations. - New APIs: - hb_font_set_face(). - hb_font_set_var_coords_normalized(). - HB_OT_LAYOUT_NO_VARIATIONS_INDEX. - hb_ot_layout_table_find_feature_variations(). - hb_ot_layout_feature_with_variations_get_lookups(). - hb_shape_plan_create2(). - hb_shape_plan_create_cached2(). - Deprecate API: hb_graphite2_font_get_gr_font(). - Fix regression in GDEF glyph class processing. - Add decompositions for Chakma, Limbu, and Balinese in USE shaper. - Fix vertical glyph origin in hb-ot-font. - Implement CBDT/CBLC color font glyph extents in hb-ot-font. - Implement parsing of OpenType MATH table. - Blacklist bad GDEF of more fonts. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-549=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-549=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-549=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-549=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-549=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): harfbuzz-debugsource-1.4.5-7.5 libharfbuzz-icu0-32bit-1.4.5-7.5 libharfbuzz-icu0-debuginfo-32bit-1.4.5-7.5 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): harfbuzz-debugsource-1.4.5-7.5 harfbuzz-devel-1.4.5-7.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): harfbuzz-debugsource-1.4.5-7.5 libharfbuzz-icu0-1.4.5-7.5 libharfbuzz-icu0-debuginfo-1.4.5-7.5 libharfbuzz0-1.4.5-7.5 libharfbuzz0-debuginfo-1.4.5-7.5 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): harfbuzz-debugsource-1.4.5-7.5 libharfbuzz-icu0-1.4.5-7.5 libharfbuzz-icu0-debuginfo-1.4.5-7.5 libharfbuzz0-1.4.5-7.5 libharfbuzz0-debuginfo-1.4.5-7.5 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libharfbuzz0-32bit-1.4.5-7.5 libharfbuzz0-debuginfo-32bit-1.4.5-7.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): harfbuzz-debugsource-1.4.5-7.5 libharfbuzz-icu0-1.4.5-7.5 libharfbuzz-icu0-32bit-1.4.5-7.5 libharfbuzz-icu0-debuginfo-1.4.5-7.5 libharfbuzz-icu0-debuginfo-32bit-1.4.5-7.5 libharfbuzz0-1.4.5-7.5 libharfbuzz0-32bit-1.4.5-7.5 libharfbuzz0-debuginfo-1.4.5-7.5 libharfbuzz0-debuginfo-32bit-1.4.5-7.5 References: https://bugzilla.suse.com/1030465 From sle-updates at lists.suse.com Thu Apr 6 07:11:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2017 15:11:55 +0200 (CEST) Subject: SUSE-SU-2017:0950-1: moderate: Security update for libpng15 Message-ID: <20170406131155.5EEF9F7D1@maintenance.suse.de> SUSE Security Update: Security update for libpng15 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0950-1 Rating: moderate References: #1017646 #958791 Cross-References: CVE-2015-8540 CVE-2016-10087 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libpng15 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-548=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-548=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-548=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-548=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-548=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 References: https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-10087.html https://bugzilla.suse.com/1017646 https://bugzilla.suse.com/958791 From sle-updates at lists.suse.com Thu Apr 6 07:12:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2017 15:12:26 +0200 (CEST) Subject: SUSE-SU-2017:0951-1: moderate: Security update for dracut Message-ID: <20170406131226.63928F7D1@maintenance.suse.de> SUSE Security Update: Security update for dracut ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0951-1 Rating: moderate References: #1005410 #1006118 #1007925 #1008340 #1008648 #1017141 #1017695 #1019938 #1020063 #1021687 #902375 Cross-References: CVE-2016-8637 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for dracut fixes the following issues: Security issues fixed: - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340) Non security issues fixed: - Remove zlib module as requirement. (bsc#1020063) - Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938) - Resolve symbolic links for -i and -k parameters. (bsc#902375) - Enhance purge-kernels script to handle kgraft patches. (bsc#1017141) - Allow booting from degraded MD arrays with systemd. (bsc#1017695) - Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687) - Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925) - Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-547=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-547=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-547=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-547=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dracut-044-108.1 dracut-debuginfo-044-108.1 dracut-debugsource-044-108.1 dracut-fips-044-108.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dracut-044-108.1 dracut-debuginfo-044-108.1 dracut-debugsource-044-108.1 dracut-fips-044-108.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dracut-044-108.1 dracut-debuginfo-044-108.1 dracut-debugsource-044-108.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): dracut-044-108.1 dracut-debuginfo-044-108.1 dracut-debugsource-044-108.1 References: https://www.suse.com/security/cve/CVE-2016-8637.html https://bugzilla.suse.com/1005410 https://bugzilla.suse.com/1006118 https://bugzilla.suse.com/1007925 https://bugzilla.suse.com/1008340 https://bugzilla.suse.com/1008648 https://bugzilla.suse.com/1017141 https://bugzilla.suse.com/1017695 https://bugzilla.suse.com/1019938 https://bugzilla.suse.com/1020063 https://bugzilla.suse.com/1021687 https://bugzilla.suse.com/902375 From sle-updates at lists.suse.com Thu Apr 6 10:09:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2017 18:09:14 +0200 (CEST) Subject: SUSE-RU-2017:0952-1: Recommended update for NetworkManager Message-ID: <20170406160914.BF807F7D1@maintenance.suse.de> SUSE Recommended Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0952-1 Rating: low References: #1009717 #1021665 #960153 #966232 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for NetworkManager provides the following fixes: - Fix NetworkManager crashes when editing the same Wifi the second time in Gnome's Control Center. (bsc#1009717) - Don't ask for new PSK for locally-generated WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY error. (bsc#966232) - Don't overwrite /etc/resolv.conf. (bsc#960153, bsc#1021665) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-553=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-553=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-553=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-553=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-553=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): NetworkManager-lang-1.0.12-12.4 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): NetworkManager-1.0.12-12.4 NetworkManager-debuginfo-1.0.12-12.4 NetworkManager-debugsource-1.0.12-12.4 typelib-1_0-NM-1_0-1.0.12-12.4 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.0.12-12.4 NetworkManager-debugsource-1.0.12-12.4 NetworkManager-devel-1.0.12-12.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): NetworkManager-debuginfo-1.0.12-12.4 NetworkManager-debugsource-1.0.12-12.4 libnm-glib-vpn1-1.0.12-12.4 libnm-glib-vpn1-debuginfo-1.0.12-12.4 libnm-glib4-1.0.12-12.4 libnm-glib4-debuginfo-1.0.12-12.4 libnm-util2-1.0.12-12.4 libnm-util2-debuginfo-1.0.12-12.4 libnm0-1.0.12-12.4 libnm0-debuginfo-1.0.12-12.4 typelib-1_0-NMClient-1_0-1.0.12-12.4 typelib-1_0-NetworkManager-1_0-1.0.12-12.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): NetworkManager-debuginfo-1.0.12-12.4 NetworkManager-debugsource-1.0.12-12.4 libnm-glib-vpn1-1.0.12-12.4 libnm-glib-vpn1-debuginfo-1.0.12-12.4 libnm-glib4-1.0.12-12.4 libnm-glib4-debuginfo-1.0.12-12.4 libnm-util2-1.0.12-12.4 libnm-util2-debuginfo-1.0.12-12.4 libnm0-1.0.12-12.4 libnm0-debuginfo-1.0.12-12.4 typelib-1_0-NMClient-1_0-1.0.12-12.4 typelib-1_0-NetworkManager-1_0-1.0.12-12.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): NetworkManager-1.0.12-12.4 NetworkManager-debuginfo-1.0.12-12.4 NetworkManager-debugsource-1.0.12-12.4 libnm-glib-vpn1-1.0.12-12.4 libnm-glib-vpn1-debuginfo-1.0.12-12.4 libnm-glib4-1.0.12-12.4 libnm-glib4-debuginfo-1.0.12-12.4 libnm-util2-1.0.12-12.4 libnm-util2-debuginfo-1.0.12-12.4 libnm0-1.0.12-12.4 libnm0-debuginfo-1.0.12-12.4 typelib-1_0-NM-1_0-1.0.12-12.4 typelib-1_0-NMClient-1_0-1.0.12-12.4 typelib-1_0-NetworkManager-1_0-1.0.12-12.4 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): NetworkManager-lang-1.0.12-12.4 References: https://bugzilla.suse.com/1009717 https://bugzilla.suse.com/1021665 https://bugzilla.suse.com/960153 https://bugzilla.suse.com/966232 From sle-updates at lists.suse.com Thu Apr 6 10:10:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2017 18:10:22 +0200 (CEST) Subject: SUSE-SU-2017:0953-1: moderate: Security update for jasper Message-ID: <20170406161022.2AA5AF7D1@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0953-1 Rating: moderate References: #1015400 #1018088 #1020353 #1021868 #1029497 Cross-References: CVE-2016-10251 CVE-2016-9583 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-551=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-551=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-551=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-551=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-551=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-551=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-551=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper-devel-1.900.14-194.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper-devel-1.900.14-194.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libjasper1-32bit-1.900.14-194.1 libjasper1-debuginfo-32bit-1.900.14-194.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libjasper1-32bit-1.900.14-194.1 libjasper1-debuginfo-32bit-1.900.14-194.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-32bit-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 libjasper1-debuginfo-32bit-1.900.14-194.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-32bit-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 libjasper1-debuginfo-32bit-1.900.14-194.1 References: https://www.suse.com/security/cve/CVE-2016-10251.html https://www.suse.com/security/cve/CVE-2016-9583.html https://www.suse.com/security/cve/CVE-2016-9600.html https://www.suse.com/security/cve/CVE-2017-5498.html https://www.suse.com/security/cve/CVE-2017-6850.html https://bugzilla.suse.com/1015400 https://bugzilla.suse.com/1018088 https://bugzilla.suse.com/1020353 https://bugzilla.suse.com/1021868 https://bugzilla.suse.com/1029497 From sle-updates at lists.suse.com Thu Apr 6 10:11:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2017 18:11:29 +0200 (CEST) Subject: SUSE-RU-2017:0954-1: Recommended update for saptune Message-ID: <20170406161129.C45F6F7D1@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0954-1 Rating: low References: #1026172 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update enhances saptune to support vendor specific tuning files in /etc/saptune/extra. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2017-552=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): saptune-1.1-6.2 saptune-debuginfo-1.1-6.2 saptune-debugsource-1.1-6.2 References: https://bugzilla.suse.com/1026172 From sle-updates at lists.suse.com Fri Apr 7 07:10:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2017 15:10:03 +0200 (CEST) Subject: SUSE-RU-2017:0960-1: moderate: Recommended update for openvswitch Message-ID: <20170407131003.7A276FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0960-1 Rating: moderate References: #1002734 #1013554 #1021348 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides openvswitch 2.1.3, which brings the following fixes: - datapath: Drop packets when interdev is not up. - dpif-linux: Avoid null dereference if all ports disappear. - datapath/flow_netlink: Fix NDP flow mask validation. - datapath: Use exact lookup for flow_get and flow_del. (bsc#1013554) - dpif: When executing actions needs help, use "set" action to set tunnel. - datapath: Rehash 16-bit skbuff hashes into 32 bits. - openvswitch: Fix a possible deadlock and lockdep warning. (bsc#1021348) - tunnel: Fix bug where misconfiguration persists. - netdev: Safely increment refcount in netdev_open(). - datapath: Fix feature check for HAVE_RXHASH. - datapath: Clear l4_rxhash in skb_clear_hash. - spec: Do not restart the openvswitch service after a package update. (bsc#1002734) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-555=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openvswitch-2.1.3-42.1 openvswitch-debuginfo-2.1.3-42.1 openvswitch-debugsource-2.1.3-42.1 openvswitch-kmp-default-2.1.3_k3.12.69_60.64.32-42.1 openvswitch-kmp-default-debuginfo-2.1.3_k3.12.69_60.64.32-42.1 openvswitch-switch-2.1.3-42.1 openvswitch-switch-debuginfo-2.1.3-42.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): openvswitch-kmp-xen-2.1.3_k3.12.69_60.64.32-42.1 openvswitch-kmp-xen-debuginfo-2.1.3_k3.12.69_60.64.32-42.1 References: https://bugzilla.suse.com/1002734 https://bugzilla.suse.com/1013554 https://bugzilla.suse.com/1021348 From sle-updates at lists.suse.com Fri Apr 7 07:11:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2017 15:11:17 +0200 (CEST) Subject: SUSE-SU-2017:0962-1: Security update for gstreamer-plugins-bad Message-ID: <20170407131117.0BE2EFC60@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-bad ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0962-1 Rating: low References: #1024044 #1024068 Cross-References: CVE-2017-5843 CVE-2017-5848 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed: - CVE-2017-5843: set stream tags to NULL after unrefing (bsc#1024044). - CVE-2017-5848: rewrite PSM parsing to add bounds checking (bsc#1024068). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-554=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-554=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-554=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-554=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-bad-debuginfo-1.8.3-17.2 gstreamer-plugins-bad-debugsource-1.8.3-17.2 gstreamer-plugins-bad-devel-1.8.3-17.2 libgstinsertbin-1_0-0-1.8.3-17.2 libgstinsertbin-1_0-0-debuginfo-1.8.3-17.2 libgsturidownloader-1_0-0-1.8.3-17.2 libgsturidownloader-1_0-0-debuginfo-1.8.3-17.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-bad-1.8.3-17.2 gstreamer-plugins-bad-debuginfo-1.8.3-17.2 gstreamer-plugins-bad-debugsource-1.8.3-17.2 libgstadaptivedemux-1_0-0-1.8.3-17.2 libgstadaptivedemux-1_0-0-debuginfo-1.8.3-17.2 libgstbadaudio-1_0-0-1.8.3-17.2 libgstbadaudio-1_0-0-debuginfo-1.8.3-17.2 libgstbadbase-1_0-0-1.8.3-17.2 libgstbadbase-1_0-0-debuginfo-1.8.3-17.2 libgstbadvideo-1_0-0-1.8.3-17.2 libgstbadvideo-1_0-0-debuginfo-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-17.2 libgstcodecparsers-1_0-0-1.8.3-17.2 libgstcodecparsers-1_0-0-debuginfo-1.8.3-17.2 libgstgl-1_0-0-1.8.3-17.2 libgstgl-1_0-0-debuginfo-1.8.3-17.2 libgstmpegts-1_0-0-1.8.3-17.2 libgstmpegts-1_0-0-debuginfo-1.8.3-17.2 libgstphotography-1_0-0-1.8.3-17.2 libgstphotography-1_0-0-debuginfo-1.8.3-17.2 libgsturidownloader-1_0-0-1.8.3-17.2 libgsturidownloader-1_0-0-debuginfo-1.8.3-17.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-bad-lang-1.8.3-17.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-bad-1.8.3-17.2 gstreamer-plugins-bad-debuginfo-1.8.3-17.2 gstreamer-plugins-bad-debugsource-1.8.3-17.2 libgstadaptivedemux-1_0-0-1.8.3-17.2 libgstadaptivedemux-1_0-0-debuginfo-1.8.3-17.2 libgstbadaudio-1_0-0-1.8.3-17.2 libgstbadaudio-1_0-0-debuginfo-1.8.3-17.2 libgstbadbase-1_0-0-1.8.3-17.2 libgstbadbase-1_0-0-debuginfo-1.8.3-17.2 libgstbadvideo-1_0-0-1.8.3-17.2 libgstbadvideo-1_0-0-debuginfo-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-17.2 libgstcodecparsers-1_0-0-1.8.3-17.2 libgstcodecparsers-1_0-0-debuginfo-1.8.3-17.2 libgstgl-1_0-0-1.8.3-17.2 libgstgl-1_0-0-debuginfo-1.8.3-17.2 libgstmpegts-1_0-0-1.8.3-17.2 libgstmpegts-1_0-0-debuginfo-1.8.3-17.2 libgstphotography-1_0-0-1.8.3-17.2 libgstphotography-1_0-0-debuginfo-1.8.3-17.2 libgsturidownloader-1_0-0-1.8.3-17.2 libgsturidownloader-1_0-0-debuginfo-1.8.3-17.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-bad-lang-1.8.3-17.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-bad-lang-1.8.3-17.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-bad-1.8.3-17.2 gstreamer-plugins-bad-debuginfo-1.8.3-17.2 gstreamer-plugins-bad-debugsource-1.8.3-17.2 libgstadaptivedemux-1_0-0-1.8.3-17.2 libgstadaptivedemux-1_0-0-debuginfo-1.8.3-17.2 libgstbadaudio-1_0-0-1.8.3-17.2 libgstbadaudio-1_0-0-debuginfo-1.8.3-17.2 libgstbadbase-1_0-0-1.8.3-17.2 libgstbadbase-1_0-0-debuginfo-1.8.3-17.2 libgstbadvideo-1_0-0-1.8.3-17.2 libgstbadvideo-1_0-0-debuginfo-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-17.2 libgstcodecparsers-1_0-0-1.8.3-17.2 libgstcodecparsers-1_0-0-debuginfo-1.8.3-17.2 libgstgl-1_0-0-1.8.3-17.2 libgstgl-1_0-0-debuginfo-1.8.3-17.2 libgstmpegts-1_0-0-1.8.3-17.2 libgstmpegts-1_0-0-debuginfo-1.8.3-17.2 libgstphotography-1_0-0-1.8.3-17.2 libgstphotography-1_0-0-debuginfo-1.8.3-17.2 libgsturidownloader-1_0-0-1.8.3-17.2 libgsturidownloader-1_0-0-debuginfo-1.8.3-17.2 References: https://www.suse.com/security/cve/CVE-2017-5843.html https://www.suse.com/security/cve/CVE-2017-5848.html https://bugzilla.suse.com/1024044 https://bugzilla.suse.com/1024068 From sle-updates at lists.suse.com Fri Apr 7 13:08:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2017 21:08:27 +0200 (CEST) Subject: SUSE-SU-2017:0966-1: Security update for gstreamer Message-ID: <20170407190827.B0FC4FC60@maintenance.suse.de> SUSE Security Update: Security update for gstreamer ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0966-1 Rating: low References: #1024051 Cross-References: CVE-2017-5838 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer fixes the following security issues: - A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (bsc#1024051, CVE-2017-5838) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-561=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-561=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-561=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-561=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-debuginfo-1.8.3-9.5 gstreamer-debugsource-1.8.3-9.5 gstreamer-devel-1.8.3-9.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-1.8.3-9.5 gstreamer-debuginfo-1.8.3-9.5 gstreamer-debugsource-1.8.3-9.5 gstreamer-utils-1.8.3-9.5 gstreamer-utils-debuginfo-1.8.3-9.5 libgstreamer-1_0-0-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-1.8.3-9.5 typelib-1_0-Gst-1_0-1.8.3-9.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-lang-1.8.3-9.5 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-1.8.3-9.5 gstreamer-debuginfo-1.8.3-9.5 gstreamer-debugsource-1.8.3-9.5 gstreamer-utils-1.8.3-9.5 gstreamer-utils-debuginfo-1.8.3-9.5 libgstreamer-1_0-0-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-1.8.3-9.5 typelib-1_0-Gst-1_0-1.8.3-9.5 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-lang-1.8.3-9.5 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gstreamer-debuginfo-32bit-1.8.3-9.5 libgstreamer-1_0-0-32bit-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-32bit-1.8.3-9.5 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-lang-1.8.3-9.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-1.8.3-9.5 gstreamer-debuginfo-1.8.3-9.5 gstreamer-debuginfo-32bit-1.8.3-9.5 gstreamer-debugsource-1.8.3-9.5 gstreamer-utils-1.8.3-9.5 gstreamer-utils-debuginfo-1.8.3-9.5 libgstreamer-1_0-0-1.8.3-9.5 libgstreamer-1_0-0-32bit-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-32bit-1.8.3-9.5 typelib-1_0-Gst-1_0-1.8.3-9.5 References: https://www.suse.com/security/cve/CVE-2017-5838.html https://bugzilla.suse.com/1024051 From sle-updates at lists.suse.com Fri Apr 7 13:08:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2017 21:08:52 +0200 (CEST) Subject: SUSE-SU-2017:0967-1: Security update for gstreamer Message-ID: <20170407190852.1B19CFC60@maintenance.suse.de> SUSE Security Update: Security update for gstreamer ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0967-1 Rating: low References: #1024051 Cross-References: CVE-2017-5838 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer fixes the following security issues: - A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (bsc#1024051, CVE-2017-5838) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-562=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-562=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-562=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-debuginfo-1.2.4-2.3.3 gstreamer-debugsource-1.2.4-2.3.3 gstreamer-devel-1.2.4-2.3.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-1.2.4-2.3.3 gstreamer-debuginfo-1.2.4-2.3.3 gstreamer-debugsource-1.2.4-2.3.3 gstreamer-utils-1.2.4-2.3.3 gstreamer-utils-debuginfo-1.2.4-2.3.3 libgstreamer-1_0-0-1.2.4-2.3.3 libgstreamer-1_0-0-debuginfo-1.2.4-2.3.3 typelib-1_0-Gst-1_0-1.2.4-2.3.3 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gstreamer-debuginfo-32bit-1.2.4-2.3.3 libgstreamer-1_0-0-32bit-1.2.4-2.3.3 libgstreamer-1_0-0-debuginfo-32bit-1.2.4-2.3.3 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-lang-1.2.4-2.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-1.2.4-2.3.3 gstreamer-debuginfo-1.2.4-2.3.3 gstreamer-debuginfo-32bit-1.2.4-2.3.3 gstreamer-debugsource-1.2.4-2.3.3 gstreamer-utils-1.2.4-2.3.3 gstreamer-utils-debuginfo-1.2.4-2.3.3 libgstreamer-1_0-0-1.2.4-2.3.3 libgstreamer-1_0-0-32bit-1.2.4-2.3.3 libgstreamer-1_0-0-debuginfo-1.2.4-2.3.3 libgstreamer-1_0-0-debuginfo-32bit-1.2.4-2.3.3 typelib-1_0-Gst-1_0-1.2.4-2.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-lang-1.2.4-2.3.3 References: https://www.suse.com/security/cve/CVE-2017-5838.html https://bugzilla.suse.com/1024051 From sle-updates at lists.suse.com Fri Apr 7 16:08:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2017 00:08:14 +0200 (CEST) Subject: SUSE-RU-2017:0968-1: Recommended update for release-notes-sles Message-ID: <20170407220814.0DBD9F7D1@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0968-1 Rating: low References: #1025369 #1028738 #1030082 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP2 have been updated to document: - SLERT is now called SUSE Linux Enterprise Real Time - Disk Mirroring with Real-Time Enhancement for z Systems (fate#318242) - The YaST Module for SSH Server Configuration Has Been Removed (fate#323175) - Virtualization: Supported Disks Formats and Protocols (fate#317891, bsc#1025369) - NVDIMM Support (fate#319792, bsc#1028738) - Software Requiring Specific Contracts (FATE#316990) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-563=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-563=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): release-notes-sles-12.2.20170331-5.16.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): release-notes-sles-12.2.20170331-5.16.1 References: https://bugzilla.suse.com/1025369 https://bugzilla.suse.com/1028738 https://bugzilla.suse.com/1030082 From sle-updates at lists.suse.com Mon Apr 10 10:09:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Apr 2017 18:09:38 +0200 (CEST) Subject: SUSE-RU-2017:0970-1: Recommended update for libssh2_org Message-ID: <20170410160938.8D18BFC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0970-1 Rating: low References: #1027264 #933336 #967787 #974691 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides libssh2_org 1.4.3, which brings several fixes and enhancements: - Add support for zlib at openssh.com compression. - Return error if a too large package arrives. - Do not leak memory when handling OpenSSL errors. - Improved handling of disabled MD5 algorithm in OpenSSL. - Fail when parsing unknown keys in known_hosts file. - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner. - Always do "forced" window updates to avoid corner case stalls. - Finish in-progress key exchange before sending data. - Verify the packet before accepting it. - Use safer snprintf rather then sprintf in several places. - Advance offset correctly for buffered copies. For a comprehensive list of changes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libssh2_org-13058=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libssh2_org-13058=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libssh2_org-13058=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libssh2-devel-1.4.3-16.10 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libssh2-1-32bit-1.4.3-16.10 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libssh2-1-1.4.3-16.10 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libssh2-1-x86-1.4.3-16.10 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libssh2-1-1.4.3-16.10 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libssh2_org-debuginfo-1.4.3-16.10 libssh2_org-debugsource-1.4.3-16.10 References: https://bugzilla.suse.com/1027264 https://bugzilla.suse.com/933336 https://bugzilla.suse.com/967787 https://bugzilla.suse.com/974691 From sle-updates at lists.suse.com Mon Apr 10 13:08:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Apr 2017 21:08:07 +0200 (CEST) Subject: SUSE-RU-2017:0971-1: Recommended update for openvswitch Message-ID: <20170410190807.C8AEDFC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0971-1 Rating: low References: #1033209 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch adds the following missing packages to SUSE OpenStack Cloud 6: - openvswitch-kmp-default - openvswitch-kmp-default-debuginfo - openvswitch-kmp-xen - openvswitch-kmp-xen-debuginfo Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-566=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): openvswitch-2.5.1-5.1 openvswitch-debuginfo-2.5.1-5.1 openvswitch-debugsource-2.5.1-5.1 openvswitch-kmp-default-2.5.1_k3.12.69_60.64.35-5.1 openvswitch-kmp-default-debuginfo-2.5.1_k3.12.69_60.64.35-5.1 openvswitch-kmp-xen-2.5.1_k3.12.69_60.64.35-5.1 openvswitch-kmp-xen-debuginfo-2.5.1_k3.12.69_60.64.35-5.1 openvswitch-switch-2.5.1-5.1 openvswitch-switch-debuginfo-2.5.1-5.1 References: https://bugzilla.suse.com/1033209 From sle-updates at lists.suse.com Mon Apr 10 19:08:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2017 03:08:12 +0200 (CEST) Subject: SUSE-RU-2017:0972-1: moderate: Recommended update for multipath-tools Message-ID: <20170411010812.77C03FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0972-1 Rating: moderate References: #1004858 #1005255 #1005763 #1008691 #1011400 #1012910 #1019181 #1019798 #986838 #991432 #998893 #998906 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Fix check for new path states, preventing double increments. (bsc#1019798) - Do not select sysfs prioritizer for RDAC arrays. (bsc#1004858) - Do not cache 'access_state' sysfs attribute. (bsc#1004858) - Re-use existing alias from bindings file. (bsc#1005255) - Set DI_SERIAL in 'multipath -ll' output. (bsc#991432) - Add 'need_suspend' to _dm_flush_map. (bsc#986838) - Ignore '-i' if find_multipaths is set. (bsc#1012910) - Imply '-n' if find_multipaths is set. (bsc#1012910) - Use weaker 'force_reload' on startup. (bsc#998906, bsc#998893, bsc#1005763, bsc#1011400) - Update log messages for setup_feature. (bsc#998906, bsc#998893, bsc#1005763, bsc#1011400) - Update feature handling. (bsc#998906, bsc#998893, bsc#1005763, bsc#1011400) - Reload map if not known to udev. (bsc#998906, bsc#998893, bsc#1005763, bsc#1011400) - Differentiate ACT_NOTHING and ACT_IMPOSSIBLE. (bsc#998906, bsc#998893, bsc#1005763, bsc#1011400) - Trigger uevent if nothing done. (bsc#998906, bsc#998893, bsc#1005763, bsc#1011400) - Re-add 'Before: lvm2-activation-early.service' to multipathd.service. (bsc#1019181) - Sanitize how kpartx delete partitions. (bsc#1008691) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-567=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-567=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-567=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-567=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-567=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): multipath-tools-debuginfo-0.6.2+suse20170227.714ac89-74.1 multipath-tools-debugsource-0.6.2+suse20170227.714ac89-74.1 multipath-tools-devel-0.6.2+suse20170227.714ac89-74.