From sle-updates at lists.suse.com Wed Feb 1 04:09:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2017 12:09:20 +0100 (CET) Subject: SUSE-SU-2017:0348-1: important: Security update for gnutls Message-ID: <20170201110920.966E4FF7C@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0348-1 Rating: important References: #1005879 #1018832 #999646 Cross-References: CVE-2016-7444 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for gnutls fixes the following security issues: - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates (GNUTLS-SA-2017-2, bsc#1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336) - GnuTLS could have falsely accepted certificates when using OCSP (GNUTLS-SA-2016-3, bsc#999646, CVE-2016-7444) - GnuTLS could have suffered from 100% CPU load DoS attacks by using SSL alert packets during the handshake (bsc#1005879, CVE-2016-8610) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-177=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-177=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-177=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-177=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-177=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-177=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-177=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gnutls-debuginfo-3.2.15-16.1 gnutls-debugsource-3.2.15-16.1 libgnutls-devel-3.2.15-16.1 libgnutls-openssl-devel-3.2.15-16.1 libgnutlsxx-devel-3.2.15-16.1 libgnutlsxx28-3.2.15-16.1 libgnutlsxx28-debuginfo-3.2.15-16.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gnutls-debuginfo-3.2.15-16.1 gnutls-debugsource-3.2.15-16.1 libgnutls-devel-3.2.15-16.1 libgnutls-openssl-devel-3.2.15-16.1 libgnutlsxx-devel-3.2.15-16.1 libgnutlsxx28-3.2.15-16.1 libgnutlsxx28-debuginfo-3.2.15-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnutls-3.2.15-16.1 gnutls-debuginfo-3.2.15-16.1 gnutls-debugsource-3.2.15-16.1 libgnutls-openssl27-3.2.15-16.1 libgnutls-openssl27-debuginfo-3.2.15-16.1 libgnutls28-3.2.15-16.1 libgnutls28-debuginfo-3.2.15-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gnutls-3.2.15-16.1 gnutls-debuginfo-3.2.15-16.1 gnutls-debugsource-3.2.15-16.1 libgnutls-openssl27-3.2.15-16.1 libgnutls-openssl27-debuginfo-3.2.15-16.1 libgnutls28-3.2.15-16.1 libgnutls28-debuginfo-3.2.15-16.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libgnutls28-32bit-3.2.15-16.1 libgnutls28-debuginfo-32bit-3.2.15-16.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnutls-3.2.15-16.1 gnutls-debuginfo-3.2.15-16.1 gnutls-debugsource-3.2.15-16.1 libgnutls-openssl27-3.2.15-16.1 libgnutls-openssl27-debuginfo-3.2.15-16.1 libgnutls28-3.2.15-16.1 libgnutls28-debuginfo-3.2.15-16.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgnutls28-32bit-3.2.15-16.1 libgnutls28-debuginfo-32bit-3.2.15-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnutls-3.2.15-16.1 gnutls-debuginfo-3.2.15-16.1 gnutls-debugsource-3.2.15-16.1 libgnutls28-3.2.15-16.1 libgnutls28-32bit-3.2.15-16.1 libgnutls28-debuginfo-3.2.15-16.1 libgnutls28-debuginfo-32bit-3.2.15-16.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnutls-3.2.15-16.1 gnutls-debuginfo-3.2.15-16.1 gnutls-debugsource-3.2.15-16.1 libgnutls28-3.2.15-16.1 libgnutls28-32bit-3.2.15-16.1 libgnutls28-debuginfo-3.2.15-16.1 libgnutls28-debuginfo-32bit-3.2.15-16.1 References: https://www.suse.com/security/cve/CVE-2016-7444.html https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2017-5335.html https://www.suse.com/security/cve/CVE-2017-5336.html https://www.suse.com/security/cve/CVE-2017-5337.html https://bugzilla.suse.com/1005879 https://bugzilla.suse.com/1018832 https://bugzilla.suse.com/999646 From sle-updates at lists.suse.com Wed Feb 1 10:10:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2017 18:10:54 +0100 (CET) Subject: SUSE-OU-2017:0349-1: Initial release of regionServiceClientConfigSAPEC2 Message-ID: <20170201171054.6AB42FF70@maintenance.suse.de> SUSE Optional Update: Initial release of regionServiceClientConfigSAPEC2 ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:0349-1 Rating: low References: #1021408 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update brings regionServiceClientConfigSAPEC2 to the SUSE Linux Enterprise 12 Public Cloud Module. regionServiceClientConfigSAPEC2 enables configuration for the client registration in Amazon EC