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kpartx-0.6.2+suse20170227.714ac89-74.1 kpartx-debuginfo-0.6.2+suse20170227.714ac89-74.1 multipath-tools-0.6.2+suse20170227.714ac89-74.1 multipath-tools-debuginfo-0.6.2+suse20170227.714ac89-74.1 multipath-tools-debugsource-0.6.2+suse20170227.714ac89-74.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kpartx-0.6.2+suse20170227.714ac89-74.1 kpartx-debuginfo-0.6.2+suse20170227.714ac89-74.1 multipath-tools-0.6.2+suse20170227.714ac89-74.1 multipath-tools-debuginfo-0.6.2+suse20170227.714ac89-74.1 multipath-tools-debugsource-0.6.2+suse20170227.714ac89-74.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kpartx-0.6.2+suse20170227.714ac89-74.1 kpartx-debuginfo-0.6.2+suse20170227.714ac89-74.1 multipath-tools-0.6.2+suse20170227.714ac89-74.1 multipath-tools-debuginfo-0.6.2+suse20170227.714ac89-74.1 multipath-tools-debugsource-0.6.2+suse20170227.714ac89-74.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kpartx-0.6.2+suse20170227.714ac89-74.1 kpartx-debuginfo-0.6.2+suse20170227.714ac89-74.1 multipath-tools-debuginfo-0.6.2+suse20170227.714ac89-74.1 multipath-tools-debugsource-0.6.2+suse20170227.714ac89-74.1 References: https://bugzilla.suse.com/1004858 https://bugzilla.suse.com/1005255 https://bugzilla.suse.com/1005763 https://bugzilla.suse.com/1008691 https://bugzilla.suse.com/1011400 https://bugzilla.suse.com/1012910 https://bugzilla.suse.com/1019181 https://bugzilla.suse.com/1019798 https://bugzilla.suse.com/986838 https://bugzilla.suse.com/991432 https://bugzilla.suse.com/998893 https://bugzilla.suse.com/998906 From sle-updates at lists.suse.com Tue Apr 11 10:09:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2017 18:09:30 +0200 (CEST) Subject: SUSE-RU-2017:0978-1: Recommended update for python-enum34 Message-ID: <20170411160930.AAF03F7D1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-enum34 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0978-1 Rating: low References: #1014478 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-enum34 1.1.3, which brings fixes for minor issues and some enhancements. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-571=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-571=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-571=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-571=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-571=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-571=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-571=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-571=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-571=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-571=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-571=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-enum34-1.1.3-7.1 - SUSE OpenStack Cloud 6 (noarch): python-enum34-1.1.3-7.1 - SUSE Manager Server 3.0 (noarch): python-enum34-1.1.3-7.1 - SUSE Manager Proxy 3.0 (noarch): python-enum34-1.1.3-7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): python-enum34-1.1.3-7.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): python-enum34-1.1.3-7.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-enum34-1.1.3-7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-enum34-1.1.3-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): python-enum34-1.1.3-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): python-enum34-1.1.3-7.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-enum34-1.1.3-7.1 References: https://bugzilla.suse.com/1014478 From sle-updates at lists.suse.com Tue Apr 11 10:10:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2017 18:10:06 +0200 (CEST) Subject: SUSE-RU-2017:0979-1: Recommended update for python-pytz Message-ID: <20170411161006.BA2E4FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pytz ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0979-1 Rating: low References: #1027705 #975875 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The python-pytz module was updated to version 2016.10, which provides a newer release of IANA's Timezone Database (2016j). Additionally, this version also improves localtime handling and added a localize() method enabling correct creation of local times. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-569=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-569=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-pytz-2016.10-7.1 - SUSE Enterprise Storage 4 (noarch): python-pytz-2016.10-7.1 References: https://bugzilla.suse.com/1027705 https://bugzilla.suse.com/975875 From sle-updates at lists.suse.com Tue Apr 11 10:11:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2017 18:11:03 +0200 (CEST) Subject: SUSE-RU-2017:0981-1: Recommended update for python-pytz Message-ID: <20170411161103.BE906FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pytz ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0981-1 Rating: low References: #1027705 #975875 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The python-pytz module was updated to version 2016.10, which provides a newer release of IANA's Timezone Database (2016j). Additionally, this version also improves localtime handling and added a localize() method enabling correct creation of local times. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2017-570=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-570=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-570=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-570=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-pytz-2016.10-2.5.1 - SUSE OpenStack Cloud 6 (noarch): python-pytz-2016.10-2.5.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-pytz-2016.10-2.5.1 - SUSE Enterprise Storage 3 (noarch): python-pytz-2016.10-2.5.1 References: https://bugzilla.suse.com/1027705 https://bugzilla.suse.com/975875 From sle-updates at lists.suse.com Tue Apr 11 13:08:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2017 21:08:42 +0200 (CEST) Subject: SUSE-SU-2017:0983-1: important: Security update for xen Message-ID: <20170411190842.D5808FC60@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0983-1 Rating: important References: #1014136 #1015348 #1022555 #1026236 #1027519 #1028235 #1029128 #1029827 #1030144 #1030442 Cross-References: CVE-2017-6505 CVE-2017-7228 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 8 fixes is now available. Description: This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). These non-security issues were fixed: - bsc#1015348: libvirtd didn't not start during boot - bsc#1014136: kdump couldn't dump a kernel on SLES12-SP2 with Xen hypervisor. - bsc#1026236: Fixed paravirtualized performance - bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add" - bsc#1029827: Forward port xenstored - bsc#1029128: Make xen to really produce xen.efi with gcc48 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-572=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-572=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-572=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.2_02-36.1 xen-devel-4.7.2_02-36.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.2_02-36.1 xen-debugsource-4.7.2_02-36.1 xen-doc-html-4.7.2_02-36.1 xen-libs-32bit-4.7.2_02-36.1 xen-libs-4.7.2_02-36.1 xen-libs-debuginfo-32bit-4.7.2_02-36.1 xen-libs-debuginfo-4.7.2_02-36.1 xen-tools-4.7.2_02-36.1 xen-tools-debuginfo-4.7.2_02-36.1 xen-tools-domU-4.7.2_02-36.1 xen-tools-domU-debuginfo-4.7.2_02-36.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.2_02-36.1 xen-debugsource-4.7.2_02-36.1 xen-libs-32bit-4.7.2_02-36.1 xen-libs-4.7.2_02-36.1 xen-libs-debuginfo-32bit-4.7.2_02-36.1 xen-libs-debuginfo-4.7.2_02-36.1 References: https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7228.html https://bugzilla.suse.com/1014136 https://bugzilla.suse.com/1015348 https://bugzilla.suse.com/1022555 https://bugzilla.suse.com/1026236 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1029128 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1030442 From sle-updates at lists.suse.com Tue Apr 11 13:11:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2017 21:11:06 +0200 (CEST) Subject: SUSE-RU-2017:0984-1: moderate: Recommended update for kiwi Message-ID: <20170411191106.A8397FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0984-1 Rating: moderate References: #1014150 #1030740 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides KIWI v7.03.113, which brings several fixes and enhancements: - Fix boot setup in uEFI mode: Revert "Delete obsolete shim code from kiwi", because it was not obsolete for setting up an ISO image to boot via the shim secure boot module. Also revert "Follow up fix for not writing grub.cfg to EFI dir", as this is also needed for the setup of an EFI bootable ISO image. (bsc#1030740) - Fix setupMachineID: Cleaning up existing machine id files by deleting them causes an interactive session to be started by systemd. This is something we don't want. As the consequences of touching the machine id files seems to be too critical the method has been turned into a hook caller. This allows the user to make use of it on their own purpose and by default doesn't mess with the machine id files. - Validate if package memtest86+ is present for Memory Test: Adds a validation to verify if memtest86+ package is included in the kiwi description file before including the 'Memory Test' entry in the Grub configuration. Applies to ISO images. (bsc#1014150) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-574=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2017-574=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-574=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-574=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-574=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (x86_64): kiwi-instsource-7.03.113-71.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kiwi-pxeboot-7.03.113-71.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kiwi-7.03.113-71.2 kiwi-debugsource-7.03.113-71.2 kiwi-desc-oemboot-7.03.113-71.2 kiwi-desc-vmxboot-7.03.113-71.2 kiwi-templates-7.03.113-71.2 kiwi-tools-7.03.113-71.2 kiwi-tools-debuginfo-7.03.113-71.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kiwi-doc-7.03.113-71.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kiwi-7.03.113-71.2 kiwi-debugsource-7.03.113-71.2 kiwi-desc-oemboot-7.03.113-71.2 kiwi-desc-vmxboot-7.03.113-71.2 kiwi-templates-7.03.113-71.2 kiwi-tools-7.03.113-71.2 kiwi-tools-debuginfo-7.03.113-71.2 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): kiwi-desc-netboot-7.03.113-71.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): kiwi-desc-isoboot-7.03.113-71.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): kiwi-doc-7.03.113-71.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kiwi-debugsource-7.03.113-71.2 kiwi-tools-7.03.113-71.2 kiwi-tools-debuginfo-7.03.113-71.2 References: https://bugzilla.suse.com/1014150 https://bugzilla.suse.com/1030740 From sle-updates at lists.suse.com Tue Apr 11 13:11:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2017 21:11:39 +0200 (CEST) Subject: SUSE-RU-2017:0985-1: Recommended update for ovmf Message-ID: <20170411191139.F25D1FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0985-1 Rating: low References: #1030565 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ovmf provides the following fixes: - Update bundled OpenSSL to version 1.0.2k. (bsc#1030565) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-573=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-573=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ovmf-2015+git1462940744.321151f-17.2 ovmf-tools-2015+git1462940744.321151f-17.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-uefi-aarch64-2015+git1462940744.321151f-17.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): ovmf-2015+git1462940744.321151f-17.2 ovmf-tools-2015+git1462940744.321151f-17.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ovmf-x86_64-2015+git1462940744.321151f-17.2 qemu-uefi-aarch64-2015+git1462940744.321151f-17.2 References: https://bugzilla.suse.com/1030565 From sle-updates at lists.suse.com Wed Apr 12 04:08:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2017 12:08:55 +0200 (CEST) Subject: SUSE-RU-2017:0986-1: Recommended update for openslp Message-ID: <20170412100855.385CFFC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for openslp ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0986-1 Rating: low References: #1012814 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openslp fixes the following issues: Provide a variant of libslp1 built against openssl1 for building sblim-sfcb or other libslp.so.1 users against openssl1 (bsc#1012814) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openslp-13059=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openslp-13059=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openslp-13059=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openslp-13059=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): openslp-devel-1.2.0-172.26.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): openslp-server-1.2.0-172.26.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openslp-1.2.0-172.26.2 openslp-server-1.2.0-172.26.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): openslp-32bit-1.2.0-172.26.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): openslp-x86-1.2.0-172.26.2 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libslp1-openssl1-1.2.0-172.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openslp-debuginfo-1.2.0-172.26.2 openslp-debugsource-1.2.0-172.26.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): openslp-debuginfo-32bit-1.2.0-172.26.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): openslp-debuginfo-x86-1.2.0-172.26.2 References: https://bugzilla.suse.com/1012814 From sle-updates at lists.suse.com Wed Apr 12 10:12:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2017 18:12:20 +0200 (CEST) Subject: SUSE-SU-2017:0990-1: important: Security update for flash-player Message-ID: <20170412161220.34D18FC60@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0990-1 Rating: important References: #1033619 Cross-References: CVE-2017-3058 CVE-2017-3059 CVE-2017-3060 CVE-2017-3061 CVE-2017-3062 CVE-2017-3063 CVE-2017-3064 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: Adobe flash-player was updated to 25.0.0.148 to fix the following issues: - Vulnerabilities fixed as advised under APSB17-10: * Use-after-free vulnerabilities that could lead to code execution (CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063). * Resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3060, CVE-2017-3061, CVE-2017-3064). - Details: https://helpx.adobe.com/security/products/flash-player/apsb17-10.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-576=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-576=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-25.0.0.148-165.1 flash-player-gnome-25.0.0.148-165.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-25.0.0.148-165.1 flash-player-gnome-25.0.0.148-165.1 References: https://www.suse.com/security/cve/CVE-2017-3058.html https://www.suse.com/security/cve/CVE-2017-3059.html https://www.suse.com/security/cve/CVE-2017-3060.html https://www.suse.com/security/cve/CVE-2017-3061.html https://www.suse.com/security/cve/CVE-2017-3062.html https://www.suse.com/security/cve/CVE-2017-3063.html https://www.suse.com/security/cve/CVE-2017-3064.html https://bugzilla.suse.com/1033619 From sle-updates at lists.suse.com Wed Apr 12 10:12:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2017 18:12:53 +0200 (CEST) Subject: SUSE-RU-2017:0992-1: Recommended update for gnome-settings-daemon Message-ID: <20170412161253.A8B97FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-settings-daemon ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0992-1 Rating: low References: #1004343 #1005495 #1009515 #979257 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for gnome-settings-daemon fixes the following issues: - Fix 'Shutdown dialog delay 1 to 2 seconds'. (bsc#979257, bgo#774452) - Fix updates notification not popping up. (bsc#1004343) - Fix notification after an offline update was done. (bsc#1005495) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-577=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-577=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-577=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-577=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-settings-daemon-debuginfo-3.20.1-46.1 gnome-settings-daemon-debugsource-3.20.1-46.1 gnome-settings-daemon-devel-3.20.1-46.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-settings-daemon-3.20.1-46.1 gnome-settings-daemon-debuginfo-3.20.1-46.1 gnome-settings-daemon-debugsource-3.20.1-46.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-settings-daemon-lang-3.20.1-46.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gnome-settings-daemon-3.20.1-46.1 gnome-settings-daemon-debuginfo-3.20.1-46.1 gnome-settings-daemon-debugsource-3.20.1-46.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-settings-daemon-lang-3.20.1-46.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-settings-daemon-3.20.1-46.1 gnome-settings-daemon-debuginfo-3.20.1-46.1 gnome-settings-daemon-debugsource-3.20.1-46.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-settings-daemon-lang-3.20.1-46.1 References: https://bugzilla.suse.com/1004343 https://bugzilla.suse.com/1005495 https://bugzilla.suse.com/1009515 https://bugzilla.suse.com/979257 From sle-updates at lists.suse.com Wed Apr 12 13:08:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2017 21:08:50 +0200 (CEST) Subject: SUSE-RU-2017:0995-1: Recommended update for yast2-registration Message-ID: <20170412190850.76028FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0995-1 Rating: low References: #1010387 #1026155 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-registration provides the following fixes: - Remember the state of the checkbox when leaving the dialog. (bsc#1026155) - Fix crash if empty regurl parameter is passed. (bsc#1010387) - Always show installed add-ons, even if they are beta versions. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-578=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-578=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-578=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-registration-3.1.191-24.6.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-registration-3.1.191-24.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): yast2-registration-3.1.191-24.6.1 References: https://bugzilla.suse.com/1010387 https://bugzilla.suse.com/1026155 From sle-updates at lists.suse.com Wed Apr 12 16:08:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 00:08:56 +0200 (CEST) Subject: SUSE-RU-2017:0996-1: moderate: Recommended update for python-cryptography Message-ID: <20170412220856.0F040FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-cryptography ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0996-1 Rating: moderate References: #1014478 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-cryptography 1.1.2, which brings many fixes and enhancements: - Fixed a runtime error 'undefined symbol EC_GFp_nistp224_method' that occurred with some OpenSSL installations. - Fixed several small bugs related to compiling the OpenSSL bindings with unusual OpenSSL configurations. - Added support for Elliptic Curve Diffie-Hellman. - Added support for parsing certificate revocation lists (CRLs). - Add support for AES key wrapping. - Add support for encoding and decoding elliptic curve points to a byte string form. - 'countryName' is now encoded as a 'PrintableString' when creating subject and issuer distinguished names with the Certificate and CSR builder classes. - The OpenSSL backend prior to 1.0.2 made extensive use of assertions to check response codes where our tests could not trigger a failure. However, when Python is run with '-O' these asserts are optimized away. If a user ran Python with this flag and got an invalid response code this could result in undefined behavior or worse. Accordingly, all response checks from the OpenSSL backend have been converted from 'assert' to a true function call. - Set the default string mask to UTF-8 in the OpenSSL backend to resolve character encoding issues with older versions of OpenSSL. - Several new OpenSSL bindings have been added to support a future pyOpenSSL release. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-579=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-579=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-579=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): python-cryptography-1.1.2-3.5.1 python-cryptography-debuginfo-1.1.2-3.5.1 python-cryptography-debugsource-1.1.2-3.5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): python-cryptography-1.1.2-3.5.1 python-cryptography-debuginfo-1.1.2-3.5.1 python-cryptography-debugsource-1.1.2-3.5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): python-cryptography-1.1.2-3.5.1 python-cryptography-debuginfo-1.1.2-3.5.1 python-cryptography-debugsource-1.1.2-3.5.1 References: https://bugzilla.suse.com/1014478 From sle-updates at lists.suse.com Wed Apr 12 19:09:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 03:09:01 +0200 (CEST) Subject: SUSE-RU-2017:0997-1: important: Recommended update for cpio Message-ID: <20170413010901.B06DEFC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpio ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0997-1 Rating: important References: #1028410 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpio fixes the following issues: - A regression caused cpio to crash for tar and ustar archive types [bsc#1028410] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-580=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-580=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-580=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-580=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-580=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-580=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): cpio-2.11-35.1 cpio-debuginfo-2.11-35.1 cpio-debugsource-2.11-35.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): cpio-lang-2.11-35.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): cpio-2.11-35.1 cpio-debuginfo-2.11-35.1 cpio-debugsource-2.11-35.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): cpio-lang-2.11-35.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cpio-2.11-35.1 cpio-debuginfo-2.11-35.1 cpio-debugsource-2.11-35.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): cpio-lang-2.11-35.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): cpio-2.11-35.1 cpio-debuginfo-2.11-35.1 cpio-debugsource-2.11-35.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): cpio-lang-2.11-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cpio-2.11-35.1 cpio-debuginfo-2.11-35.1 cpio-debugsource-2.11-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): cpio-lang-2.11-35.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): cpio-2.11-35.1 cpio-debuginfo-2.11-35.1 cpio-debugsource-2.11-35.1 References: https://bugzilla.suse.com/1028410 From sle-updates at lists.suse.com Wed Apr 12 22:09:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 06:09:36 +0200 (CEST) Subject: SUSE-SU-2017:0998-1: important: Security update for bind Message-ID: <20170413040936.BEF0AFC60@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0998-1 Rating: important References: #1020983 #1033466 #1033467 #1033468 #987866 #989528 Cross-References: CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for bind fixes the following issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. One additional non-security bug was fixed: The default umask was changed to 077. (bsc#1020983) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-582=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-582=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-582=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-582=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-582=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-582=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-582=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-devel-9.9.9P1-59.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-devel-9.9.9P1-59.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bind-9.9.9P1-59.1 bind-chrootenv-9.9.9P1-59.1 bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bind-doc-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): bind-9.9.9P1-59.1 bind-chrootenv-9.9.9P1-59.1 bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-59.1 bind-libs-debuginfo-32bit-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bind-doc-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bind-9.9.9P1-59.1 bind-chrootenv-9.9.9P1-59.1 bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): bind-libs-32bit-9.9.9P1-59.1 bind-libs-debuginfo-32bit-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bind-doc-9.9.9P1-59.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-32bit-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-32bit-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-32bit-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-32bit-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 References: https://www.suse.com/security/cve/CVE-2016-2775.html https://www.suse.com/security/cve/CVE-2016-6170.html https://www.suse.com/security/cve/CVE-2017-3136.html https://www.suse.com/security/cve/CVE-2017-3137.html https://www.suse.com/security/cve/CVE-2017-3138.html https://bugzilla.suse.com/1020983 https://bugzilla.suse.com/1033466 https://bugzilla.suse.com/1033467 https://bugzilla.suse.com/1033468 https://bugzilla.suse.com/987866 https://bugzilla.suse.com/989528 From sle-updates at lists.suse.com Wed Apr 12 22:10:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 06:10:57 +0200 (CEST) Subject: SUSE-SU-2017:0999-1: important: Security update for bind Message-ID: <20170413041057.D68EBFC60@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0999-1 Rating: important References: #1033466 #1033467 #1033468 #987866 #989528 Cross-References: CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for bind fixes the following issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-581=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-581=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): bind-9.9.9P1-28.34.1 bind-chrootenv-9.9.9P1-28.34.1 bind-debuginfo-9.9.9P1-28.34.1 bind-debugsource-9.9.9P1-28.34.1 bind-devel-9.9.9P1-28.34.1 bind-libs-32bit-9.9.9P1-28.34.1 bind-libs-9.9.9P1-28.34.1 bind-libs-debuginfo-32bit-9.9.9P1-28.34.1 bind-libs-debuginfo-9.9.9P1-28.34.1 bind-utils-9.9.9P1-28.34.1 bind-utils-debuginfo-9.9.9P1-28.34.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): bind-doc-9.9.9P1-28.34.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.34.1 bind-chrootenv-9.9.9P1-28.34.1 bind-debuginfo-9.9.9P1-28.34.1 bind-debugsource-9.9.9P1-28.34.1 bind-devel-9.9.9P1-28.34.1 bind-libs-9.9.9P1-28.34.1 bind-libs-debuginfo-9.9.9P1-28.34.1 bind-utils-9.9.9P1-28.34.1 bind-utils-debuginfo-9.9.9P1-28.34.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.34.1 bind-libs-debuginfo-32bit-9.9.9P1-28.34.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.34.1 References: https://www.suse.com/security/cve/CVE-2016-2775.html https://www.suse.com/security/cve/CVE-2016-6170.html https://www.suse.com/security/cve/CVE-2017-3136.html https://www.suse.com/security/cve/CVE-2017-3137.html https://www.suse.com/security/cve/CVE-2017-3138.html https://bugzilla.suse.com/1033466 https://bugzilla.suse.com/1033467 https://bugzilla.suse.com/1033468 https://bugzilla.suse.com/987866 https://bugzilla.suse.com/989528 From sle-updates at lists.suse.com Wed Apr 12 22:11:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 06:11:58 +0200 (CEST) Subject: SUSE-SU-2017:1000-1: important: Security update for bind Message-ID: <20170413041158.E108FFC60@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1000-1 Rating: important References: #1033466 #1033467 #1033468 #987866 #989528 Cross-References: CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for bind fixes the following security issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-13060=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-13060=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-13060=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13060=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13060=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-13060=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-13060=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13060=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-13060=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-32bit-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-32bit-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-32bit-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.44.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.44.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.44.1 bind-debugsource-9.9.6P1-0.44.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.44.1 bind-debugsource-9.9.6P1-0.44.1 References: https://www.suse.com/security/cve/CVE-2016-2775.html https://www.suse.com/security/cve/CVE-2016-6170.html https://www.suse.com/security/cve/CVE-2017-3136.html https://www.suse.com/security/cve/CVE-2017-3137.html https://www.suse.com/security/cve/CVE-2017-3138.html https://bugzilla.suse.com/1033466 https://bugzilla.suse.com/1033467 https://bugzilla.suse.com/1033468 https://bugzilla.suse.com/987866 https://bugzilla.suse.com/989528 From sle-updates at lists.suse.com Thu Apr 13 07:09:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:09:43 +0200 (CEST) Subject: SUSE-SU-2017:1003-1: Security update for gstreamer-0_10-plugins-base Message-ID: <20170413130943.2B85AFC60@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1003-1 Rating: low References: #1024076 #1024079 Cross-References: CVE-2017-5837 CVE-2017-5844 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-586=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-586=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-586=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-586=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-0_10-plugins-base-0.10.36-17.13 gstreamer-0_10-plugins-base-debuginfo-0.10.36-17.13 gstreamer-0_10-plugins-base-debugsource-0.10.36-17.13 libgstapp-0_10-0-0.10.36-17.13 libgstapp-0_10-0-debuginfo-0.10.36-17.13 libgstinterfaces-0_10-0-0.10.36-17.13 libgstinterfaces-0_10-0-debuginfo-0.10.36-17.13 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-17.13 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.36-17.13 gstreamer-0_10-plugins-base-debugsource-0.10.36-17.13 gstreamer-0_10-plugins-base-devel-0.10.36-17.13 typelib-1_0-GstApp-0_10-0.10.36-17.13 typelib-1_0-GstInterfaces-0_10-0.10.36-17.13 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-17.13 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-17.13 gstreamer-0_10-plugins-base-debugsource-0.10.36-17.13 libgstapp-0_10-0-32bit-0.10.36-17.13 libgstapp-0_10-0-debuginfo-32bit-0.10.36-17.13 libgstinterfaces-0_10-0-32bit-0.10.36-17.13 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-17.13 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-17.13 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-0_10-plugins-base-0.10.36-17.13 gstreamer-0_10-plugins-base-32bit-0.10.36-17.13 gstreamer-0_10-plugins-base-debuginfo-0.10.36-17.13 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-17.13 gstreamer-0_10-plugins-base-debugsource-0.10.36-17.13 libgstapp-0_10-0-0.10.36-17.13 libgstapp-0_10-0-32bit-0.10.36-17.13 libgstapp-0_10-0-debuginfo-0.10.36-17.13 libgstapp-0_10-0-debuginfo-32bit-0.10.36-17.13 libgstinterfaces-0_10-0-0.10.36-17.13 libgstinterfaces-0_10-0-32bit-0.10.36-17.13 libgstinterfaces-0_10-0-debuginfo-0.10.36-17.13 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-17.13 References: https://www.suse.com/security/cve/CVE-2017-5837.html https://www.suse.com/security/cve/CVE-2017-5844.html https://bugzilla.suse.com/1024076 https://bugzilla.suse.com/1024079 From sle-updates at lists.suse.com Thu Apr 13 07:10:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:10:17 +0200 (CEST) Subject: SUSE-SU-2017:1004-1: Security update for gstreamer-plugins-good Message-ID: <20170413131017.EECDFFC60@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1004-1 Rating: low References: #1024014 #1024017 #1024034 Cross-References: CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198) - A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199) - A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-588=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-588=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-good-1.2.4-2.9.1 gstreamer-plugins-good-debuginfo-1.2.4-2.9.1 gstreamer-plugins-good-debugsource-1.2.4-2.9.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-plugins-good-lang-1.2.4-2.9.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-plugins-good-lang-1.2.4-2.9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-plugins-good-1.2.4-2.9.1 gstreamer-plugins-good-debuginfo-1.2.4-2.9.1 gstreamer-plugins-good-debugsource-1.2.4-2.9.1 References: https://www.suse.com/security/cve/CVE-2016-10198.html https://www.suse.com/security/cve/CVE-2016-10199.html https://www.suse.com/security/cve/CVE-2017-5840.html https://bugzilla.suse.com/1024014 https://bugzilla.suse.com/1024017 https://bugzilla.suse.com/1024034 From sle-updates at lists.suse.com Thu Apr 13 07:12:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:12:40 +0200 (CEST) Subject: SUSE-SU-2017:1008-1: moderate: Security update for sblim-sfcb Message-ID: <20170413131240.41D15FC60@maintenance.suse.de> SUSE Security Update: Security update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1008-1 Rating: moderate References: #1008130 #1012814 #923349 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for sblim-sfcb fixes the following issues: Feature enhancements: - A seperate sblim-sfcb-openssl1 package was added to the SECURITY Module. (fate#322032/bsc#1012814) This package can be installed additionaly, and the SysV Init script will pick the openssl1 variant on the next start, offering TLS 1.2 support on the WBEM SSL socket. Bugfixes: - Add sslNoSSLv3 and sslNoTLSv1 configuration options (bsc#923349, bsc#1008130) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sblim-sfcb-13061=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-sblim-sfcb-13061=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sblim-sfcb-13061=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-1.3.11-0.28.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-openssl1-1.3.11-0.28.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-debuginfo-1.3.11-0.28.1 sblim-sfcb-debugsource-1.3.11-0.28.1 References: https://bugzilla.suse.com/1008130 https://bugzilla.suse.com/1012814 https://bugzilla.suse.com/923349 From sle-updates at lists.suse.com Thu Apr 13 07:13:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:13:47 +0200 (CEST) Subject: SUSE-SU-2017:1010-1: Security update for gstreamer-plugins-good Message-ID: <20170413131347.7C432FC60@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1010-1 Rating: low References: #1024014 #1024017 #1024030 #1024034 #1024062 Cross-References: CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198) - A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199) - A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840) - A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (bsc#1024030, CVE-2017-5841) - A crafted avi file could have caused an invalid read access resulting in denial of service (bsc#1024062, CVE-2017-5845) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-587=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-587=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-587=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-good-1.8.3-12.12 gstreamer-plugins-good-debuginfo-1.8.3-12.12 gstreamer-plugins-good-debugsource-1.8.3-12.12 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-12.12 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-good-1.8.3-12.12 gstreamer-plugins-good-debuginfo-1.8.3-12.12 gstreamer-plugins-good-debugsource-1.8.3-12.12 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-12.12 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-good-1.8.3-12.12 gstreamer-plugins-good-debuginfo-1.8.3-12.12 gstreamer-plugins-good-debugsource-1.8.3-12.12 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-12.12 References: https://www.suse.com/security/cve/CVE-2016-10198.html https://www.suse.com/security/cve/CVE-2016-10199.html https://www.suse.com/security/cve/CVE-2017-5840.html https://www.suse.com/security/cve/CVE-2017-5841.html https://www.suse.com/security/cve/CVE-2017-5845.html https://bugzilla.suse.com/1024014 https://bugzilla.suse.com/1024017 https://bugzilla.suse.com/1024030 https://bugzilla.suse.com/1024034 https://bugzilla.suse.com/1024062 From sle-updates at lists.suse.com Thu Apr 13 07:15:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:15:04 +0200 (CEST) Subject: SUSE-SU-2017:1012-1: Security update for gstreamer-0_10-plugins-base Message-ID: <20170413131504.57D3EFC60@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1012-1 Rating: low References: #1024076 #1024079 Cross-References: CVE-2017-5837 CVE-2017-5844 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-585=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-585=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-585=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-585=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gstreamer-0_10-plugins-base-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debuginfo-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debugsource-0.10.36-11.6.9 libgstapp-0_10-0-0.10.36-11.6.9 libgstapp-0_10-0-debuginfo-0.10.36-11.6.9 libgstinterfaces-0_10-0-0.10.36-11.6.9 libgstinterfaces-0_10-0-debuginfo-0.10.36-11.6.9 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-11.6.9 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debugsource-0.10.36-11.6.9 gstreamer-0_10-plugins-base-devel-0.10.36-11.6.9 typelib-1_0-GstApp-0_10-0.10.36-11.6.9 typelib-1_0-GstInterfaces-0_10-0.10.36-11.6.9 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-11.6.9 libgstapp-0_10-0-32bit-0.10.36-11.6.9 libgstapp-0_10-0-debuginfo-32bit-0.10.36-11.6.9 libgstinterfaces-0_10-0-32bit-0.10.36-11.6.9 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-11.6.9 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-0_10-plugins-base-0.10.36-11.6.9 gstreamer-0_10-plugins-base-32bit-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debuginfo-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debugsource-0.10.36-11.6.9 libgstapp-0_10-0-0.10.36-11.6.9 libgstapp-0_10-0-32bit-0.10.36-11.6.9 libgstapp-0_10-0-debuginfo-0.10.36-11.6.9 libgstapp-0_10-0-debuginfo-32bit-0.10.36-11.6.9 libgstinterfaces-0_10-0-0.10.36-11.6.9 libgstinterfaces-0_10-0-32bit-0.10.36-11.6.9 libgstinterfaces-0_10-0-debuginfo-0.10.36-11.6.9 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-11.6.9 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-11.6.9 References: https://www.suse.com/security/cve/CVE-2017-5837.html https://www.suse.com/security/cve/CVE-2017-5844.html https://bugzilla.suse.com/1024076 https://bugzilla.suse.com/1024079 From sle-updates at lists.suse.com Thu Apr 13 10:09:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 18:09:17 +0200 (CEST) Subject: SUSE-RU-2017:1013-1: moderate: Recommended update for libtool Message-ID: <20170413160917.E3E2AF7D1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1013-1 Rating: moderate References: #1010802 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtool prevents a segmentation fault caused by insufficient error handling on out-of-memory situations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libtool-13062=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libtool-13062=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libtool-13062=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libtool-2.2.6-2.133.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libtool-32bit-2.2.6-2.133.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libltdl7-2.2.6-2.133.1 libtool-2.2.6-2.133.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libltdl7-32bit-2.2.6-2.133.1 libtool-32bit-2.2.6-2.133.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libltdl7-x86-2.2.6-2.133.1 libtool-x86-2.2.6-2.133.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtool-debuginfo-2.2.6-2.133.1 libtool-debugsource-2.2.6-2.133.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libtool-debuginfo-32bit-2.2.6-2.133.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libtool-debuginfo-x86-2.2.6-2.133.1 References: https://bugzilla.suse.com/1010802 From sle-updates at lists.suse.com Thu Apr 13 10:09:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 18:09:45 +0200 (CEST) Subject: SUSE-RU-2017:1014-1: Recommended update for python-azure-sdk Message-ID: <20170413160945.6DD38FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1014-1 Rating: low References: #1014478 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds python-adal, python-msrest and python-msrestazure to the Public Cloud Module for SUSE Linux Enterprise Server 12. These packages are new requirements of python-azure-sdk. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-591=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-certifi-2015.9.6.2-2.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-adal-0.4.3-4.1 python-azure-sdk-2.0.0-13.1 python-chardet-2.3.0-2.1 python-isodate-0.5.4-11.1 python-msrest-0.4.4-4.2 python-msrestazure-0.4.5-4.2 python-requests-oauthlib-0.7.0-2.1 References: https://bugzilla.suse.com/1014478 From sle-updates at lists.suse.com Thu Apr 13 10:10:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 18:10:23 +0200 (CEST) Subject: SUSE-RU-2017:1015-1: moderate: Recommended update for libtool Message-ID: <20170413161023.36F10FC60@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1015-1 Rating: moderate References: #1010802 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtool prevents a segmentation fault caused by insufficient error handling on out-of-memory situations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-589=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-589=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-589=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-589=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-589=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-589=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-589=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libtool-2.4.2-16.1 libtool-debugsource-2.4.2-16.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtool-2.4.2-16.1 libtool-debugsource-2.4.2-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libltdl7-2.4.2-16.1 libltdl7-debuginfo-2.4.2-16.1 libtool-2.4.2-16.1 libtool-debugsource-2.4.2-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libltdl7-2.4.2-16.1 libltdl7-debuginfo-2.4.2-16.1 libtool-2.4.2-16.1 libtool-debugsource-2.4.2-16.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libltdl7-32bit-2.4.2-16.1 libltdl7-debuginfo-32bit-2.4.2-16.1 libtool-32bit-2.4.2-16.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libltdl7-2.4.2-16.1 libltdl7-debuginfo-2.4.2-16.1 libtool-2.4.2-16.1 libtool-debugsource-2.4.2-16.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libltdl7-32bit-2.4.2-16.1 libltdl7-debuginfo-32bit-2.4.2-16.1 libtool-32bit-2.4.2-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libltdl7-2.4.2-16.1 libltdl7-32bit-2.4.2-16.1 libltdl7-debuginfo-2.4.2-16.1 libltdl7-debuginfo-32bit-2.4.2-16.1 libtool-debugsource-2.4.2-16.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libltdl7-2.4.2-16.1 libltdl7-32bit-2.4.2-16.1 libltdl7-debuginfo-2.4.2-16.1 libltdl7-debuginfo-32bit-2.4.2-16.1 libtool-debugsource-2.4.2-16.1 References: https://bugzilla.suse.com/1010802 From sle-updates at lists.suse.com Thu Apr 13 13:09:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 21:09:29 +0200 (CEST) Subject: SUSE-RU-2017:1016-1: moderate: Recommended update for sapconf Message-ID: <20170413190929.53ABEFEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1016-1 Rating: moderate References: #1031073 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides sapconf 4.1.6, which fixes the following issues: - sapconf's sap-hana tuning profile incorrectly used "noop" IO scheduler on disk block devices, which is not explicitly recommended by either SUSE or SAP. Performance regression showed up during benchmark runs. Hence, the IO scheduler setting is removed from tuning profile, and left to be decided by end-user. (bsc#1031073) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-592=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): sapconf-4.1.6-18.6.1 References: https://bugzilla.suse.com/1031073 From sle-updates at lists.suse.com Thu Apr 13 13:09:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 21:09:56 +0200 (CEST) Subject: SUSE-RU-2017:1017-1: moderate: Recommended update for sapconf Message-ID: <20170413190956.95E17FEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1017-1 Rating: moderate References: #1031073 #1032516 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides sapconf 4.1.7, which provides the following fixes: - SAP HANA performs better with "force_latency=70" in its tuning profile, so the setting is now introduced to the profile. (bsc#1032516) - sapconf's sap-hana tuning profile incorrectly used "noop" IO scheduler on disk block devices, which is not explicitly recommended by either SUSE or SAP. Performance regression showed up during benchmark runs. Hence, the IO scheduler setting is removed from tuning profile, and left to be decided by end-user. (bsc#1031073) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-593=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-593=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): sapconf-4.1.7-31.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): sapconf-4.1.7-31.1 References: https://bugzilla.suse.com/1031073 https://bugzilla.suse.com/1032516 From sle-updates at lists.suse.com Thu Apr 13 13:10:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 21:10:32 +0200 (CEST) Subject: SUSE-RU-2017:1018-1: important: Recommended update for multipath-tools Message-ID: <20170413191032.3CE3AFEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1018-1 Rating: important References: #1027188 #1033541 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for multipath-tools fixes the following issues: A regression caused by a previous update that prevented kpartx from deleting partition mappings. (bsc#1033541) A segmentation fault in mpathpersist. (bsc#1027188) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-595=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-595=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-595=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-595=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-595=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): multipath-tools-debuginfo-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-debugsource-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-devel-0.6.2+suse20170412.35e16a42-71.8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kpartx-0.6.2+suse20170412.35e16a42-71.8.1 kpartx-debuginfo-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-debuginfo-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-debugsource-0.6.2+suse20170412.35e16a42-71.8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kpartx-0.6.2+suse20170412.35e16a42-71.8.1 kpartx-debuginfo-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-debuginfo-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-debugsource-0.6.2+suse20170412.35e16a42-71.8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kpartx-0.6.2+suse20170412.35e16a42-71.8.1 kpartx-debuginfo-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-debuginfo-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-debugsource-0.6.2+suse20170412.35e16a42-71.8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kpartx-0.6.2+suse20170412.35e16a42-71.8.1 kpartx-debuginfo-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-debuginfo-0.6.2+suse20170412.35e16a42-71.8.1 multipath-tools-debugsource-0.6.2+suse20170412.35e16a42-71.8.1 References: https://bugzilla.suse.com/1027188 https://bugzilla.suse.com/1033541 From sle-updates at lists.suse.com Thu Apr 13 13:11:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Apr 2017 21:11:08 +0200 (CEST) Subject: SUSE-RU-2017:1019-1: moderate: Recommended update for sap-installation-wizard Message-ID: <20170413191108.EFFCBFEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-installation-wizard ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1019-1 Rating: moderate References: #1004294 #1007507 #1010485 #1010523 #1012565 #1016602 #1030463 #1031106 #1031115 #997843 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for sap-installation-wizard fixes the following issues: - Prevent warning about non-existent xdg-desktop-icon during installation. (bsc#1031106) - Missing packages after porting to ppc64le. (bsc#1016602) - Error on ssh login after first reboot after installation. (bsc#1004294) - SAP installation wizard fails to install HANA. (bsc#1010523) - SAP HANA patterns do not install sap-installation-wizard. (bsc#1010485) - SAP HANA hdbinst script fails (libgomp.so not found). (bsc#1007507) - Fix TREX installation. (bsc#997843) - Do not require saptune on ppc64le systems. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2017-594=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): SLES_SAP-release-12.2-2.3 sap-installation-wizard-3.1.70-23.7.1 References: https://bugzilla.suse.com/1004294 https://bugzilla.suse.com/1007507 https://bugzilla.suse.com/1010485 https://bugzilla.suse.com/1010523 https://bugzilla.suse.com/1012565 https://bugzilla.suse.com/1016602 https://bugzilla.suse.com/1030463 https://bugzilla.suse.com/1031106 https://bugzilla.suse.com/1031115 https://bugzilla.suse.com/997843 From sle-updates at lists.suse.com Thu Apr 13 19:08:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2017 03:08:31 +0200 (CEST) Subject: SUSE-RU-2017:1020-1: Recommended update for patterns-ses Message-ID: <20170414010831.999FEF7D1@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1020-1 Rating: low References: #1016553 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds openattic-module-ceph to pattern ceph_openattic. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-596=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): patterns-ses-admin-1-5.1 patterns-ses-ceph_iscsi-1-5.1 patterns-ses-ceph_openattic-1-5.1 patterns-ses-ceph_server-1-5.1 References: https://bugzilla.suse.com/1016553 From sle-updates at lists.suse.com Mon Apr 17 19:08:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 03:08:41 +0200 (CEST) Subject: SUSE-RU-2017:1024-1: Recommended update for fence-agents Message-ID: <20170418010841.9C039FEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1024-1 Rating: low References: #1033857 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents introduces a new resource agent for the Microsoft Azure platform. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-599=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): fence-agents-4.0.22+git.1455008135.15c5e92-9.4.3 fence-agents-debuginfo-4.0.22+git.1455008135.15c5e92-9.4.3 fence-agents-debugsource-4.0.22+git.1455008135.15c5e92-9.4.3 References: https://bugzilla.suse.com/1033857 From sle-updates at lists.suse.com Mon Apr 17 19:09:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 03:09:07 +0200 (CEST) Subject: SUSE-RU-2017:1025-1: Recommended update for ruby-common, rubygem-gem2rpm Message-ID: <20170418010907.944FCFEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for ruby-common, rubygem-gem2rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1025-1 Rating: low References: #963710 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ruby-common, rubygem-gem2rpm fixes the following issues: ruby-common: - Since rubygems 2.5.0 the default version in the gem bin stub changed from '>= 0' to '>= 0.a'. This was done to allow pre-release versions. Our patching script didn't take the '.a' into account and generated version fields like '= 0.10.1.a' instead of the expected '= 0.10.1'. This fix accounts for the '.a'. Changes in rubygem-gem2rpm: - Fix 'gem2rpm --fetch': prefer https for accessing rubygems.org. (bsc#963710) - Add support for Ruby 2.3.0 and 2.4.0. - Add :post_patch hook to run commands before we rebuild the gem used by libv8. - Add support for rubinius 2.5 and remove support for 2.2. - No longer require the Ruby version inside the sub-package. With BuildRequires we already make sure that the package is only built if we find a recent enough ABI. Then the normal $interpreter(abi) requires generated by rpm is enough. - Move to new packaging templates by default. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-598=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-598=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-598=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-598=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-598=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-598=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ruby2.1-rubygem-gem2rpm-0.10.1-4.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): ruby-common-2.1-19.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ruby2.1-rubygem-gem2rpm-0.10.1-4.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): ruby-common-2.1-19.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ruby2.1-rubygem-gem2rpm-0.10.1-4.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): ruby-common-2.1-19.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ruby2.1-rubygem-gem2rpm-0.10.1-4.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): ruby-common-2.1-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ruby2.1-rubygem-gem2rpm-0.10.1-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): ruby-common-2.1-19.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): ruby2.1-rubygem-gem2rpm-0.10.1-4.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): ruby-common-2.1-19.1 References: https://bugzilla.suse.com/963710 From sle-updates at lists.suse.com Mon Apr 17 19:09:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 03:09:32 +0200 (CEST) Subject: SUSE-RU-2017:1026-1: Recommended update for fence-agents Message-ID: <20170418010932.914F9FEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1026-1 Rating: low References: #1033857 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents introduces a new resource agent for the Microsoft Azure platform. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-600=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): fence-agents-4.0.17-7.4.3 fence-agents-debuginfo-4.0.17-7.4.3 fence-agents-debugsource-4.0.17-7.4.3 References: https://bugzilla.suse.com/1033857 From sle-updates at lists.suse.com Mon Apr 17 22:09:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 06:09:36 +0200 (CEST) Subject: SUSE-SU-2017:1027-1: important: Security update for bind Message-ID: <20170418040936.DDAC9FEAD@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1027-1 Rating: important References: #1034162 Cross-References: CVE-2017-3137 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - A regression in the fix for CVE-2017-3137 caused an assert in name.c (bsc#1034162) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-13063=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-13063=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-13063=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13063=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13063=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-13063=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-13063=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13063=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-13063=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-32bit-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-32bit-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-32bit-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.47.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.47.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.47.1 bind-debugsource-9.9.6P1-0.47.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.47.1 bind-debugsource-9.9.6P1-0.47.1 References: https://www.suse.com/security/cve/CVE-2017-3137.html https://bugzilla.suse.com/1034162 From sle-updates at lists.suse.com Tue Apr 18 04:10:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 12:10:10 +0200 (CEST) Subject: SUSE-RU-2017:1029-1: moderate: Recommended update for sssd Message-ID: <20170418101010.E20CAFEAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1029-1 Rating: moderate References: #1009710 #1017070 #1024836 #983938 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - Resolve a performance regression in user login and fix several memory leaks. (bsc#1017070) - Introduce mandatory runtime requirement "cyrus-sasl-gssapi" to krb5-common sub-package. (bsc#1024836) - In addition to sudoRunAsUser and sudoRunAsGroup, fetch also sudoRunAs attribute from LDAP to be compatible with older versions of sudo. (bsc#1009710) - Remove invalid definition "After=syslog.target" from systemd service file. (bsc#983938) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-604=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-604=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-604=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libipa_hbac-devel-1.11.5.1-37.1 libsss_idmap-devel-1.11.5.1-37.1 libsss_nss_idmap-devel-1.11.5.1-37.1 libsss_nss_idmap0-1.11.5.1-37.1 libsss_nss_idmap0-debuginfo-1.11.5.1-37.1 sssd-debuginfo-1.11.5.1-37.1 sssd-debugsource-1.11.5.1-37.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libipa_hbac0-1.11.5.1-37.1 libipa_hbac0-debuginfo-1.11.5.1-37.1 libsss_idmap0-1.11.5.1-37.1 libsss_idmap0-debuginfo-1.11.5.1-37.1 libsss_sudo-1.11.5.1-37.1 libsss_sudo-debuginfo-1.11.5.1-37.1 python-sssd-config-1.11.5.1-37.1 python-sssd-config-debuginfo-1.11.5.1-37.1 sssd-1.11.5.1-37.1 sssd-ad-1.11.5.1-37.1 sssd-ad-debuginfo-1.11.5.1-37.1 sssd-debuginfo-1.11.5.1-37.1 sssd-debugsource-1.11.5.1-37.1 sssd-ipa-1.11.5.1-37.1 sssd-ipa-debuginfo-1.11.5.1-37.1 sssd-krb5-1.11.5.1-37.1 sssd-krb5-common-1.11.5.1-37.1 sssd-krb5-common-debuginfo-1.11.5.1-37.1 sssd-krb5-debuginfo-1.11.5.1-37.1 sssd-ldap-1.11.5.1-37.1 sssd-ldap-debuginfo-1.11.5.1-37.1 sssd-proxy-1.11.5.1-37.1 sssd-proxy-debuginfo-1.11.5.1-37.1 sssd-tools-1.11.5.1-37.1 sssd-tools-debuginfo-1.11.5.1-37.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): sssd-32bit-1.11.5.1-37.1 sssd-debuginfo-32bit-1.11.5.1-37.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libipa_hbac0-1.11.5.1-37.1 libipa_hbac0-debuginfo-1.11.5.1-37.1 libsss_idmap0-1.11.5.1-37.1 libsss_idmap0-debuginfo-1.11.5.1-37.1 libsss_sudo-1.11.5.1-37.1 libsss_sudo-debuginfo-1.11.5.1-37.1 python-sssd-config-1.11.5.1-37.1 python-sssd-config-debuginfo-1.11.5.1-37.1 sssd-1.11.5.1-37.1 sssd-32bit-1.11.5.1-37.1 sssd-ad-1.11.5.1-37.1 sssd-ad-debuginfo-1.11.5.1-37.1 sssd-debuginfo-1.11.5.1-37.1 sssd-debuginfo-32bit-1.11.5.1-37.1 sssd-debugsource-1.11.5.1-37.1 sssd-ipa-1.11.5.1-37.1 sssd-ipa-debuginfo-1.11.5.1-37.1 sssd-krb5-1.11.5.1-37.1 sssd-krb5-common-1.11.5.1-37.1 sssd-krb5-common-debuginfo-1.11.5.1-37.1 sssd-krb5-debuginfo-1.11.5.1-37.1 sssd-ldap-1.11.5.1-37.1 sssd-ldap-debuginfo-1.11.5.1-37.1 sssd-proxy-1.11.5.1-37.1 sssd-proxy-debuginfo-1.11.5.1-37.1 sssd-tools-1.11.5.1-37.1 sssd-tools-debuginfo-1.11.5.1-37.1 References: https://bugzilla.suse.com/1009710 https://bugzilla.suse.com/1017070 https://bugzilla.suse.com/1024836 https://bugzilla.suse.com/983938 From sle-updates at lists.suse.com Tue Apr 18 04:11:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 12:11:18 +0200 (CEST) Subject: SUSE-SU-2017:1030-1: moderate: Security update for libsndfile Message-ID: <20170418101118.C0C41FEAD@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1030-1 Rating: moderate References: #1033054 #1033914 #1033915 Cross-References: CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: - CVE-2017-7585,CVE-2017-7741,CVE-2017-7742: Some stack-based buffer overflows via a specially crafted FLAC file were fixed (error in the "flac_buffer_copy()" function) (bsc#1033054, bsc#1033914, bsc#1033915). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libsndfile-13064=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libsndfile-13064=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libsndfile-13064=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-devel-1.0.20-2.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-1.0.20-2.13.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsndfile-32bit-1.0.20-2.13.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsndfile-x86-1.0.20-2.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-debuginfo-1.0.20-2.13.1 libsndfile-debugsource-1.0.20-2.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libsndfile-debuginfo-32bit-1.0.20-2.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libsndfile-debuginfo-x86-1.0.20-2.13.1 References: https://www.suse.com/security/cve/CVE-2017-7585.html https://www.suse.com/security/cve/CVE-2017-7741.html https://www.suse.com/security/cve/CVE-2017-7742.html https://bugzilla.suse.com/1033054 https://bugzilla.suse.com/1033914 https://bugzilla.suse.com/1033915 From sle-updates at lists.suse.com Tue Apr 18 04:14:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 12:14:06 +0200 (CEST) Subject: SUSE-RU-2017:1036-1: Recommended update for ding-libs, sssd Message-ID: <20170418101406.1A050FEAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ding-libs, sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1036-1 Rating: low References: #1021441 #1024836 #1030473 #983938 #993582 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for ding-libs, sssd provides the following fixes: - Fix IO error triggered by processing non-ordinary GPO values such as remote registry settings. (bsc#1030473) - Introduce mandatory runtime requirement "cyrus-sasl-gssapi" to krb5-common sub-package. (bsc#1024836) - The IPA provider depends on AD provider's PAC executable. Add the dependency to the package. (bsc#1021441) - Remove invalid definition "After=syslog.target" from systemd service file. (bsc#983938) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-603=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-603=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-603=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-603=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libbasicobjects-devel-0.1.1-24.1 libcollection-devel-0.7.0-24.1 libdhash-devel-0.4.3-24.1 libini_config-devel-1.2.0-24.1 libipa_hbac-devel-1.13.4-33.2 libpath_utils-devel-0.2.1-24.1 libref_array-devel-0.1.5-24.1 libsss_idmap-devel-1.13.4-33.2 libsss_nss_idmap-devel-1.13.4-33.2 libsss_nss_idmap0-1.13.4-33.2 libsss_nss_idmap0-debuginfo-1.13.4-33.2 sssd-debuginfo-1.13.4-33.2 sssd-debugsource-1.13.4-33.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libbasicobjects0-0.1.1-24.1 libbasicobjects0-debuginfo-0.1.1-24.1 libcollection4-0.7.0-24.1 libcollection4-debuginfo-0.7.0-24.1 libdhash1-0.4.3-24.1 libdhash1-debuginfo-0.4.3-24.1 libini_config5-1.2.0-24.1 libini_config5-debuginfo-1.2.0-24.1 libipa_hbac0-1.13.4-33.2 libipa_hbac0-debuginfo-1.13.4-33.2 libpath_utils1-0.2.1-24.1 libpath_utils1-debuginfo-0.2.1-24.1 libref_array1-0.1.5-24.1 libref_array1-debuginfo-0.1.5-24.1 libsss_idmap0-1.13.4-33.2 libsss_idmap0-debuginfo-1.13.4-33.2 libsss_sudo-1.13.4-33.2 libsss_sudo-debuginfo-1.13.4-33.2 python-sssd-config-1.13.4-33.2 python-sssd-config-debuginfo-1.13.4-33.2 sssd-1.13.4-33.2 sssd-ad-1.13.4-33.2 sssd-ad-debuginfo-1.13.4-33.2 sssd-debuginfo-1.13.4-33.2 sssd-debugsource-1.13.4-33.2 sssd-ipa-1.13.4-33.2 sssd-ipa-debuginfo-1.13.4-33.2 sssd-krb5-1.13.4-33.2 sssd-krb5-common-1.13.4-33.2 sssd-krb5-common-debuginfo-1.13.4-33.2 sssd-krb5-debuginfo-1.13.4-33.2 sssd-ldap-1.13.4-33.2 sssd-ldap-debuginfo-1.13.4-33.2 sssd-proxy-1.13.4-33.2 sssd-proxy-debuginfo-1.13.4-33.2 sssd-tools-1.13.4-33.2 sssd-tools-debuginfo-1.13.4-33.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libbasicobjects0-0.1.1-24.1 libbasicobjects0-debuginfo-0.1.1-24.1 libcollection4-0.7.0-24.1 libcollection4-debuginfo-0.7.0-24.1 libdhash1-0.4.3-24.1 libdhash1-debuginfo-0.4.3-24.1 libini_config5-1.2.0-24.1 libini_config5-debuginfo-1.2.0-24.1 libipa_hbac0-1.13.4-33.2 libipa_hbac0-debuginfo-1.13.4-33.2 libpath_utils1-0.2.1-24.1 libpath_utils1-debuginfo-0.2.1-24.1 libref_array1-0.1.5-24.1 libref_array1-debuginfo-0.1.5-24.1 libsss_idmap0-1.13.4-33.2 libsss_idmap0-debuginfo-1.13.4-33.2 libsss_sudo-1.13.4-33.2 libsss_sudo-debuginfo-1.13.4-33.2 python-sssd-config-1.13.4-33.2 python-sssd-config-debuginfo-1.13.4-33.2 sssd-1.13.4-33.2 sssd-ad-1.13.4-33.2 sssd-ad-debuginfo-1.13.4-33.2 sssd-debuginfo-1.13.4-33.2 sssd-debugsource-1.13.4-33.2 sssd-ipa-1.13.4-33.2 sssd-ipa-debuginfo-1.13.4-33.2 sssd-krb5-1.13.4-33.2 sssd-krb5-common-1.13.4-33.2 sssd-krb5-common-debuginfo-1.13.4-33.2 sssd-krb5-debuginfo-1.13.4-33.2 sssd-ldap-1.13.4-33.2 sssd-ldap-debuginfo-1.13.4-33.2 sssd-proxy-1.13.4-33.2 sssd-proxy-debuginfo-1.13.4-33.2 sssd-tools-1.13.4-33.2 sssd-tools-debuginfo-1.13.4-33.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): sssd-32bit-1.13.4-33.2 sssd-debuginfo-32bit-1.13.4-33.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libbasicobjects0-0.1.1-24.1 libbasicobjects0-debuginfo-0.1.1-24.1 libcollection4-0.7.0-24.1 libcollection4-debuginfo-0.7.0-24.1 libdhash1-0.4.3-24.1 libdhash1-debuginfo-0.4.3-24.1 libini_config5-1.2.0-24.1 libini_config5-debuginfo-1.2.0-24.1 libipa_hbac0-1.13.4-33.2 libipa_hbac0-debuginfo-1.13.4-33.2 libpath_utils1-0.2.1-24.1 libpath_utils1-debuginfo-0.2.1-24.1 libref_array1-0.1.5-24.1 libref_array1-debuginfo-0.1.5-24.1 libsss_idmap0-1.13.4-33.2 libsss_idmap0-debuginfo-1.13.4-33.2 libsss_sudo-1.13.4-33.2 libsss_sudo-debuginfo-1.13.4-33.2 python-sssd-config-1.13.4-33.2 python-sssd-config-debuginfo-1.13.4-33.2 sssd-1.13.4-33.2 sssd-32bit-1.13.4-33.2 sssd-ad-1.13.4-33.2 sssd-ad-debuginfo-1.13.4-33.2 sssd-debuginfo-1.13.4-33.2 sssd-debuginfo-32bit-1.13.4-33.2 sssd-debugsource-1.13.4-33.2 sssd-ipa-1.13.4-33.2 sssd-ipa-debuginfo-1.13.4-33.2 sssd-krb5-1.13.4-33.2 sssd-krb5-common-1.13.4-33.2 sssd-krb5-common-debuginfo-1.13.4-33.2 sssd-krb5-debuginfo-1.13.4-33.2 sssd-ldap-1.13.4-33.2 sssd-ldap-debuginfo-1.13.4-33.2 sssd-proxy-1.13.4-33.2 sssd-proxy-debuginfo-1.13.4-33.2 sssd-tools-1.13.4-33.2 sssd-tools-debuginfo-1.13.4-33.2 References: https://bugzilla.suse.com/1021441 https://bugzilla.suse.com/1024836 https://bugzilla.suse.com/1030473 https://bugzilla.suse.com/983938 https://bugzilla.suse.com/993582 From sle-updates at lists.suse.com Tue Apr 18 07:08:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:08:42 +0200 (CEST) Subject: SUSE-SU-2017:1039-1: Security update for gstreamer-plugins-base Message-ID: <20170418130842.5DE5DFEAD@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1039-1 Rating: low References: #1024041 #1024047 #1024076 #1024079 Cross-References: CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gstreamer-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) - A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839) - A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-605=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-605=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-605=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-605=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-605=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debuginfo-32bit-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 libgstfft-1_0-0-32bit-1.8.3-12.11 libgstfft-1_0-0-debuginfo-32bit-1.8.3-12.11 typelib-1_0-GstAudio-1_0-1.8.3-12.11 typelib-1_0-GstPbutils-1_0-1.8.3-12.11 typelib-1_0-GstTag-1_0-1.8.3-12.11 typelib-1_0-GstVideo-1_0-1.8.3-12.11 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 gstreamer-plugins-base-devel-1.8.3-12.11 typelib-1_0-GstAllocators-1_0-1.8.3-12.11 typelib-1_0-GstApp-1_0-1.8.3-12.11 typelib-1_0-GstAudio-1_0-1.8.3-12.11 typelib-1_0-GstFft-1_0-1.8.3-12.11 typelib-1_0-GstPbutils-1_0-1.8.3-12.11 typelib-1_0-GstRtp-1_0-1.8.3-12.11 typelib-1_0-GstRtsp-1_0-1.8.3-12.11 typelib-1_0-GstSdp-1_0-1.8.3-12.11 typelib-1_0-GstTag-1_0-1.8.3-12.11 typelib-1_0-GstVideo-1_0-1.8.3-12.11 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-base-1.8.3-12.11 gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 libgstallocators-1_0-0-1.8.3-12.11 libgstallocators-1_0-0-debuginfo-1.8.3-12.11 libgstapp-1_0-0-1.8.3-12.11 libgstapp-1_0-0-debuginfo-1.8.3-12.11 libgstaudio-1_0-0-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-1.8.3-12.11 libgstfft-1_0-0-1.8.3-12.11 libgstfft-1_0-0-debuginfo-1.8.3-12.11 libgstpbutils-1_0-0-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-1.8.3-12.11 libgstriff-1_0-0-1.8.3-12.11 libgstriff-1_0-0-debuginfo-1.8.3-12.11 libgstrtp-1_0-0-1.8.3-12.11 libgstrtp-1_0-0-debuginfo-1.8.3-12.11 libgstrtsp-1_0-0-1.8.3-12.11 libgstrtsp-1_0-0-debuginfo-1.8.3-12.11 libgstsdp-1_0-0-1.8.3-12.11 libgstsdp-1_0-0-debuginfo-1.8.3-12.11 libgsttag-1_0-0-1.8.3-12.11 libgsttag-1_0-0-debuginfo-1.8.3-12.11 libgstvideo-1_0-0-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-1.8.3-12.11 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-12.11 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-base-1.8.3-12.11 gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 libgstallocators-1_0-0-1.8.3-12.11 libgstallocators-1_0-0-debuginfo-1.8.3-12.11 libgstapp-1_0-0-1.8.3-12.11 libgstapp-1_0-0-debuginfo-1.8.3-12.11 libgstaudio-1_0-0-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-1.8.3-12.11 libgstfft-1_0-0-1.8.3-12.11 libgstfft-1_0-0-debuginfo-1.8.3-12.11 libgstpbutils-1_0-0-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-1.8.3-12.11 libgstriff-1_0-0-1.8.3-12.11 libgstriff-1_0-0-debuginfo-1.8.3-12.11 libgstrtp-1_0-0-1.8.3-12.11 libgstrtp-1_0-0-debuginfo-1.8.3-12.11 libgstrtsp-1_0-0-1.8.3-12.11 libgstrtsp-1_0-0-debuginfo-1.8.3-12.11 libgstsdp-1_0-0-1.8.3-12.11 libgstsdp-1_0-0-debuginfo-1.8.3-12.11 libgsttag-1_0-0-1.8.3-12.11 libgsttag-1_0-0-debuginfo-1.8.3-12.11 libgstvideo-1_0-0-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-1.8.3-12.11 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gstreamer-plugins-base-debuginfo-32bit-1.8.3-12.11 libgstapp-1_0-0-32bit-1.8.3-12.11 libgstapp-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstaudio-1_0-0-32bit-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstpbutils-1_0-0-32bit-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-12.11 libgsttag-1_0-0-32bit-1.8.3-12.11 libgsttag-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstvideo-1_0-0-32bit-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-12.11 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-12.11 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-base-1.8.3-12.11 gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debuginfo-32bit-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 libgstallocators-1_0-0-1.8.3-12.11 libgstallocators-1_0-0-debuginfo-1.8.3-12.11 libgstapp-1_0-0-1.8.3-12.11 libgstapp-1_0-0-32bit-1.8.3-12.11 libgstapp-1_0-0-debuginfo-1.8.3-12.11 libgstapp-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstaudio-1_0-0-1.8.3-12.11 libgstaudio-1_0-0-32bit-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstfft-1_0-0-1.8.3-12.11 libgstfft-1_0-0-32bit-1.8.3-12.11 libgstfft-1_0-0-debuginfo-1.8.3-12.11 libgstfft-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstpbutils-1_0-0-1.8.3-12.11 libgstpbutils-1_0-0-32bit-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstriff-1_0-0-1.8.3-12.11 libgstriff-1_0-0-debuginfo-1.8.3-12.11 libgstrtp-1_0-0-1.8.3-12.11 libgstrtp-1_0-0-debuginfo-1.8.3-12.11 libgstrtsp-1_0-0-1.8.3-12.11 libgstrtsp-1_0-0-debuginfo-1.8.3-12.11 libgstsdp-1_0-0-1.8.3-12.11 libgstsdp-1_0-0-debuginfo-1.8.3-12.11 libgsttag-1_0-0-1.8.3-12.11 libgsttag-1_0-0-32bit-1.8.3-12.11 libgsttag-1_0-0-debuginfo-1.8.3-12.11 libgsttag-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstvideo-1_0-0-1.8.3-12.11 libgstvideo-1_0-0-32bit-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-12.11 typelib-1_0-GstAudio-1_0-1.8.3-12.11 typelib-1_0-GstPbutils-1_0-1.8.3-12.11 typelib-1_0-GstTag-1_0-1.8.3-12.11 typelib-1_0-GstVideo-1_0-1.8.3-12.11 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-12.11 References: https://www.suse.com/security/cve/CVE-2017-5837.html https://www.suse.com/security/cve/CVE-2017-5839.html https://www.suse.com/security/cve/CVE-2017-5842.html https://www.suse.com/security/cve/CVE-2017-5844.html https://bugzilla.suse.com/1024041 https://bugzilla.suse.com/1024047 https://bugzilla.suse.com/1024076 https://bugzilla.suse.com/1024079 From sle-updates at lists.suse.com Tue Apr 18 07:09:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:09:40 +0200 (CEST) Subject: SUSE-SU-2017:1040-1: moderate: Security update for libsndfile Message-ID: <20170418130940.2920AFEAD@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1040-1 Rating: moderate References: #1033053 #1033054 #1033914 #1033915 Cross-References: CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libsndfile fixes the following security issues: - CVE-2017-7586: A stack-based buffer overflow via a specially crafted FLAC file was fixed (error in the "header_read()" function) (bsc#1033053) - CVE-2017-7585,CVE-2017-7741, CVE-2017-7742: Several stack-based buffer overflows via a specially crafted FLAC file (error in the "flac_buffer_copy()" function) were fixed (bsc#1033054,bsc#1033915,bsc#1033914). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-607=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-607=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-607=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-607=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-607=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-607=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-607=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile-devel-1.0.25-28.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile-devel-1.0.25-28.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsndfile1-32bit-1.0.25-28.1 libsndfile1-debuginfo-32bit-1.0.25-28.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libsndfile1-32bit-1.0.25-28.1 libsndfile1-debuginfo-32bit-1.0.25-28.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-32bit-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 libsndfile1-debuginfo-32bit-1.0.25-28.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-32bit-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 libsndfile1-debuginfo-32bit-1.0.25-28.1 References: https://www.suse.com/security/cve/CVE-2017-7585.html https://www.suse.com/security/cve/CVE-2017-7586.html https://www.suse.com/security/cve/CVE-2017-7741.html https://www.suse.com/security/cve/CVE-2017-7742.html https://bugzilla.suse.com/1033053 https://bugzilla.suse.com/1033054 https://bugzilla.suse.com/1033914 https://bugzilla.suse.com/1033915 From sle-updates at lists.suse.com Tue Apr 18 07:10:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:10:34 +0200 (CEST) Subject: SUSE-SU-2017:1041-1: Security update for gstreamer-plugins-base Message-ID: <20170418131034.EC9B0FEAD@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1041-1 Rating: low References: #1024041 #1024047 #1024076 #1024079 Cross-References: CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gstreamer-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) - A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839) - A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-606=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-606=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-606=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-606=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-606=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gstreamer-plugins-base-debuginfo-1.2.4-2.6.8 gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.6.8 gstreamer-plugins-base-debugsource-1.2.4-2.6.8 libgstfft-1_0-0-32bit-1.2.4-2.6.8 libgstfft-1_0-0-debuginfo-32bit-1.2.4-2.6.8 typelib-1_0-GstAudio-1_0-1.2.4-2.6.8 typelib-1_0-GstPbutils-1_0-1.2.4-2.6.8 typelib-1_0-GstTag-1_0-1.2.4-2.6.8 typelib-1_0-GstVideo-1_0-1.2.4-2.6.8 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-GstRiff-1_0-1.2.4-2.6.8 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-base-debuginfo-1.2.4-2.6.8 gstreamer-plugins-base-debugsource-1.2.4-2.6.8 gstreamer-plugins-base-devel-1.2.4-2.6.8 typelib-1_0-GstAllocators-1_0-1.2.4-2.6.8 typelib-1_0-GstApp-1_0-1.2.4-2.6.8 typelib-1_0-GstAudio-1_0-1.2.4-2.6.8 typelib-1_0-GstFft-1_0-1.2.4-2.6.8 typelib-1_0-GstPbutils-1_0-1.2.4-2.6.8 typelib-1_0-GstRiff-1_0-1.2.4-2.6.8 typelib-1_0-GstRtp-1_0-1.2.4-2.6.8 typelib-1_0-GstRtsp-1_0-1.2.4-2.6.8 typelib-1_0-GstSdp-1_0-1.2.4-2.6.8 typelib-1_0-GstTag-1_0-1.2.4-2.6.8 typelib-1_0-GstVideo-1_0-1.2.4-2.6.8 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-base-1.2.4-2.6.8 gstreamer-plugins-base-debuginfo-1.2.4-2.6.8 gstreamer-plugins-base-debugsource-1.2.4-2.6.8 libgstallocators-1_0-0-1.2.4-2.6.8 libgstallocators-1_0-0-debuginfo-1.2.4-2.6.8 libgstapp-1_0-0-1.2.4-2.6.8 libgstapp-1_0-0-debuginfo-1.2.4-2.6.8 libgstaudio-1_0-0-1.2.4-2.6.8 libgstaudio-1_0-0-debuginfo-1.2.4-2.6.8 libgstfft-1_0-0-1.2.4-2.6.8 libgstfft-1_0-0-debuginfo-1.2.4-2.6.8 libgstpbutils-1_0-0-1.2.4-2.6.8 libgstpbutils-1_0-0-debuginfo-1.2.4-2.6.8 libgstriff-1_0-0-1.2.4-2.6.8 libgstriff-1_0-0-debuginfo-1.2.4-2.6.8 libgstrtp-1_0-0-1.2.4-2.6.8 libgstrtp-1_0-0-debuginfo-1.2.4-2.6.8 libgstrtsp-1_0-0-1.2.4-2.6.8 libgstrtsp-1_0-0-debuginfo-1.2.4-2.6.8 libgstsdp-1_0-0-1.2.4-2.6.8 libgstsdp-1_0-0-debuginfo-1.2.4-2.6.8 libgsttag-1_0-0-1.2.4-2.6.8 libgsttag-1_0-0-debuginfo-1.2.4-2.6.8 libgstvideo-1_0-0-1.2.4-2.6.8 libgstvideo-1_0-0-debuginfo-1.2.4-2.6.8 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.6.8 libgstapp-1_0-0-32bit-1.2.4-2.6.8 libgstapp-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstaudio-1_0-0-32bit-1.2.4-2.6.8 libgstaudio-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstpbutils-1_0-0-32bit-1.2.4-2.6.8 libgstpbutils-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgsttag-1_0-0-32bit-1.2.4-2.6.8 libgsttag-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstvideo-1_0-0-32bit-1.2.4-2.6.8 libgstvideo-1_0-0-debuginfo-32bit-1.2.4-2.6.8 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-plugins-base-lang-1.2.4-2.6.8 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-plugins-base-lang-1.2.4-2.6.8 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-plugins-base-1.2.4-2.6.8 gstreamer-plugins-base-debuginfo-1.2.4-2.6.8 gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.6.8 gstreamer-plugins-base-debugsource-1.2.4-2.6.8 libgstallocators-1_0-0-1.2.4-2.6.8 libgstallocators-1_0-0-debuginfo-1.2.4-2.6.8 libgstapp-1_0-0-1.2.4-2.6.8 libgstapp-1_0-0-32bit-1.2.4-2.6.8 libgstapp-1_0-0-debuginfo-1.2.4-2.6.8 libgstapp-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstaudio-1_0-0-1.2.4-2.6.8 libgstaudio-1_0-0-32bit-1.2.4-2.6.8 libgstaudio-1_0-0-debuginfo-1.2.4-2.6.8 libgstaudio-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstfft-1_0-0-1.2.4-2.6.8 libgstfft-1_0-0-32bit-1.2.4-2.6.8 libgstfft-1_0-0-debuginfo-1.2.4-2.6.8 libgstfft-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstpbutils-1_0-0-1.2.4-2.6.8 libgstpbutils-1_0-0-32bit-1.2.4-2.6.8 libgstpbutils-1_0-0-debuginfo-1.2.4-2.6.8 libgstpbutils-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstriff-1_0-0-1.2.4-2.6.8 libgstriff-1_0-0-debuginfo-1.2.4-2.6.8 libgstrtp-1_0-0-1.2.4-2.6.8 libgstrtp-1_0-0-debuginfo-1.2.4-2.6.8 libgstrtsp-1_0-0-1.2.4-2.6.8 libgstrtsp-1_0-0-debuginfo-1.2.4-2.6.8 libgstsdp-1_0-0-1.2.4-2.6.8 libgstsdp-1_0-0-debuginfo-1.2.4-2.6.8 libgsttag-1_0-0-1.2.4-2.6.8 libgsttag-1_0-0-32bit-1.2.4-2.6.8 libgsttag-1_0-0-debuginfo-1.2.4-2.6.8 libgsttag-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstvideo-1_0-0-1.2.4-2.6.8 libgstvideo-1_0-0-32bit-1.2.4-2.6.8 libgstvideo-1_0-0-debuginfo-1.2.4-2.6.8 libgstvideo-1_0-0-debuginfo-32bit-1.2.4-2.6.8 typelib-1_0-GstAudio-1_0-1.2.4-2.6.8 typelib-1_0-GstPbutils-1_0-1.2.4-2.6.8 typelib-1_0-GstTag-1_0-1.2.4-2.6.8 typelib-1_0-GstVideo-1_0-1.2.4-2.6.8 References: https://www.suse.com/security/cve/CVE-2017-5837.html https://www.suse.com/security/cve/CVE-2017-5839.html https://www.suse.com/security/cve/CVE-2017-5842.html https://www.suse.com/security/cve/CVE-2017-5844.html https://bugzilla.suse.com/1024041 https://bugzilla.suse.com/1024047 https://bugzilla.suse.com/1024076 https://bugzilla.suse.com/1024079 From sle-updates at lists.suse.com Tue Apr 18 07:11:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:11:34 +0200 (CEST) Subject: SUSE-SU-2017:1042-1: moderate: Security update for curl Message-ID: <20170418131134.A9745FEAD@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1042-1 Rating: moderate References: #1015332 #1027712 #1032309 Cross-References: CVE-2016-9586 CVE-2017-7407 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-609=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-609=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-609=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-609=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-609=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-609=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-609=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-609=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl-devel-7.37.0-36.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl-devel-7.37.0-36.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libcurl4-32bit-7.37.0-36.1 libcurl4-debuginfo-32bit-7.37.0-36.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcurl4-32bit-7.37.0-36.1 libcurl4-debuginfo-32bit-7.37.0-36.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-32bit-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-32bit-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-32bit-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-32bit-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 References: https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2017-7407.html https://bugzilla.suse.com/1015332 https://bugzilla.suse.com/1027712 https://bugzilla.suse.com/1032309 From sle-updates at lists.suse.com Tue Apr 18 07:12:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:12:23 +0200 (CEST) Subject: SUSE-SU-2017:1043-1: moderate: Security update for curl Message-ID: <20170418131223.AD355FEAD@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1043-1 Rating: moderate References: #1015332 #1032309 Cross-References: CVE-2016-9586 CVE-2017-7407 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-curl-13065=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-curl-13065=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-13065=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-13065=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.69.1 libcurl4-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libcurl4-x86-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.19.7-1.69.1 libcurl4-openssl1-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.19.7-1.69.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.69.1 curl-debugsource-7.19.7-1.69.1 References: https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2017-7407.html https://bugzilla.suse.com/1015332 https://bugzilla.suse.com/1032309 From sle-updates at lists.suse.com Tue Apr 18 07:12:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:12:59 +0200 (CEST) Subject: SUSE-SU-2017:1044-1: important: Security update for tiff Message-ID: <20170418131259.CCDE2FEAD@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1044-1 Rating: important References: #1031247 #1031249 #1031250 #1031254 #1031255 #1031262 #1031263 Cross-References: CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9 (bsc#1031247). - CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13 (bsc#1031249). - CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22 (bsc#1031250). - CVE-2016-10269: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2 (bsc#1031254). - CVE-2016-10268: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23 (bsc#1031255). - CVE-2016-10267: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8 (bsc#1031262). - CVE-2016-10266: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (bsc#1031263). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-610=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-610=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-610=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-610=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-610=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-610=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-610=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtiff-devel-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libtiff5-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libtiff5-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libtiff5-32bit-4.0.7-43.1 libtiff5-debuginfo-32bit-4.0.7-43.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtiff5-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtiff5-32bit-4.0.7-43.1 libtiff5-debuginfo-32bit-4.0.7-43.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libtiff5-32bit-4.0.7-43.1 libtiff5-4.0.7-43.1 libtiff5-debuginfo-32bit-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtiff5-32bit-4.0.7-43.1 libtiff5-4.0.7-43.1 libtiff5-debuginfo-32bit-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 References: https://www.suse.com/security/cve/CVE-2016-10266.html https://www.suse.com/security/cve/CVE-2016-10267.html https://www.suse.com/security/cve/CVE-2016-10268.html https://www.suse.com/security/cve/CVE-2016-10269.html https://www.suse.com/security/cve/CVE-2016-10270.html https://www.suse.com/security/cve/CVE-2016-10271.html https://www.suse.com/security/cve/CVE-2016-10272.html https://bugzilla.suse.com/1031247 https://bugzilla.suse.com/1031249 https://bugzilla.suse.com/1031250 https://bugzilla.suse.com/1031254 https://bugzilla.suse.com/1031255 https://bugzilla.suse.com/1031262 https://bugzilla.suse.com/1031263 From sle-updates at lists.suse.com Tue Apr 18 13:08:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 21:08:55 +0200 (CEST) Subject: SUSE-SU-2017:1047-1: moderate: Security update for ntp Message-ID: <20170418190855.9FC48FEAE@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1047-1 Rating: moderate References: #1014172 #1030050 Cross-References: CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-612=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-612=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): ntp-4.2.8p10-46.23.1 ntp-debuginfo-4.2.8p10-46.23.1 ntp-debugsource-4.2.8p10-46.23.1 ntp-doc-4.2.8p10-46.23.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ntp-4.2.8p10-46.23.1 ntp-debuginfo-4.2.8p10-46.23.1 ntp-debugsource-4.2.8p10-46.23.1 ntp-doc-4.2.8p10-46.23.1 References: https://www.suse.com/security/cve/CVE-2016-9042.html https://www.suse.com/security/cve/CVE-2017-6451.html https://www.suse.com/security/cve/CVE-2017-6458.html https://www.suse.com/security/cve/CVE-2017-6460.html https://www.suse.com/security/cve/CVE-2017-6462.html https://www.suse.com/security/cve/CVE-2017-6463.html https://www.suse.com/security/cve/CVE-2017-6464.html https://bugzilla.suse.com/1014172 https://bugzilla.suse.com/1030050 From sle-updates at lists.suse.com Tue Apr 18 13:09:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 21:09:33 +0200 (CEST) Subject: SUSE-SU-2017:1048-1: moderate: Security update for ntp Message-ID: <20170418190933.C73DDFEAE@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1048-1 Rating: moderate References: #1014172 #1030050 Cross-References: CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-611=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-611=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-611=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-611=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-611=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 References: https://www.suse.com/security/cve/CVE-2016-9042.html https://www.suse.com/security/cve/CVE-2017-6451.html https://www.suse.com/security/cve/CVE-2017-6458.html https://www.suse.com/security/cve/CVE-2017-6460.html https://www.suse.com/security/cve/CVE-2017-6462.html https://www.suse.com/security/cve/CVE-2017-6463.html https://www.suse.com/security/cve/CVE-2017-6464.html https://bugzilla.suse.com/1014172 https://bugzilla.suse.com/1030050 From sle-updates at lists.suse.com Tue Apr 18 13:11:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2017 21:11:31 +0200 (CEST) Subject: SUSE-SU-2017:1052-1: moderate: Security update for ntp Message-ID: <20170418191131.911FDFEAE@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1052-1 Rating: moderate References: #1014172 #1030050 #1031085 Cross-References: CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This ntp update to version 4.2.8p10 fixes the following issues: Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - Fixing ppc and ppc64 linker issue (bsc#1031085). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-13066=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-13066=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p10-63.1 ntp-doc-4.2.8p10-63.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p10-63.1 ntp-debugsource-4.2.8p10-63.1 References: https://www.suse.com/security/cve/CVE-2016-9042.html https://www.suse.com/security/cve/CVE-2017-6451.html https://www.suse.com/security/cve/CVE-2017-6458.html https://www.suse.com/security/cve/CVE-2017-6460.html https://www.suse.com/security/cve/CVE-2017-6462.html https://www.suse.com/security/cve/CVE-2017-6463.html https://www.suse.com/security/cve/CVE-2017-6464.html https://bugzilla.suse.com/1014172 https://bugzilla.suse.com/1030050 https://bugzilla.suse.com/1031085 From sle-updates at lists.suse.com Wed Apr 19 04:09:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 12:09:05 +0200 (CEST) Subject: SUSE-RU-2017:1055-1: Recommended update for tomcat Message-ID: <20170419100905.4630CFEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1055-1 Rating: low References: #1022034 #1023412 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tomcat provides the following fixes: - Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bsc#1023412) - Fix jasper init failure with SecurityManager (bsc#1022034) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-614=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-614=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): tomcat-8.0.36-20.7 tomcat-admin-webapps-8.0.36-20.7 tomcat-docs-webapp-8.0.36-20.7 tomcat-el-3_0-api-8.0.36-20.7 tomcat-javadoc-8.0.36-20.7 tomcat-jsp-2_3-api-8.0.36-20.7 tomcat-lib-8.0.36-20.7 tomcat-servlet-3_1-api-8.0.36-20.7 tomcat-webapps-8.0.36-20.7 - SUSE Linux Enterprise Server 12-SP2 (noarch): tomcat-8.0.36-20.7 tomcat-admin-webapps-8.0.36-20.7 tomcat-docs-webapp-8.0.36-20.7 tomcat-el-3_0-api-8.0.36-20.7 tomcat-javadoc-8.0.36-20.7 tomcat-jsp-2_3-api-8.0.36-20.7 tomcat-lib-8.0.36-20.7 tomcat-servlet-3_1-api-8.0.36-20.7 tomcat-webapps-8.0.36-20.7 References: https://bugzilla.suse.com/1022034 https://bugzilla.suse.com/1023412 From sle-updates at lists.suse.com Wed Apr 19 04:09:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 12:09:42 +0200 (CEST) Subject: SUSE-RU-2017:1056-1: Recommended update for s390-tools Message-ID: <20170419100942.04DFBFEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1056-1 Rating: low References: #1023022 #1028105 #965263 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for s390-tools provides the following fixes: - Fix cio_ignore boot order dependencies to avoid boot failure in some special configurations. (bsc#965263) - Allow to specify devices with ssid greater than 2 in lscss. (bsc#1023022) - Fix detection of the STHYI instruction on z/VM 6.2. (bsc#1028105) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-616=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (s390x): qclib-devel-1.2.0-8.2 qclib-devel-debuginfo-1.2.0-8.2 qclib-devel-debugsource-1.2.0-8.2 References: https://bugzilla.suse.com/1023022 https://bugzilla.suse.com/1028105 https://bugzilla.suse.com/965263 From sle-updates at lists.suse.com Wed Apr 19 04:10:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 12:10:37 +0200 (CEST) Subject: SUSE-RU-2017:1057-1: Recommended update for yast2-kdump Message-ID: <20170419101037.2F52BFEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1057-1 Rating: low References: #1014136 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-kdump provides the following fix: - Fix dumping kernel with Xen hypervisor (bsc#1014136) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-615=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-615=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-615=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-kdump-3.1.43-11.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-kdump-3.1.43-11.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-kdump-3.1.43-11.3.1 References: https://bugzilla.suse.com/1014136 From sle-updates at lists.suse.com Wed Apr 19 07:06:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 15:06:51 +0200 (CEST) Subject: SUSE-SU-2017:1058-1: important: Security update for xen Message-ID: <20170419130651.79B17FEAE@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1058-1 Rating: important References: #1027570 #1028235 #1030442 Cross-References: CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following security issues: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-xen-13067=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-xen-13067=1 - SUSE Manager 2.1: zypper in -t patch sleman21-xen-13067=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13067=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13067=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-13067=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): xen-4.2.5_21-38.1 xen-doc-html-4.2.5_21-38.1 xen-doc-pdf-4.2.5_21-38.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-32bit-4.2.5_21-38.1 xen-libs-4.2.5_21-38.1 xen-tools-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Manager Proxy 2.1 (x86_64): xen-4.2.5_21-38.1 xen-doc-html-4.2.5_21-38.1 xen-doc-pdf-4.2.5_21-38.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-32bit-4.2.5_21-38.1 xen-libs-4.2.5_21-38.1 xen-tools-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Manager 2.1 (x86_64): xen-4.2.5_21-38.1 xen-doc-html-4.2.5_21-38.1 xen-doc-pdf-4.2.5_21-38.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-32bit-4.2.5_21-38.1 xen-libs-4.2.5_21-38.1 xen-tools-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-38.1 xen-doc-html-4.2.5_21-38.1 xen-doc-pdf-4.2.5_21-38.1 xen-libs-32bit-4.2.5_21-38.1 xen-tools-4.2.5_21-38.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-38.1 xen-debugsource-4.2.5_21-38.1 References: https://www.suse.com/security/cve/CVE-2017-6414.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7228.html https://bugzilla.suse.com/1027570 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1030442 From sle-updates at lists.suse.com Wed Apr 19 10:09:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 18:09:30 +0200 (CEST) Subject: SUSE-SU-2017:1059-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1 Message-ID: <20170419160930.DFE53FEAE@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1059-1 Rating: important References: #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-618=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_35-default-2-2.1 kgraft-patch-3_12_69-60_64_35-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Wed Apr 19 10:10:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 18:10:16 +0200 (CEST) Subject: SUSE-SU-2017:1060-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 Message-ID: <20170419161016.83A9CFEAE@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1060-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-619=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Wed Apr 19 10:11:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 18:11:08 +0200 (CEST) Subject: SUSE-OU-2017:1061-1: Initial release of rear118a Message-ID: <20170419161108.A34B8FEAE@maintenance.suse.de> SUSE Optional Update: Initial release of rear118a ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1061-1 Rating: low References: #1032363 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: ReaR 1.18 was added to the High Availability Extension for SUSE Linux Enterprise Server 12 SP2 on the ppc64le architecture. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-620=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le x86_64): rear118a-1.18.a-8.3 - SUSE Linux Enterprise High Availability 12-SP2 (noarch): yast2-rear-3.1.2-4.2.2 References: https://bugzilla.suse.com/1032363 From sle-updates at lists.suse.com Wed Apr 19 13:08:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 21:08:58 +0200 (CEST) Subject: SUSE-SU-2017:1062-1: moderate: Security update for python-oslo.middleware Message-ID: <20170419190858.06120FEAE@maintenance.suse.de> SUSE Security Update: Security update for python-oslo.middleware ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1062-1 Rating: moderate References: #1022043 Cross-References: CVE-2017-2592 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-oslo.middleware fixes the following issues: Security issue fixed: - CVE-2017-2592: Using the CatchError class may include sensitive values in the error message accompanying a Traceback, resulting in their disclosure (bsc#1022043). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-622=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-oslo.middleware-3.19.0-3.1 References: https://www.suse.com/security/cve/CVE-2017-2592.html https://bugzilla.suse.com/1022043 From sle-updates at lists.suse.com Wed Apr 19 13:10:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 21:10:40 +0200 (CEST) Subject: SUSE-SU-2017:1064-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20170419191040.4EA48FEAE@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1064-1 Rating: important References: #1030467 #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). - bsc#1030467: Updated Dirty COW fix. The former patch caused some apps to freeze in rare circumstances Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-621=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-10-2.1 kgraft-patch-3_12_59-60_41-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030467 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Wed Apr 19 13:11:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2017 21:11:48 +0200 (CEST) Subject: SUSE-SU-2017:1065-1: moderate: Security update for libsamplerate Message-ID: <20170419191148.643CBFEAE@maintenance.suse.de> SUSE Security Update: Security update for libsamplerate ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1065-1 Rating: moderate References: #1033564 Cross-References: CVE-2017-7697 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libsamplerate fixes the following issues: - CVE-2017-7697: Fixed a buffer overflow in calc_output_single. (bsc#1033564) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libsamplerate-13068=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libsamplerate-13068=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libsamplerate-13068=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsamplerate-devel-0.1.4-3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsamplerate-0.1.4-3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsamplerate-32bit-0.1.4-3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsamplerate-x86-0.1.4-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsamplerate-debuginfo-0.1.4-3.1 libsamplerate-debugsource-0.1.4-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libsamplerate-debuginfo-32bit-0.1.4-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libsamplerate-debuginfo-x86-0.1.4-3.1 References: https://www.suse.com/security/cve/CVE-2017-7697.html https://bugzilla.suse.com/1033564 From sle-updates at lists.suse.com Thu Apr 20 04:08:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2017 12:08:56 +0200 (CEST) Subject: SUSE-SU-2017:1067-1: important: Security update for ruby2.1 Message-ID: <20170420100856.D7704FEAE@maintenance.suse.de> SUSE Security Update: Security update for ruby2.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1067-1 Rating: important References: #1014863 #1018808 #887877 #909695 #926974 #936032 #959495 #986630 Cross-References: CVE-2014-4975 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695) - Ruby:HTTP Header injection in 'net/http' (bsc#986630) ChangeLog: - http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-624=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-624=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-624=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-624=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-624=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-624=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-624=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-624=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-devel-2.1.9-15.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-devel-2.1.9-15.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 References: https://www.suse.com/security/cve/CVE-2014-4975.html https://www.suse.com/security/cve/CVE-2015-1855.html https://www.suse.com/security/cve/CVE-2015-3900.html https://www.suse.com/security/cve/CVE-2015-7551.html https://www.suse.com/security/cve/CVE-2016-2339.html https://bugzilla.suse.com/1014863 https://bugzilla.suse.com/1018808 https://bugzilla.suse.com/887877 https://bugzilla.suse.com/909695 https://bugzilla.suse.com/926974 https://bugzilla.suse.com/936032 https://bugzilla.suse.com/959495 https://bugzilla.suse.com/986630 From sle-updates at lists.suse.com Thu Apr 20 07:09:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2017 15:09:53 +0200 (CEST) Subject: SUSE-RU-2017:1070-1: Recommended update for tomcat Message-ID: <20170420130953.6D05BFEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1070-1 Rating: low References: #1022034 #1023412 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tomcat fixes the following issues: - File conflicts when upgrading from SLES 12 to SLES 12 SP1 (bsc#1023412) - Jasper init failure with SecurityManager (bsc#1022034) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-625=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): tomcat-8.0.32-10.16.19 tomcat-admin-webapps-8.0.32-10.16.19 tomcat-docs-webapp-8.0.32-10.16.19 tomcat-el-3_0-api-8.0.32-10.16.19 tomcat-javadoc-8.0.32-10.16.19 tomcat-jsp-2_3-api-8.0.32-10.16.19 tomcat-lib-8.0.32-10.16.19 tomcat-servlet-3_1-api-8.0.32-10.16.19 tomcat-webapps-8.0.32-10.16.19 References: https://bugzilla.suse.com/1022034 https://bugzilla.suse.com/1023412 From sle-updates at lists.suse.com Thu Apr 20 13:08:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2017 21:08:53 +0200 (CEST) Subject: SUSE-SU-2017:1080-1: important: Security update for xen Message-ID: <20170420190853.DB747FEAE@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1080-1 Rating: important References: #1022555 #1026636 #1027519 #1027570 #1028235 #1028655 #1029827 #1030144 #1030442 Cross-References: CVE-2016-9603 CVE-2017-2633 CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636). - CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655). These non-security issues were fixed: - bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add" - bsc#1029827: Forward port xenstored Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-626=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-626=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): xen-4.4.4_16-22.36.1 xen-debugsource-4.4.4_16-22.36.1 xen-doc-html-4.4.4_16-22.36.1 xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1 xen-kmp-default-debuginfo-4.4.4_16_k3.12.61_52.69-22.36.1 xen-libs-32bit-4.4.4_16-22.36.1 xen-libs-4.4.4_16-22.36.1 xen-libs-debuginfo-32bit-4.4.4_16-22.36.1 xen-libs-debuginfo-4.4.4_16-22.36.1 xen-tools-4.4.4_16-22.36.1 xen-tools-debuginfo-4.4.4_16-22.36.1 xen-tools-domU-4.4.4_16-22.36.1 xen-tools-domU-debuginfo-4.4.4_16-22.36.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_16-22.36.1 xen-debugsource-4.4.4_16-22.36.1 xen-doc-html-4.4.4_16-22.36.1 xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1 xen-kmp-default-debuginfo-4.4.4_16_k3.12.61_52.69-22.36.1 xen-libs-32bit-4.4.4_16-22.36.1 xen-libs-4.4.4_16-22.36.1 xen-libs-debuginfo-32bit-4.4.4_16-22.36.1 xen-libs-debuginfo-4.4.4_16-22.36.1 xen-tools-4.4.4_16-22.36.1 xen-tools-debuginfo-4.4.4_16-22.36.1 xen-tools-domU-4.4.4_16-22.36.1 xen-tools-domU-debuginfo-4.4.4_16-22.36.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-2633.html https://www.suse.com/security/cve/CVE-2017-6414.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7228.html https://bugzilla.suse.com/1022555 https://bugzilla.suse.com/1026636 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1027570 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1030442 From sle-updates at lists.suse.com Thu Apr 20 13:11:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2017 21:11:08 +0200 (CEST) Subject: SUSE-SU-2017:1081-1: important: Security update for xen Message-ID: <20170420191108.64711F7C0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1081-1 Rating: important References: #1022555 #1026636 #1027519 #1027570 #1028235 #1028655 #1029827 #1030144 #1030442 Cross-References: CVE-2016-9603 CVE-2017-2633 CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). - CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636). These non-security issues were fixed: - bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add" - bsc#1029827: Forward port xenstored Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13069=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13069=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13069=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_16-54.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_16_3.0.101_97-54.1 xen-libs-4.4.4_16-54.1 xen-tools-domU-4.4.4_16-54.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_16-54.1 xen-doc-html-4.4.4_16-54.1 xen-libs-32bit-4.4.4_16-54.1 xen-tools-4.4.4_16-54.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_16_3.0.101_97-54.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_16-54.1 xen-debugsource-4.4.4_16-54.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-2633.html https://www.suse.com/security/cve/CVE-2017-6414.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7228.html https://bugzilla.suse.com/1022555 https://bugzilla.suse.com/1026636 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1027570 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1030442 From sle-updates at lists.suse.com Thu Apr 20 16:08:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2017 00:08:33 +0200 (CEST) Subject: SUSE-RU-2017:1082-1: Recommended update for mkinitrd Message-ID: <20170420220833.4B9C2FEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1082-1 Rating: low References: #1006705 #1027452 #926440 #958722 #968863 #995634 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for mkinitrd fixes the following issues: - Prevent false error messages from setup-network.sh when optional configuration files don't exist in the system. (bsc#1027452) - Explicitly load usb modules in single user mode. (bsc#1006705) - Only copy /etc/group to the initrd and do not call getent. (bsc#995634) - Clear the GREP_OPTIONS variable. (bsc#968863) - Do not run fsck if fastboot is given on the kernel command line. (bsc#958722) - Include only required SCSI modules. (bsc#926440) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mkinitrd-13070=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mkinitrd-13070=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-105.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mkinitrd-debuginfo-2.4.2-105.1 mkinitrd-debugsource-2.4.2-105.1 References: https://bugzilla.suse.com/1006705 https://bugzilla.suse.com/1027452 https://bugzilla.suse.com/926440 https://bugzilla.suse.com/958722 https://bugzilla.suse.com/968863 https://bugzilla.suse.com/995634 From sle-updates at lists.suse.com Fri Apr 21 07:09:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2017 15:09:01 +0200 (CEST) Subject: SUSE-RU-2017:1083-1: moderate: Recommended update for yast2, yast2-http-server Message-ID: <20170421130901.2A8FCFEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2, yast2-http-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1083-1 Rating: moderate References: #1012047 #1017716 #1027582 #1028721 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2 and yast2-http-server provides the following fixes: yast2: - Ensure plain text release notes are shown properly in RichText mode. (bsc#1028721) - UnitFileState will be used for evaluating enable state of services. If it has an invalid value "systemctl is-enabled" has to be called instead. (bsc#1012047) - Do not cache ifcfg files with empty device name part (ifcfg-). Such file cannot be mapped to any existing device and providing empty device name could lead to crashes in other parts of YaST. (bsc#1017716) yast2-http-server: - Create a backup of the vhost configuration files to be potentially merged during execution. (bsc#1027582) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-629=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-629=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-629=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-3.1.215-37.14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-http-server-3.1.8-6.3.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-3.1.215-37.14.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-http-server-3.1.8-6.3.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-3.1.215-37.14.1 References: https://bugzilla.suse.com/1012047 https://bugzilla.suse.com/1017716 https://bugzilla.suse.com/1027582 https://bugzilla.suse.com/1028721 From sle-updates at lists.suse.com Fri Apr 21 10:09:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2017 18:09:48 +0200 (CEST) Subject: SUSE-RU-2017:1089-1: Recommended update for cloud-regionsrv-client Message-ID: <20170421160948.CAF8CFEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1089-1 Rating: low References: #1029162 #1034691 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client provides version 7.0.5 and brings the following fixes and improvements: - Fix argument mismatch to resolve an issue with re-registration and SMT failover. (bsc#1034691) - Implement plugins for EC2 and Azure to provide region hint in preparation of IPv6 support. (FATE#323081, bsc#1029162) The following new sub-packages have been added to the Public Cloud Module 12: - cloud-region-srv-client-plugin-ec2 - cloud-region-srv-client-plugin-azure Additionally, python-dnspython has been added to the Public Cloud Module 12 on aarch64. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-631=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-7.0.5-51.1 cloud-regionsrv-client-generic-config-1.0.0-51.1 cloud-regionsrv-client-plugin-azure-1.0.0-51.1 cloud-regionsrv-client-plugin-ec2-1.0.0-51.1 cloud-regionsrv-client-plugin-gce-1.0.0-51.1 python-dnspython-1.12.0-8.1 References: https://bugzilla.suse.com/1029162 https://bugzilla.suse.com/1034691 From sle-updates at lists.suse.com Fri Apr 21 10:10:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2017 18:10:23 +0200 (CEST) Subject: SUSE-RU-2017:1090-1: Recommended update for python-susepubliccloudinfo Message-ID: <20170421161023.32D00FEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1090-1 Rating: low References: #1034497 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-susepubliccloudinfo provides version 0.4.0 and brings the following fixes and improvements: - Add type filter for servers to distinguish between the SLES infrastructure servers (type='smt-sles') and the SLES for SAP infrastructure servers (type='smt-sap'). - Remove HP Helion support. (bsc#1034497) - Fix exception when the service pack command line option was used. - Show an error message instead of traceback on connection error. - Error messages should write to stderr by default. - Added regex and invert substring filters. - Pretty print the output. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-python-susepubliccloudinfo-13072=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): python-susepubliccloudinfo-0.4.0-8.1 References: https://bugzilla.suse.com/1034497 From sle-updates at lists.suse.com Fri Apr 21 10:10:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2017 18:10:51 +0200 (CEST) Subject: SUSE-RU-2017:1091-1: Recommended update for crash Message-ID: <20170421161051.98BB8FEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1091-1 Rating: low References: #1022962 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash provides the following fixes: - Fix analyzing fadump (and qemu) dumps on PPC64 systems with 32TB of memory. (bsc#1022962) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-633=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-633=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-633=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.1.5-14.4 crash-debugsource-7.1.5-14.4 crash-devel-7.1.5-14.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): crash-7.1.5-14.4 crash-debuginfo-7.1.5-14.4 crash-debugsource-7.1.5-14.4 crash-kmp-default-7.1.5_k4.4.49_92.11-14.4 crash-kmp-default-debuginfo-7.1.5_k4.4.49_92.11-14.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): crash-7.1.5-14.4 crash-debuginfo-7.1.5-14.4 crash-debugsource-7.1.5-14.4 crash-kmp-default-7.1.5_k4.4.49_92.11-14.4 crash-kmp-default-debuginfo-7.1.5_k4.4.49_92.11-14.4 References: https://bugzilla.suse.com/1022962 From sle-updates at lists.suse.com Fri Apr 21 13:08:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2017 21:08:48 +0200 (CEST) Subject: SUSE-SU-2017:1092-1: moderate: Security update for minicom Message-ID: <20170421190848.BDDD4FEAE@maintenance.suse.de> SUSE Security Update: Security update for minicom ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1092-1 Rating: moderate References: #1033783 Cross-References: CVE-2017-7467 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for minicom fixes the following issue: This security issue was fixed: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-634=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-634=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-634=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-634=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-634=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 References: https://www.suse.com/security/cve/CVE-2017-7467.html https://bugzilla.suse.com/1033783 From sle-updates at lists.suse.com Sat Apr 22 07:08:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2017 15:08:27 +0200 (CEST) Subject: SUSE-SU-2017:1093-1: moderate: Security update for tigervnc Message-ID: <20170422130827.D5A55FEAE@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1093-1 Rating: moderate References: #1031875 #1031877 #1031879 #1031886 #1032880 Cross-References: CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tigervnc provides the several fixes. These security issues were fixed: - CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886) - CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877) - CVE-2017-7394: Client can crash or block VNC server (bsc#1031879) - CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875) - Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-636=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-636=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): tigervnc-1.4.3-24.1 tigervnc-debuginfo-1.4.3-24.1 tigervnc-debugsource-1.4.3-24.1 xorg-x11-Xvnc-1.4.3-24.1 xorg-x11-Xvnc-debuginfo-1.4.3-24.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): tigervnc-1.4.3-24.1 tigervnc-debuginfo-1.4.3-24.1 tigervnc-debugsource-1.4.3-24.1 xorg-x11-Xvnc-1.4.3-24.1 xorg-x11-Xvnc-debuginfo-1.4.3-24.1 References: https://www.suse.com/security/cve/CVE-2017-7392.html https://www.suse.com/security/cve/CVE-2017-7393.html https://www.suse.com/security/cve/CVE-2017-7394.html https://www.suse.com/security/cve/CVE-2017-7395.html https://www.suse.com/security/cve/CVE-2017-7396.html https://bugzilla.suse.com/1031875 https://bugzilla.suse.com/1031877 https://bugzilla.suse.com/1031879 https://bugzilla.suse.com/1031886 https://bugzilla.suse.com/1032880 From sle-updates at lists.suse.com Sat Apr 22 07:09:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2017 15:09:32 +0200 (CEST) Subject: SUSE-SU-2017:1094-1: moderate: Security update for tigervnc Message-ID: <20170422130932.1F1FEFEAE@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1094-1 Rating: moderate References: #1024929 #1026833 #1031045 #1031875 #1031877 #1031879 #1031886 #1032272 #1032880 Cross-References: CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update for tigervnc provides the several fixes. These security issues were fixed: - CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886) - CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877) - CVE-2017-7394: Client can crash or block VNC server (bsc#1031879) - CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875) - Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880) These non-security issues were fixed: - Prevent client disconnection caused by invalid cursor manipulation. (bsc#1024929, bsc#1031045) - Readd index.vnc. (bsc#1026833) - Crop operations to visible screen. (bnc#1032272) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-635=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-635=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-635=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libXvnc1-1.6.0-18.11.1 libXvnc1-debuginfo-1.6.0-18.11.1 tigervnc-1.6.0-18.11.1 tigervnc-debuginfo-1.6.0-18.11.1 tigervnc-debugsource-1.6.0-18.11.1 xorg-x11-Xvnc-1.6.0-18.11.1 xorg-x11-Xvnc-debuginfo-1.6.0-18.11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libXvnc1-1.6.0-18.11.1 libXvnc1-debuginfo-1.6.0-18.11.1 tigervnc-1.6.0-18.11.1 tigervnc-debuginfo-1.6.0-18.11.1 tigervnc-debugsource-1.6.0-18.11.1 xorg-x11-Xvnc-1.6.0-18.11.1 xorg-x11-Xvnc-debuginfo-1.6.0-18.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libXvnc1-1.6.0-18.11.1 libXvnc1-debuginfo-1.6.0-18.11.1 tigervnc-1.6.0-18.11.1 tigervnc-debuginfo-1.6.0-18.11.1 tigervnc-debugsource-1.6.0-18.11.1 xorg-x11-Xvnc-1.6.0-18.11.1 xorg-x11-Xvnc-debuginfo-1.6.0-18.11.1 References: https://www.suse.com/security/cve/CVE-2017-7392.html https://www.suse.com/security/cve/CVE-2017-7393.html https://www.suse.com/security/cve/CVE-2017-7394.html https://www.suse.com/security/cve/CVE-2017-7395.html https://www.suse.com/security/cve/CVE-2017-7396.html https://bugzilla.suse.com/1024929 https://bugzilla.suse.com/1026833 https://bugzilla.suse.com/1031045 https://bugzilla.suse.com/1031875 https://bugzilla.suse.com/1031877 https://bugzilla.suse.com/1031879 https://bugzilla.suse.com/1031886 https://bugzilla.suse.com/1032272 https://bugzilla.suse.com/1032880 From sle-updates at lists.suse.com Mon Apr 24 07:08:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2017 15:08:33 +0200 (CEST) Subject: SUSE-SU-2017:1095-1: moderate: Security update for zziplib Message-ID: <20170424130833.687A8FEAE@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1095-1 Rating: moderate References: #1024517 #1024528 #1024531 #1024532 #1024533 #1024534 #1024535 #1024536 #1024537 #1024539 Cross-References: CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for zziplib fixes the following issues: Secuirty issues fixed: - CVE-2017-5974: heap-based buffer overflow in __zzip_get32 (fetch.c) (bsc#1024517) - CVE-2017-5975: heap-based buffer overflow in __zzip_get64 (fetch.c) (bsc#1024528) - CVE-2017-5976: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531) - CVE-2017-5977: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534) - CVE-2017-5978: out of bounds read in zzip_mem_entry_new (memdisk.c) (bsc#1024533) - CVE-2017-5979: NULL pointer dereference in prescan_entry (fseeko.c) (bsc#1024535) - CVE-2017-5980: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) (bsc#1024536) - CVE-2017-5981: assertion failure in seeko.c (bsc#1024539) - NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532) - NULL pointer dereference in main (unzzipcat.c) (bsc#1024537) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-638=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-638=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-638=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-638=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-638=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-638=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 zziplib-devel-0.13.62-9.1 zziplib-devel-debuginfo-0.13.62-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 zziplib-devel-0.13.62-9.1 zziplib-devel-debuginfo-0.13.62-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 References: https://www.suse.com/security/cve/CVE-2017-5974.html https://www.suse.com/security/cve/CVE-2017-5975.html https://www.suse.com/security/cve/CVE-2017-5976.html https://www.suse.com/security/cve/CVE-2017-5977.html https://www.suse.com/security/cve/CVE-2017-5978.html https://www.suse.com/security/cve/CVE-2017-5979.html https://www.suse.com/security/cve/CVE-2017-5980.html https://www.suse.com/security/cve/CVE-2017-5981.html https://bugzilla.suse.com/1024517 https://bugzilla.suse.com/1024528 https://bugzilla.suse.com/1024531 https://bugzilla.suse.com/1024532 https://bugzilla.suse.com/1024533 https://bugzilla.suse.com/1024534 https://bugzilla.suse.com/1024535 https://bugzilla.suse.com/1024536 https://bugzilla.suse.com/1024537 https://bugzilla.suse.com/1024539 From sle-updates at lists.suse.com Mon Apr 24 10:09:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2017 18:09:47 +0200 (CEST) Subject: SUSE-SU-2017:1096-1: moderate: Security update for dpkg Message-ID: <20170424160947.18170FEAE@maintenance.suse.de> SUSE Security Update: Security update for dpkg ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1096-1 Rating: moderate References: #957160 Cross-References: CVE-2015-0860 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dpkg fixes the following issues: This security issue was fixed: - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggered a stack-based buffer overflow (bsc#957160). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-639=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-639=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): update-alternatives-1.16.10-12.6.1 update-alternatives-debuginfo-1.16.10-12.6.1 update-alternatives-debugsource-1.16.10-12.6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): update-alternatives-1.16.10-12.6.1 update-alternatives-debuginfo-1.16.10-12.6.1 update-alternatives-debugsource-1.16.10-12.6.1 References: https://www.suse.com/security/cve/CVE-2015-0860.html https://bugzilla.suse.com/957160 From sle-updates at lists.suse.com Mon Apr 24 10:10:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2017 18:10:15 +0200 (CEST) Subject: SUSE-RU-2017:1097-1: Recommended update for cloud-regionsrv-client Message-ID: <20170424161015.4BBA3FEAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1097-1 Rating: low References: #1029162 #1034691 #1034692 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client provides version 7.0.5 and brings the following fixes and improvements: - Fix argument mismatch to resolve an issue with re-registration and SMT failover. (bsc#1034692) - Implement plugins for EC2 and Azure to provide region hint in preparation of IPv6 support. (FATE#323081, bsc#1029162) Additionally the following new (sub-)packages have been added to the Public Cloud Module 11: - python-dnspython - cloud-region-srv-client-plugin-ec2 - cloud-region-srv-client-plugin-azure Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-cloud-regionsrv-client-13073=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): cloud-regionsrv-client-7.0.5-27.1 cloud-regionsrv-client-generic-config-1.0.0-27.1 cloud-regionsrv-client-plugin-azure-1.0.0-27.1 cloud-regionsrv-client-plugin-ec2-1.0.0-27.1 cloud-regionsrv-client-plugin-gce-1.0.0-27.1 python-dnspython-1.10.0-0.4.1 References: https://bugzilla.suse.com/1029162 https://bugzilla.suse.com/1034691 https://bugzilla.suse.com/1034692 From sle-updates at lists.suse.com Tue Apr 25 04:09:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2017 12:09:20 +0200 (CEST) Subject: SUSE-RU-2017:1101-1: moderate: Recommended update for mksh Message-ID: <20170425100920.6B8C9FBBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for mksh ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1101-1 Rating: moderate References: #1023419 #1029664 #1035233 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides mksh R50f, which brings several fixes and enhancements: - Fix printing of negative integer values with 'print -R'. (bsc#1023419) - Make unset HISTFILE actually work. (bsc#1029664) - Do not permit += from environment. (bsc#1029664) - Handle integer base out of band like ksh93 does. - Protect standard code (predefined aliases, internal code, aliases and functions in dot.mkshrc) from being overridden by aliases and, in some cases, shell functions. - Implement GNU bash's enable for dot.mkshrc using magic aliases to redirect the builtins to external utilities; this differs from GNU bash in that enable takes precedence over functions. - Move unaliasing an identifier when defining a POSIX-style function with the same name into lksh, for compatibility. - Korn shell style functions now have locally scoped shell options. - Fix read -n-1 to not be identical to read -N-1. - Several fixes and improvements to lksh(1) and mksh(1) man pages. - Fix issues with IFS='\' read. - Fix integer overflows related to file descriptor parsing, reduce memory usage for I/O redirs. - Fix miscalculating required memory for encoding the double-quoted parts of a here document or here string delimiter, leading to a buffer overflow. - Add options -a argv0 and -c to exec. - Prevent use-after-free when hitting multiple errors unwinding. - Fix use of $* and $@ in scalar context: within [[ ... ]] and after case and in here documents. - Fix set -x in PS4 expansion infinite loop. - Fix rare infinite loop with invalid UTF-8 in the edit buffer. - Make the cat(1) builtin also interruptible in the write loop, not just in the read loop. - We use update-alternatives so there is no need to obsolete ksh. For a comprehensive list of changes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-641=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-641=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-641=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-641=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-641=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): mksh-50f-5.1 mksh-debuginfo-50f-5.1 mksh-debugsource-50f-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): mksh-50f-5.1 mksh-debuginfo-50f-5.1 mksh-debugsource-50f-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): mksh-50f-5.1 mksh-debuginfo-50f-5.1 mksh-debugsource-50f-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): mksh-50f-5.1 mksh-debuginfo-50f-5.1 mksh-debugsource-50f-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): mksh-50f-5.1 mksh-debuginfo-50f-5.1 mksh-debugsource-50f-5.1 References: https://bugzilla.suse.com/1023419 https://bugzilla.suse.com/1029664 https://bugzilla.suse.com/1035233 From sle-updates at lists.suse.com Tue Apr 25 13:08:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2017 21:08:54 +0200 (CEST) Subject: SUSE-SU-2017:1102-1: important: Security update for the Linux Kernel Message-ID: <20170425190854.C2F51FEAF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1102-1 Rating: important References: #1003077 #1003344 #1003568 #1003677 #1003813 #1003866 #1003925 #1004517 #1004520 #1005857 #1005877 #1005896 #1005903 #1006917 #1006919 #1007615 #1007944 #1008557 #1008645 #1008831 #1008833 #1008893 #1009875 #1010150 #1010175 #1010201 #1010467 #1010501 #1010507 #1010711 #1010716 #1011685 #1011820 #1012411 #1012422 #1012832 #1012851 #1012917 #1013018 #1013038 #1013042 #1013070 #1013531 #1013533 #1013542 #1013604 #1014410 #1014454 #1014746 #1015561 #1015752 #1015760 #1015796 #1015803 #1015817 #1015828 #1015844 #1015848 #1015878 #1015932 #1016320 #1016505 #1016520 #1016668 #1016688 #1016824 #1016831 #1017686 #1017710 #1019148 #1019165 #1019348 #1019783 #1020214 #1021258 #748806 #763198 #771065 #786036 #790588 #795297 #799133 #800999 #803320 #821612 #824171 #851603 #853052 #860441 #863873 #865783 #871728 #901809 #907611 #908458 #908684 #909077 #909350 #909484 #909491 #909618 #913387 #914939 #919382 #922634 #924708 #925065 #928138 #929141 #953233 #956514 #960689 #961589 #962846 #963655 #967716 #968010 #969340 #973203 #973691 #979681 #984194 #986337 #987333 #987576 #989152 #989680 #989764 #989896 #990245 #992566 #992991 #993739 #993832 #995968 #996541 #996557 #997401 #998689 #999101 #999907 Cross-References: CVE-2004-0230 CVE-2012-6704 CVE-2013-6368 CVE-2015-1350 CVE-2015-8956 CVE-2015-8962 CVE-2015-8964 CVE-2016-10088 CVE-2016-3841 CVE-2016-5696 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9576 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2017-5551 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 114 fixes is now available. Description: The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097 (bnc#1021258). - CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions (bsc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: Denial of service in notify_change for filesystem xattrs (bsc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9576: splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE (bsc#1013604) - CVE-2016-9794: ALSA: pcm : Call kill_fasync() in stream lock (bsc#1013533) - CVE-2016-3841: KABI workaround for ipv6: add complete rcu protection around np->opt (bsc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Revert "proc: prevent accessing /proc//environ until it's ready (bsc#1010467)" - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: KEYS: Fix short sprintf buffer in /proc/keys show function (bsc#1004517). - CVE-2015-8956: Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (bsc#1003925). - CVE-2016-7117: net: Fix use after free in the recvmmsg exit path (bsc#1003077). The following non-security bugs were fixed: - blacklist.conf: 45f13df be2net: Enable Wake-On-LAN from shutdown for Skyhawk - blacklist.conf: c9cc599 net/mlx4_core: Fix QUERY FUNC CAP flags - 8250_pci: Fix potential use-after-free in error path (bsc#1013070). - IB/mlx4: Fix error flow when sending mads under SRIOV (bsc#786036). - IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036). - IB/mlx4: Fix memory leak if QP creation failed (bsc#786036). - IB/mlx4: Fix potential deadlock when sending mad to wire (bsc#786036). - IB/mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036). - IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - be2net: Do not leak iomapped memory on removal (bug#925065). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - bnx2x: fix lockdep splat (bsc#908684). - cifs: revert fs/cifs: fix wrongly prefixed path to root (bsc#963655) - config.conf: add bigmem flavour on ppc64 - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866). - cpumask_set_cpu_local_first => cpumask_local_spread, lament (bug#919382). - crypto: add ghash-generic in the supported.conf(bsc#1016824) - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106 (bsc#913387, #bsc1016831). - dm space map metadata: fix sm_bootstrap_get_nr_blocks() - dm thin: fix race condition when destroying thin pool workqueue - dm: do not call dm_sync_table() when creating new devices (bnc#901809, bsc#1008893). - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348) - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668). - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018). - ext4: fix reference counting bug on block allocation error (bsc#1013018). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: make share unaccessible at root level mountable (bsc#799133). - futex: Acknowledge a new waiter in counter before plist (bsc#851603). - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603). - hpilo: Add support for iLO5 (bsc#999101). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919). - hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#986337). - hv: vmbus: avoid wait_for_completion() on crash (bnc#986337). - hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337). - hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts (bnc#986337). - hv: vmbus: handle various crash scenarios (bnc#986337). - hv: vmbus: remove code duplication in message handling (bnc#986337). - hv: vss: run only on supported host versions (bnc#986337). - i40e: fix an uninitialized variable bug (bsc#909484). - ibmveth: calculate gso_segs for large packets (bsc#1019165, bsc#1019148). - ibmveth: set correct gso_size and gso_type (bsc#1019165, bsc#1019148). - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491). - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector (bsc#795297). - igb: Fix oops caused by missing queue pairing (bsc#909491). - igb: Fix oops on changing number of rings (bsc#909491). - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (bsc#909491). - igb: Unpair the queues when changing the number of queues (bsc#909491). - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#865783). - kabi-fix for flock_owner addition (bsc#998689). - kexec: add a kexec_crash_loaded() function (bsc#973691). - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680). - kvm: Distangle eventfd code from irqchip (bsc#989680). - kvm: Iterate over only vcpus that are preempted (bsc#989680). - kvm: Record the preemption status of vcpus using preempt notifiers (bsc#989680). - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680). - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680). - kvm: make processes waiting on vcpu mutex killable (bsc#989680). - kvm: nVMX: Add preemption timer support (bsc#989680). - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680). - kvm: use symbolic constant for nr interrupts (bsc#989680). - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680). - kvm: x86: Run PIT work in own kthread (bsc#989680). - kvm: x86: limit difference between kvmclock updates (bsc#989680). - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689). - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866). - libata: introduce ata_host->n_tags to avoid oops on SAS controllers (bsc#871728). - libata: remove n_tags to avoid kABI breakage (bsc#871728). - libata: support the ata host which implements a queue depth less than 32 (bsc#871728) - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846). - libfc: Fixup disc_mutex handling (bsc#962846). - libfc: Issue PRLI after a PRLO has been received (bsc#962846). - libfc: Revisit kref handling (bnc#990245). - libfc: Update rport reference counting (bsc#953233). - libfc: do not send ABTS when resetting exchanges (bsc#962846). - libfc: fixup locking of ptp_setup() (bsc#962846). - libfc: reset exchange manager during LOGO handling (bsc#962846). - libfc: send LOGO for PLOGI failure (bsc#962846). - locking/mutex: Explicitly mark task as running after wakeup (bsc#1012411). - md/raid10: Fix memory leak when raid10 reshape completes - md/raid10: always set reshape_safe when initializing reshape_position - md: Drop sending a change uevent when stopping (bsc#1003568). - md: check command validity early in md_ioctl() (bsc#1004520). - md: fix problem when adding device to read-only array with bitmap (bnc#771065). - memstick: mspro_block: add missing curly braces (bsc#1016688). - mlx4: add missing braces in verify_qp_parameters (bsc#786036). - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations (bnc#763198). - mm/memory.c: actually remap enough memory (bnc#1005903). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (bnc#961589). - mm: fix crashes from mbind() merging vmas (bnc#1005877). - mm: fix sleeping function warning from __put_anon_vma (bnc#1005857). - dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (bsc#1008645). - mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337). - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036). - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382). - net/mlx4_core: Avoid returning success in case of an error flow (bsc#786036). - net/mlx4_core: Do not BUG_ON during reset when PCI is offline (bsc#924708). - net/mlx4_core: Do not access comm channel if it has not yet been initialized (bsc#924708 bsc#786036). - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards (bug#919382). - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec (bsc#786036). - net/mlx4_core: Implement pci_resume callback (bsc#924708). - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT (bug#919382). - net/mlx4_en: Choose time-stamping shift value according to HW frequency (bsc#919382). - net/mlx4_en: Fix HW timestamp init issue upon system startup (bsc#919382). - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036). - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036). - net/mlx4_en: Remove dependency between timestamping capability and service_task (bsc#919382). - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382). - netfilter: ipv4: defrag: set local_df flag on defragmented skb (bsc#907611). - netfront: do not truncate grant references. - netvsc: fix incorrect receive checksum offloading (bnc#1006917). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514). - nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873). - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nfsv4: Handle timeouts correctly when probing for lease validity (bsc#1014410). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - nvme: Automatic namespace rescan (bsc#1017686). - nvme: Metadata format support (bsc#1017686). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - oom: print nodemask in the oom report (bnc#1003866). - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc/64: Fix incorrect return value from __copy_tofrom_user (bsc#1005896). - powerpc/MSI: Fix race condition in tearing down MSI interrupts (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc/mm: Add 64TB support (bsc#928138,fate#319026). - powerpc/mm: Change the swap encoding in pte (bsc#973203). - powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026). - powerpc/mm: Fix hash computation function (bsc#928138,fate#319026). - powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026). - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE (bsc#928138,fate#319026). - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Replace open coded CONTEXT_BITS value (bsc#928138,fate#319026). - powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026). - powerpc/mm: Update VSID allocation documentation (bsc#928138,fate#319026). - powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026). - powerpc/mm: Use hpt_va to compute virtual address (bsc#928138,fate#319026). - powerpc/mm: Use the required number of VSID bits in slbmte (bsc#928138,fate#319026). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Move kdump default base address to half RMO size on 64bit (bsc#1003344). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: Update kernel VSID range (bsc#928138,fate#319026). - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only: 6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC' obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in /sys/devices/system/cpu - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc: scan_features() updates incorrect bits for REAL_LE (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - printk/sched: Introduce special printk_sched() for those awkward (bsc#1013042, bsc#996541, bsc#1015878). - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851). - qlcnic: fix a loop exit condition better (bsc#909350). - qlcnic: fix a timeout loop (bsc#909350) - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() (bnc#800999). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/package-descriptions: add -bigmem description - rt2x00: fix rfkill regression on rt2500pci (bnc#748806). - s390/cio: fix accidental interrupt enabling during resume (bnc#1003677, LTC#147606). - s390/time: LPAR offset handling (bnc#1003677, LTC#146920). - s390/time: move PTFF definitions (bnc#1003677, LTC#146920). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374). - scsi_error: count medium access timeout only once per EH run (bsc#993832). - scsi_error: fixup crash in scsi_eh_reset (bsc#993832) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013070). - sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618). - softirq: sirq threads raising another sirq delegate to the proper thread Otherwise, high priority timer threads expend cycles precessing other sirqs, potentially increasing wakeup latencies as thes process sirqs at a priority other than the priority specified by the user. - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race (bnc#803320). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache (bsc#1012917). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#908458). - tg3: Fix temperature reporting (bnc#790588). - tty: Signal SIGHUP before hanging up ldisc (bnc#989764). - usb: console: fix potential use after free (bsc#1015817). - usb: console: fix uninitialised ldisc semaphore (bsc#1015817). - usb: cp210x: Corrected USB request type definitions (bsc#1015932). - usb: cp210x: relocate private data from USB interface to port (bsc#1015932). - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932). - usb: ftdi_sio: fix null deref at port probe (bsc#1015796). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - usb: hub: Fix unbalanced reference count/memory leak/deadlocks (bsc#968010). - usb: ipaq.c: fix a timeout loop (bsc#1015848). - usb: opticon: fix non-atomic allocation in write path (bsc#1015803). - usb: option: fix runtime PM handling (bsc#1015752). - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932). - usb: serial: cp210x: add 8-bit and 32-bit register access functions (bsc#1015932). - usb: serial: cp210x: add new access functions for large registers (bsc#1015932). - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932). - usb: serial: fix potential use-after-free after failed probe (bsc#1015828). - usb: serial: io_edgeport: fix memory leaks in attach error path (bsc#1016505). - usb: serial: io_edgeport: fix memory leaks in probe error path (bsc#1016505). - usb: serial: keyspan: fix use-after-free in probe error path (bsc#1016520). - usb: sierra: fix AA deadlock in open error path (bsc#1015561). - usb: sierra: fix remote wakeup (bsc#1015561). - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561). - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561). - usb: sierra: fix use after free at suspend/resume (bsc#1015561). - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760). - usb: usb_wwan: fix race between write and resume (bsc#1015760). - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760). - usb: usb_wwan: fix urb leak in write error path (bsc#1015760). - usb: usb_wwan: fix write and suspend race (bsc#1015760). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844). - vmxnet3: Wake queue from reset work (bsc#999907). - x86, amd_nb: Clarify F15h, model 30h GART and L3 support - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors - x86/gart: Check for GART support before accessing GART registers - xenbus: do not invoke ->is_ready() for most device states (bsc#987333). - zcrypt: Fix hang condition on crypto card config-off (bsc#1016320). - zcrypt: Fix invalid domain response handling (bsc#1016320). - zfcp: Fix erratic device offline during EH (bsc#993832). - zfcp: close window with unblocked rport during rport gone (bnc#1003677). - zfcp: fix D_ID field with actual value on tracing SAN responses (bnc#1003677). - zfcp: fix ELS/GS request&response length for hardware data router (bnc#1003677). - zfcp: fix payload trace length for SAN request&response (bnc#1003677). - zfcp: restore tracing of handle for port and LUN with HBA records (bnc#1003677). - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace (bnc#1003677). - zfcp: retain trace level for SCSI and HBA FSF response records (bnc#1003677). - zfcp: trace full payload of all SAN records (req,resp,iels) (bnc#1003677). - zfcp: trace on request for open and close of WKA port (bnc#1003677). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-13074=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13074=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-68.1 kernel-rt-base-3.0.101.rt130-68.1 kernel-rt-devel-3.0.101.rt130-68.1 kernel-rt_trace-3.0.101.rt130-68.1 kernel-rt_trace-base-3.0.101.rt130-68.1 kernel-rt_trace-devel-3.0.101.rt130-68.1 kernel-source-rt-3.0.101.rt130-68.1 kernel-syms-rt-3.0.101.rt130-68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-68.1 kernel-rt-debugsource-3.0.101.rt130-68.1 kernel-rt_debug-debuginfo-3.0.101.rt130-68.1 kernel-rt_debug-debugsource-3.0.101.rt130-68.1 kernel-rt_trace-debuginfo-3.0.101.rt130-68.1 kernel-rt_trace-debugsource-3.0.101.rt130-68.1 References: https://www.suse.com/security/cve/CVE-2004-0230.html https://www.suse.com/security/cve/CVE-2012-6704.html https://www.suse.com/security/cve/CVE-2013-6368.html https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2015-8956.html https://www.suse.com/security/cve/CVE-2015-8962.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-3841.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7097.html https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-7910.html https://www.suse.com/security/cve/CVE-2016-7911.html https://www.suse.com/security/cve/CVE-2016-7916.html https://www.suse.com/security/cve/CVE-2016-8399.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-8633.html https://www.suse.com/security/cve/CVE-2016-8646.html https://www.suse.com/security/cve/CVE-2016-9555.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9685.html https://www.suse.com/security/cve/CVE-2016-9756.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2017-5551.html https://bugzilla.suse.com/1003077 https://bugzilla.suse.com/1003344 https://bugzilla.suse.com/1003568 https://bugzilla.suse.com/1003677 https://bugzilla.suse.com/1003813 https://bugzilla.suse.com/1003866 https://bugzilla.suse.com/1003925 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1004520 https://bugzilla.suse.com/1005857 https://bugzilla.suse.com/1005877 https://bugzilla.suse.com/1005896 https://bugzilla.suse.com/1005903 https://bugzilla.suse.com/1006917 https://bugzilla.suse.com/1006919 https://bugzilla.suse.com/1007615 https://bugzilla.suse.com/1007944 https://bugzilla.suse.com/1008557 https://bugzilla.suse.com/1008645 https://bugzilla.suse.com/1008831 https://bugzilla.suse.com/1008833 https://bugzilla.suse.com/1008893 https://bugzilla.suse.com/1009875 https://bugzilla.suse.com/1010150 https://bugzilla.suse.com/1010175 https://bugzilla.suse.com/1010201 https://bugzilla.suse.com/1010467 https://bugzilla.suse.com/1010501 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010711 https://bugzilla.suse.com/1010716 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1011820 https://bugzilla.suse.com/1012411 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012832 https://bugzilla.suse.com/1012851 https://bugzilla.suse.com/1012917 https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1013038 https://bugzilla.suse.com/1013042 https://bugzilla.suse.com/1013070 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/1013542 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014410 https://bugzilla.suse.com/1014454 https://bugzilla.suse.com/1014746 https://bugzilla.suse.com/1015561 https://bugzilla.suse.com/1015752 https://bugzilla.suse.com/1015760 https://bugzilla.suse.com/1015796 https://bugzilla.suse.com/1015803 https://bugzilla.suse.com/1015817 https://bugzilla.suse.com/1015828 https://bugzilla.suse.com/1015844 https://bugzilla.suse.com/1015848 https://bugzilla.suse.com/1015878 https://bugzilla.suse.com/1015932 https://bugzilla.suse.com/1016320 https://bugzilla.suse.com/1016505 https://bugzilla.suse.com/1016520 https://bugzilla.suse.com/1016668 https://bugzilla.suse.com/1016688 https://bugzilla.suse.com/1016824 https://bugzilla.suse.com/1016831 https://bugzilla.suse.com/1017686 https://bugzilla.suse.com/1017710 https://bugzilla.suse.com/1019148 https://bugzilla.suse.com/1019165 https://bugzilla.suse.com/1019348 https://bugzilla.suse.com/1019783 https://bugzilla.suse.com/1020214 https://bugzilla.suse.com/1021258 https://bugzilla.suse.com/748806 https://bugzilla.suse.com/763198 https://bugzilla.suse.com/771065 https://bugzilla.suse.com/786036 https://bugzilla.suse.com/790588 https://bugzilla.suse.com/795297 https://bugzilla.suse.com/799133 https://bugzilla.suse.com/800999 https://bugzilla.suse.com/803320 https://bugzilla.suse.com/821612 https://bugzilla.suse.com/824171 https://bugzilla.suse.com/851603 https://bugzilla.suse.com/853052 https://bugzilla.suse.com/860441 https://bugzilla.suse.com/863873 https://bugzilla.suse.com/865783 https://bugzilla.suse.com/871728 https://bugzilla.suse.com/901809 https://bugzilla.suse.com/907611 https://bugzilla.suse.com/908458 https://bugzilla.suse.com/908684 https://bugzilla.suse.com/909077 https://bugzilla.suse.com/909350 https://bugzilla.suse.com/909484 https://bugzilla.suse.com/909491 https://bugzilla.suse.com/909618 https://bugzilla.suse.com/913387 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/919382 https://bugzilla.suse.com/922634 https://bugzilla.suse.com/924708 https://bugzilla.suse.com/925065 https://bugzilla.suse.com/928138 https://bugzilla.suse.com/929141 https://bugzilla.suse.com/953233 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/960689 https://bugzilla.suse.com/961589 https://bugzilla.suse.com/962846 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/967716 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/969340 https://bugzilla.suse.com/973203 https://bugzilla.suse.com/973691 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/984194 https://bugzilla.suse.com/986337 https://bugzilla.suse.com/987333 https://bugzilla.suse.com/987576 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989680 https://bugzilla.suse.com/989764 https://bugzilla.suse.com/989896 https://bugzilla.suse.com/990245 https://bugzilla.suse.com/992566 https://bugzilla.suse.com/992991 https://bugzilla.suse.com/993739 https://bugzilla.suse.com/993832 https://bugzilla.suse.com/995968 https://bugzilla.suse.com/996541 https://bugzilla.suse.com/996557 https://bugzilla.suse.com/997401 https://bugzilla.suse.com/998689 https://bugzilla.suse.com/999101 https://bugzilla.suse.com/999907 From sle-updates at lists.suse.com Tue Apr 25 16:09:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2017 00:09:01 +0200 (CEST) Subject: SUSE-RU-2017:1103-1: important: Recommended update for ruby2.1 Message-ID: <20170425220901.5FB39FEAF@maintenance.suse.de> SUSE Recommended Update: Recommended update for ruby2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1103-1 Rating: important References: #1014863 #1035988 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ruby2.1 fixes a regression introduced by a previous update that was intended to fix insufficient support for domain wildcards in the $no_proxy environment variable. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-643=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-643=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-643=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-643=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-643=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-643=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-643=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-643=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-643=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-643=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-devel-2.1.9-18.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-devel-2.1.9-18.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libruby2_1-2_1-2.1.9-18.1 libruby2_1-2_1-debuginfo-2.1.9-18.1 ruby2.1-2.1.9-18.1 ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-stdlib-2.1.9-18.1 ruby2.1-stdlib-debuginfo-2.1.9-18.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libruby2_1-2_1-2.1.9-18.1 libruby2_1-2_1-debuginfo-2.1.9-18.1 ruby2.1-2.1.9-18.1 ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-stdlib-2.1.9-18.1 ruby2.1-stdlib-debuginfo-2.1.9-18.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libruby2_1-2_1-2.1.9-18.1 libruby2_1-2_1-debuginfo-2.1.9-18.1 ruby2.1-2.1.9-18.1 ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-stdlib-2.1.9-18.1 ruby2.1-stdlib-debuginfo-2.1.9-18.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libruby2_1-2_1-2.1.9-18.1 libruby2_1-2_1-debuginfo-2.1.9-18.1 ruby2.1-2.1.9-18.1 ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-stdlib-2.1.9-18.1 ruby2.1-stdlib-debuginfo-2.1.9-18.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libruby2_1-2_1-2.1.9-18.1 libruby2_1-2_1-debuginfo-2.1.9-18.1 ruby2.1-2.1.9-18.1 ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-stdlib-2.1.9-18.1 ruby2.1-stdlib-debuginfo-2.1.9-18.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libruby2_1-2_1-2.1.9-18.1 libruby2_1-2_1-debuginfo-2.1.9-18.1 ruby2.1-2.1.9-18.1 ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-stdlib-2.1.9-18.1 ruby2.1-stdlib-debuginfo-2.1.9-18.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libruby2_1-2_1-2.1.9-18.1 libruby2_1-2_1-debuginfo-2.1.9-18.1 ruby2.1-2.1.9-18.1 ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-stdlib-2.1.9-18.1 ruby2.1-stdlib-debuginfo-2.1.9-18.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libruby2_1-2_1-2.1.9-18.1 libruby2_1-2_1-debuginfo-2.1.9-18.1 ruby2.1-2.1.9-18.1 ruby2.1-debuginfo-2.1.9-18.1 ruby2.1-debugsource-2.1.9-18.1 ruby2.1-stdlib-2.1.9-18.1 ruby2.1-stdlib-debuginfo-2.1.9-18.1 References: https://bugzilla.suse.com/1014863 https://bugzilla.suse.com/1035988 From sle-updates at lists.suse.com Wed Apr 26 13:08:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2017 21:08:36 +0200 (CEST) Subject: SUSE-SU-2017:1110-1: moderate: Security update for tcpdump, libpcap Message-ID: <20170426190836.AD225FEAF@maintenance.suse.de> SUSE Security Update: Security update for tcpdump, libpcap ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1110-1 Rating: moderate References: #1020940 #1035686 #905870 #905871 #905872 #922220 #922221 #922222 #922223 #927637 Cross-References: CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2015-3138 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 49 vulnerabilities is now available. Description: This update for tcpdump to version 4.9.0 and libpcap to version 1.8.1 fixes the several issues. These security issues were fixed in tcpdump: - CVE-2016-7922: The AH parser in tcpdump had a buffer overflow in print-ah.c:ah_print() (bsc#1020940). - CVE-2016-7923: The ARP parser in tcpdump had a buffer overflow in print-arp.c:arp_print() (bsc#1020940). - CVE-2016-7924: The ATM parser in tcpdump had a buffer overflow in print-atm.c:oam_print() (bsc#1020940). - CVE-2016-7925: The compressed SLIP parser in tcpdump had a buffer overflow in print-sl.c:sl_if_print() (bsc#1020940). - CVE-2016-7926: The Ethernet parser in tcpdump had a buffer overflow in print-ether.c:ethertype_print() (bsc#1020940). - CVE-2016-7927: The IEEE 802.11 parser in tcpdump had a buffer overflow in print-802_11.c:ieee802_11_radio_print() (bsc#1020940). - CVE-2016-7928: The IPComp parser in tcpdump had a buffer overflow in print-ipcomp.c:ipcomp_print() (bsc#1020940). - CVE-2016-7929: The Juniper PPPoE ATM parser in tcpdump had a buffer overflow in print-juniper.c:juniper_parse_header() (bsc#1020940). - CVE-2016-7930: The LLC/SNAP parser in tcpdump had a buffer overflow in print-llc.c:llc_print() (bsc#1020940). - CVE-2016-7931: The MPLS parser in tcpdump had a buffer overflow in print-mpls.c:mpls_print() (bsc#1020940). - CVE-2016-7932: The PIM parser in tcpdump had a buffer overflow in print-pim.c:pimv2_check_checksum() (bsc#1020940). - CVE-2016-7933: The PPP parser in tcpdump had a buffer overflow in print-ppp.c:ppp_hdlc_if_print() (bsc#1020940). - CVE-2016-7934: The RTCP parser in tcpdump had a buffer overflow in print-udp.c:rtcp_print() (bsc#1020940). - CVE-2016-7935: The RTP parser in tcpdump had a buffer overflow in print-udp.c:rtp_print() (bsc#1020940). - CVE-2016-7936: The UDP parser in tcpdump had a buffer overflow in print-udp.c:udp_print() (bsc#1020940). - CVE-2016-7937: The VAT parser in tcpdump had a buffer overflow in print-udp.c:vat_print() (bsc#1020940). - CVE-2016-7938: The ZeroMQ parser in tcpdump had an integer overflow in print-zeromq.c:zmtp1_print_frame() (bsc#1020940). - CVE-2016-7939: The GRE parser in tcpdump had a buffer overflow in print-gre.c, multiple functions (bsc#1020940). - CVE-2016-7940: The STP parser in tcpdump had a buffer overflow in print-stp.c, multiple functions (bsc#1020940). - CVE-2016-7973: The AppleTalk parser in tcpdump had a buffer overflow in print-atalk.c, multiple functions (bsc#1020940). - CVE-2016-7974: The IP parser in tcpdump had a buffer overflow in print-ip.c, multiple functions (bsc#1020940). - CVE-2016-7975: The TCP parser in tcpdump had a buffer overflow in print-tcp.c:tcp_print() (bsc#1020940). - CVE-2016-7983: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2016-7984: The TFTP parser in tcpdump had a buffer overflow in print-tftp.c:tftp_print() (bsc#1020940). - CVE-2016-7985: The CALM FAST parser in tcpdump had a buffer overflow in print-calm-fast.c:calm_fast_print() (bsc#1020940). - CVE-2016-7986: The GeoNetworking parser in tcpdump had a buffer overflow in print-geonet.c, multiple functions (bsc#1020940). - CVE-2016-7992: The Classical IP over ATM parser in tcpdump had a buffer overflow in print-cip.c:cip_if_print() (bsc#1020940). - CVE-2016-7993: A bug in util-print.c:relts_print() in tcpdump could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM) (bsc#1020940). - CVE-2016-8574: The FRF.15 parser in tcpdump had a buffer overflow in print-fr.c:frf15_print() (bsc#1020940). - CVE-2016-8575: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482 (bsc#1020940). - CVE-2017-5202: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2017-5203: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2017-5204: The IPv6 parser in tcpdump had a buffer overflow in print-ip6.c:ip6_print() (bsc#1020940). - CVE-2017-5205: The ISAKMP parser in tcpdump had a buffer overflow in print-isakmp.c:ikev2_e_print() (bsc#1020940). - CVE-2017-5341: The OTV parser in tcpdump had a buffer overflow in print-otv.c:otv_print() (bsc#1020940). - CVE-2017-5342: In tcpdump a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print() (bsc#1020940). - CVE-2017-5482: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575 (bsc#1020940). - CVE-2017-5483: The SNMP parser in tcpdump had a buffer overflow in print-snmp.c:asn1_parse() (bsc#1020940). - CVE-2017-5484: The ATM parser in tcpdump had a buffer overflow in print-atm.c:sig_print() (bsc#1020940). - CVE-2017-5485: The ISO CLNS parser in tcpdump had a buffer overflow in addrtoname.c:lookup_nsap() (bsc#1020940). - CVE-2017-5486: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2015-3138: Fixed potential denial of service in print-wb.c (bsc#927637). - CVE-2015-0261: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value (bsc#922220). - CVE-2015-2153: The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU) (bsc#922221). - CVE-2015-2154: The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value (bsc#922222). - CVE-2015-2155: The force printer in tcpdump allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors (bsc#922223). - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bsc#905870). - CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump when run in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bsc#905871). - CVE-2014-8769: tcpdump might have allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bsc#905872). These non-security issues were fixed in tcpdump: - PPKI to Router Protocol: Fix Segmentation Faults and other problems - RPKI to Router Protocol: print strings with fn_printn() - Added a short option '#', same as long option '--number' - nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes - M3UA decode added. - Added bittok2str(). - A number of unaligned access faults fixed - The -A flag does not consider CR to be printable anymore - fx.lebail took over coverity baby sitting - Default snapshot size increased to 256K for accomodate USB captures These non-security issues were fixed in libpcap: - Provide a -devel-static subpackage that contains the static libraries and all the extra dependencies which are not needed for dynamic linking. - Fix handling of packet count in the TPACKET_V3 inner loop - Filter out duplicate looped back CAN frames. - Fix the handling of loopback filters for IPv6 packets. - Add a link-layer header type for RDS (IEC 62106) groups. - Handle all CAN captures with pcap-linux.c, in cooked mode. - Removes the need for the "host-endian" link-layer header type. - Have separate DLTs for big-endian and host-endian SocketCAN headers. - Properly check for sock_recv() errors. - Re-impose some of Winsock's limitations on sock_recv(). - Replace sprintf() with pcap_snprintf(). - Fix signature of pcap_stats_ex_remote(). - Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag. - Clean up {DAG, Septel, Myricom SNF}-only builds. - pcap_create_interface() needs the interface name on Linux. - Clean up hardware time stamp support: the "any" device does not support any time stamp types. - Recognize 802.1ad nested VLAN tag in vlan filter. - Support for filtering Geneve encapsulated packets. - Fix handling of zones for BPF on Solaris - Added bpf_filter1() with extensions - EBUSY can now be returned by SNFv3 code. - Don't crash on filters testing a non-existent link-layer type field. - Fix sending in non-blocking mode on Linux with memory-mapped capture. - Fix timestamps when reading pcap-ng files on big-endian machines. - Fixes for byte order issues with NFLOG captures - Handle using cooked mode for DLT_NETLINK in activate_new(). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-644=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-644=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-644=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-644=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-644=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-644=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-644=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-644=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-644=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-32bit-1.8.1-9.1 libpcap1-debuginfo-32bit-1.8.1-9.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libpcap1-32bit-1.8.1-9.1 libpcap1-debuginfo-32bit-1.8.1-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-9.1 libpcap-devel-1.8.1-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpcap-debugsource-1.8.1-9.1 libpcap-devel-1.8.1-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-32bit-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 libpcap1-debuginfo-32bit-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-32bit-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 libpcap1-debuginfo-32bit-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 References: https://www.suse.com/security/cve/CVE-2014-8767.html https://www.suse.com/security/cve/CVE-2014-8768.html https://www.suse.com/security/cve/CVE-2014-8769.html https://www.suse.com/security/cve/CVE-2015-0261.html https://www.suse.com/security/cve/CVE-2015-2153.html https://www.suse.com/security/cve/CVE-2015-2154.html https://www.suse.com/security/cve/CVE-2015-2155.html https://www.suse.com/security/cve/CVE-2015-3138.html https://www.suse.com/security/cve/CVE-2016-7922.html https://www.suse.com/security/cve/CVE-2016-7923.html https://www.suse.com/security/cve/CVE-2016-7924.html https://www.suse.com/security/cve/CVE-2016-7925.html https://www.suse.com/security/cve/CVE-2016-7926.html https://www.suse.com/security/cve/CVE-2016-7927.html https://www.suse.com/security/cve/CVE-2016-7928.html https://www.suse.com/security/cve/CVE-2016-7929.html https://www.suse.com/security/cve/CVE-2016-7930.html https://www.suse.com/security/cve/CVE-2016-7931.html https://www.suse.com/security/cve/CVE-2016-7932.html https://www.suse.com/security/cve/CVE-2016-7933.html https://www.suse.com/security/cve/CVE-2016-7934.html https://www.suse.com/security/cve/CVE-2016-7935.html https://www.suse.com/security/cve/CVE-2016-7936.html https://www.suse.com/security/cve/CVE-2016-7937.html https://www.suse.com/security/cve/CVE-2016-7938.html https://www.suse.com/security/cve/CVE-2016-7939.html https://www.suse.com/security/cve/CVE-2016-7940.html https://www.suse.com/security/cve/CVE-2016-7973.html https://www.suse.com/security/cve/CVE-2016-7974.html https://www.suse.com/security/cve/CVE-2016-7975.html https://www.suse.com/security/cve/CVE-2016-7983.html https://www.suse.com/security/cve/CVE-2016-7984.html https://www.suse.com/security/cve/CVE-2016-7985.html https://www.suse.com/security/cve/CVE-2016-7986.html https://www.suse.com/security/cve/CVE-2016-7992.html https://www.suse.com/security/cve/CVE-2016-7993.html https://www.suse.com/security/cve/CVE-2016-8574.html https://www.suse.com/security/cve/CVE-2016-8575.html https://www.suse.com/security/cve/CVE-2017-5202.html https://www.suse.com/security/cve/CVE-2017-5203.html https://www.suse.com/security/cve/CVE-2017-5204.html https://www.suse.com/security/cve/CVE-2017-5205.html https://www.suse.com/security/cve/CVE-2017-5341.html https://www.suse.com/security/cve/CVE-2017-5342.html https://www.suse.com/security/cve/CVE-2017-5482.html https://www.suse.com/security/cve/CVE-2017-5483.html https://www.suse.com/security/cve/CVE-2017-5484.html https://www.suse.com/security/cve/CVE-2017-5485.html https://www.suse.com/security/cve/CVE-2017-5486.html https://bugzilla.suse.com/1020940 https://bugzilla.suse.com/1035686 https://bugzilla.suse.com/905870 https://bugzilla.suse.com/905871 https://bugzilla.suse.com/905872 https://bugzilla.suse.com/922220 https://bugzilla.suse.com/922221 https://bugzilla.suse.com/922222 https://bugzilla.suse.com/922223 https://bugzilla.suse.com/927637 From sle-updates at lists.suse.com Wed Apr 26 13:12:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2017 21:12:49 +0200 (CEST) Subject: SUSE-SU-2017:1117-1: moderate: Security update for curl Message-ID: <20170426191249.EAD66FEAF@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1117-1 Rating: moderate References: #1015332 #1032309 Cross-References: CVE-2016-9586 CVE-2017-7407 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-13075=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.52.2 References: https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2017-7407.html https://bugzilla.suse.com/1015332 https://bugzilla.suse.com/1032309 From sle-updates at lists.suse.com Thu Apr 27 04:09:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2017 12:09:11 +0200 (CEST) Subject: SUSE-RU-2017:1120-1: Recommended update for nfs-utils Message-ID: <20170427100911.F2148FEAF@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1120-1 Rating: low References: #1005609 #1019211 #1028376 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - When updating from SLES 12 to 12-SP1, enable nfsserver.service if the old SysV service "nfsserver" was enabled. Ditto for nfs.service and "nfs". (bsc#1028376) - Only require a filesystem to be mounted if it isn't marked 'noauto' in /etc/fstab. (bsc#1019211) - Move rpc.svcgssd and corresponding man page from nfs-client package to nfs-kernel-server. For NFSv4.0 this is needed on client as well as the server to support the back-channel. (bsc#1005609) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-646=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-646=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): nfs-client-1.3.0-40.1 nfs-client-debuginfo-1.3.0-40.1 nfs-doc-1.3.0-40.1 nfs-kernel-server-1.3.0-40.1 nfs-kernel-server-debuginfo-1.3.0-40.1 nfs-utils-debugsource-1.3.0-40.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): nfs-client-1.3.0-40.1 nfs-client-debuginfo-1.3.0-40.1 nfs-kernel-server-1.3.0-40.1 nfs-kernel-server-debuginfo-1.3.0-40.1 nfs-utils-debugsource-1.3.0-40.1 References: https://bugzilla.suse.com/1005609 https://bugzilla.suse.com/1019211 https://bugzilla.suse.com/1028376 From sle-updates at lists.suse.com Fri Apr 28 04:10:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 12:10:19 +0200 (CEST) Subject: SUSE-RU-2017:1122-1: Recommended update for crash Message-ID: <20170428101019.9F749FEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1122-1 Rating: low References: #1022962 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash provides the following fixes: - Fix analyzing fadump (and qemu) dumps on PPC64 systems with 32TB of memory. (bsc#1022962) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-crash-13076=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-crash-13076=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-crash-13076=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): crash-devel-7.0.9-29.5 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): crash-7.0.9-29.5 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): crash-7.0.9-29.5 crash-eppic-7.0.9-29.5 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): crash-debuginfo-7.0.9-29.5 crash-debugsource-7.0.9-29.5 References: https://bugzilla.suse.com/1022962 From sle-updates at lists.suse.com Fri Apr 28 04:10:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 12:10:55 +0200 (CEST) Subject: SUSE-RU-2017:1123-1: Recommended update for yast2-services-manager Message-ID: <20170428101055.4898DFEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-services-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1123-1 Rating: low References: #1012047 #1017166 #956043 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-services-manager provides the following fixes: - Use systemctl calls (is-active, is-enabled) to evaluate if the service is enabled/active. (bsc#1017166, bsc#1012047) - Filter out all YaST services which should e.g. not be restarted while installation. (bsc#956043) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-647=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-647=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-647=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-services-manager-3.1.44-5.6.12 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-services-manager-3.1.44-5.6.12 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): yast2-services-manager-3.1.44-5.6.12 References: https://bugzilla.suse.com/1012047 https://bugzilla.suse.com/1017166 https://bugzilla.suse.com/956043 From sle-updates at lists.suse.com Fri Apr 28 07:09:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 15:09:13 +0200 (CEST) Subject: SUSE-RU-2017:1125-1: Recommended update for machinery Message-ID: <20170428130913.F2FB5FEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for machinery ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1125-1 Rating: low References: #1004697 #1009774 #1035727 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for machinery provides version 1.22.2 and brings the following fixes and improvements: - Prevent machinery-helper from crashing when files are inaccessible during inspection. (bsc#1009774) - Fix analyze of changed-config-files when NFS or SMB repositories are used. - Do not add repositories which require registration to built images. (bsc#1004697) - Fix package inspection on older Debian systems. - Fix extraction of information for Debian packages containing a dash in their name. - Only use sudo for reading files when necessary. - Gracefully handle RequireTTY enabled sudo configs. - Add rsync requirement check for remote system. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-651=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): machinery-1.22.2-54.1 machinery-debuginfo-1.22.2-54.1 machinery-debugsource-1.22.2-54.1 References: https://bugzilla.suse.com/1004697 https://bugzilla.suse.com/1009774 https://bugzilla.suse.com/1035727 From sle-updates at lists.suse.com Fri Apr 28 10:13:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 18:13:42 +0200 (CEST) Subject: SUSE-RU-2017:1130-1: moderate: Recommended update for openstack-cinder Message-ID: <20170428161342.87EB1FEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-cinder ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1130-1 Rating: moderate References: #1022986 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-cinder fixes the following issues: - Use Local NetApp Cache to Copy an Available Image. (bsc#1022986) - Allow admin project to operate on all quotas. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-652=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-cinder-7.0.3~a0~dev11-16.1 openstack-cinder-api-7.0.3~a0~dev11-16.1 openstack-cinder-backup-7.0.3~a0~dev11-16.1 openstack-cinder-doc-7.0.3~a0~dev11-16.2 openstack-cinder-scheduler-7.0.3~a0~dev11-16.1 openstack-cinder-volume-7.0.3~a0~dev11-16.1 python-cinder-7.0.3~a0~dev11-16.1 References: https://bugzilla.suse.com/1022986 From sle-updates at lists.suse.com Fri Apr 28 10:14:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 18:14:18 +0200 (CEST) Subject: SUSE-RU-2017:1132-1: Recommended update for openstack-neutron Message-ID: <20170428161418.F101CFEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1132-1 Rating: low References: #1033225 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-neutron fixes the following issues: - Update to latest code from OpenStack Liberty - Update neutron-ha-tool Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-653=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-neutron-7.1.3~a0~dev23-17.1 openstack-neutron-dhcp-agent-7.1.3~a0~dev23-17.1 openstack-neutron-doc-7.1.3~a0~dev23-17.1 openstack-neutron-ha-tool-7.1.3~a0~dev23-17.1 openstack-neutron-l3-agent-7.1.3~a0~dev23-17.1 openstack-neutron-linuxbridge-agent-7.1.3~a0~dev23-17.1 openstack-neutron-metadata-agent-7.1.3~a0~dev23-17.1 openstack-neutron-metering-agent-7.1.3~a0~dev23-17.1 openstack-neutron-mlnx-agent-7.1.3~a0~dev23-17.1 openstack-neutron-nvsd-agent-7.1.3~a0~dev23-17.1 openstack-neutron-openvswitch-agent-7.1.3~a0~dev23-17.1 openstack-neutron-restproxy-agent-7.1.3~a0~dev23-17.1 openstack-neutron-server-7.1.3~a0~dev23-17.1 python-neutron-7.1.3~a0~dev23-17.1 References: https://bugzilla.suse.com/1033225 From sle-updates at lists.suse.com Fri Apr 28 13:09:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 21:09:25 +0200 (CEST) Subject: SUSE-RU-2017:1133-1: moderate: Recommended update for grub2 Message-ID: <20170428190925.C190BFEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1133-1 Rating: moderate References: #1015138 #1016536 #1023160 #1027401 #1031025 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for grub2 provides the following fixes: - Fix out of memory error on lvm detection. (bsc#1016536, bsc#1027401) - Fix regression on how GRUB_DISABLE_LINUX_UUID=true is interpreted. (bsc#1015138) - Fix boot failure if /boot is a separate btrfs partition. (bsc#1023160) - Fix savedefault option when using btrfs as root file system. (bsc#1031025) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-655=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-655=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-655=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-655=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): grub2-2.02~beta2-115.9.1 grub2-arm64-efi-2.02~beta2-115.9.1 grub2-debuginfo-2.02~beta2-115.9.1 grub2-debugsource-2.02~beta2-115.9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.9.1 grub2-systemd-sleep-plugin-2.02~beta2-115.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): grub2-2.02~beta2-115.9.1 grub2-debuginfo-2.02~beta2-115.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): grub2-debugsource-2.02~beta2-115.9.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): grub2-arm64-efi-2.02~beta2-115.9.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.9.1 grub2-systemd-sleep-plugin-2.02~beta2-115.9.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): grub2-i386-pc-2.02~beta2-115.9.1 grub2-x86_64-efi-2.02~beta2-115.9.1 grub2-x86_64-xen-2.02~beta2-115.9.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.9.1 grub2-systemd-sleep-plugin-2.02~beta2-115.9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): grub2-2.02~beta2-115.9.1 grub2-debuginfo-2.02~beta2-115.9.1 grub2-debugsource-2.02~beta2-115.9.1 grub2-i386-pc-2.02~beta2-115.9.1 grub2-x86_64-efi-2.02~beta2-115.9.1 grub2-x86_64-xen-2.02~beta2-115.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): grub2-2.02~beta2-115.9.1 grub2-debuginfo-2.02~beta2-115.9.1 grub2-debugsource-2.02~beta2-115.9.1 grub2-i386-pc-2.02~beta2-115.9.1 grub2-x86_64-efi-2.02~beta2-115.9.1 References: https://bugzilla.suse.com/1015138 https://bugzilla.suse.com/1016536 https://bugzilla.suse.com/1023160 https://bugzilla.suse.com/1027401 https://bugzilla.suse.com/1031025 From sle-updates at lists.suse.com Fri Apr 28 13:10:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 21:10:48 +0200 (CEST) Subject: SUSE-RU-2017:1134-1: Recommended update for sqlite3 Message-ID: <20170428191048.0F1BDFEB4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1134-1 Rating: low References: #1019518 #1025034 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sqlite3 provides the following fixes: - Avoid calling sqlite3OsFetch() on a file-handle for which the xFetch method is NULL. This prevents a potential segmentation fault. (bsc#1025034) - Fix defect in the in-memory journal logic that could leave the read cursor for the in-memory journal in an inconsistent state and result in a segmentation fault. (bsc#1019518) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-656=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-656=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-656=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-656=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-656=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-656=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-656=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-656=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-8.1 sqlite3-debugsource-3.8.10.2-8.1 sqlite3-devel-3.8.10.2-8.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-8.1 sqlite3-debugsource-3.8.10.2-8.1 sqlite3-devel-3.8.10.2-8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsqlite3-0-3.8.10.2-8.1 libsqlite3-0-debuginfo-3.8.10.2-8.1 sqlite3-3.8.10.2-8.1 sqlite3-debuginfo-3.8.10.2-8.1 sqlite3-debugsource-3.8.10.2-8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsqlite3-0-3.8.10.2-8.1 libsqlite3-0-debuginfo-3.8.10.2-8.1 sqlite3-3.8.10.2-8.1 sqlite3-debuginfo-3.8.10.2-8.1 sqlite3-debugsource-3.8.10.2-8.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsqlite3-0-32bit-3.8.10.2-8.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-8.1 libsqlite3-0-debuginfo-3.8.10.2-8.1 sqlite3-3.8.10.2-8.1 sqlite3-debuginfo-3.8.10.2-8.1 sqlite3-debugsource-3.8.10.2-8.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-8.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsqlite3-0-3.8.10.2-8.1 libsqlite3-0-32bit-3.8.10.2-8.1 libsqlite3-0-debuginfo-3.8.10.2-8.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-8.1 sqlite3-3.8.10.2-8.1 sqlite3-debuginfo-3.8.10.2-8.1 sqlite3-debugsource-3.8.10.2-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsqlite3-0-3.8.10.2-8.1 libsqlite3-0-32bit-3.8.10.2-8.1 libsqlite3-0-debuginfo-3.8.10.2-8.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-8.1 sqlite3-3.8.10.2-8.1 sqlite3-debuginfo-3.8.10.2-8.1 sqlite3-debugsource-3.8.10.2-8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsqlite3-0-3.8.10.2-8.1 libsqlite3-0-debuginfo-3.8.10.2-8.1 sqlite3-debuginfo-3.8.10.2-8.1 sqlite3-debugsource-3.8.10.2-8.1 References: https://bugzilla.suse.com/1019518 https://bugzilla.suse.com/1025034 From sle-updates at lists.suse.com Fri Apr 28 13:11:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 21:11:21 +0200 (CEST) Subject: SUSE-SU-2017:1135-1: important: Security update for kvm Message-ID: <20170428191121.3D2BFFEB4@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1135-1 Rating: important References: #1013285 #1014109 #1014111 #1014702 #1015048 #1015169 #1016779 #1021129 #1023004 #1023053 #1023907 #1024972 Cross-References: CVE-2016-10155 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5856 CVE-2017-5898 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for kvm fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) These non-security issues were fixed: - Fixed various inaccuracies in cirrus vga device emulation - Fixed virtio interface failure (bsc#1015048) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13080=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-59.1 References: https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014702 https://bugzilla.suse.com/1015048 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/1021129 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1023053 https://bugzilla.suse.com/1023907 https://bugzilla.suse.com/1024972 From sle-updates at lists.suse.com Fri Apr 28 13:13:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 21:13:31 +0200 (CEST) Subject: SUSE-SU-2017:1136-1: moderate: Security update for minicom Message-ID: <20170428191331.318D0FEAF@maintenance.suse.de> SUSE Security Update: Security update for minicom ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1136-1 Rating: moderate References: #1033783 Cross-References: CVE-2017-7467 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for minicom fixes the following issues: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-minicom-13079=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-minicom-13079=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): minicom-2.3-27.24.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): minicom-debuginfo-2.3-27.24.6.2 minicom-debugsource-2.3-27.24.6.2 References: https://www.suse.com/security/cve/CVE-2017-7467.html https://bugzilla.suse.com/1033783 From sle-updates at lists.suse.com Fri Apr 28 13:13:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2017 21:13:58 +0200 (CEST) Subject: SUSE-SU-2017:1137-1: important: Security update for mysql Message-ID: <20170428191358.6D886FEB4@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1137-1 Rating: important References: #1020976 #1022428 #1029014 #1029396 #1034850 Cross-References: CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed: - CVE-2017-3308: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (bsc#1034850) - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (bsc#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (bsc#1034850) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) This non-security issue was fixed: - Set the default umask to 077 in rc.mysql-multi [bsc#1020976] For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html Note: The issue tracked in bsc#1022428 and fixed in the last update was assigned CVE-2017-3302. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13081=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13081=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13081=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.55-0.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.55-0.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.55-0.38.1 libmysql55client_r18-5.5.55-0.38.1 mysql-5.5.55-0.38.1 mysql-client-5.5.55-0.38.1 mysql-tools-5.5.55-0.38.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.55-0.38.1 libmysql55client_r18-32bit-5.5.55-0.38.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.55-0.38.1 libmysql55client_r18-x86-5.5.55-0.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.55-0.38.1 mysql-debugsource-5.5.55-0.38.1 References: https://www.suse.com/security/cve/CVE-2016-5483.html https://www.suse.com/security/cve/CVE-2017-3302.html https://www.suse.com/security/cve/CVE-2017-3305.html https://www.suse.com/security/cve/CVE-2017-3308.html https://www.suse.com/security/cve/CVE-2017-3309.html https://www.suse.com/security/cve/CVE-2017-3329.html https://www.suse.com/security/cve/CVE-2017-3453.html https://www.suse.com/security/cve/CVE-2017-3456.html https://www.suse.com/security/cve/CVE-2017-3461.html https://www.suse.com/security/cve/CVE-2017-3462.html https://www.suse.com/security/cve/CVE-2017-3463.html https://www.suse.com/security/cve/CVE-2017-3464.html https://www.suse.com/security/cve/CVE-2017-3600.html https://bugzilla.suse.com/1020976 https://bugzilla.suse.com/1022428 https://bugzilla.suse.com/1029014 https://bugzilla.suse.com/1029396 https://bugzilla.suse.com/1034850 From sle-updates at lists.suse.com Fri Apr 28 16:08:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2017 00:08:57 +0200 (CEST) Subject: SUSE-SU-2017:1138-1: important: Security update for ghostscript Message-ID: <20170428220857.940D2FEAF@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1138-1 Rating: important References: #1018128 #1030263 #1032114 #1032120 #1036453 Cross-References: CVE-2016-10220 CVE-2016-9601 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-659=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-659=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-659=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-659=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-659=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-659=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-659=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-devel-9.15-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-devel-9.15-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 References: https://www.suse.com/security/cve/CVE-2016-10220.html https://www.suse.com/security/cve/CVE-2016-9601.html https://www.suse.com/security/cve/CVE-2017-5951.html https://www.suse.com/security/cve/CVE-2017-7207.html https://www.suse.com/security/cve/CVE-2017-8291.html https://bugzilla.suse.com/1018128 https://bugzilla.suse.com/1030263 https://bugzilla.suse.com/1032114 https://bugzilla.suse.com/1032120 https://bugzilla.suse.com/1036453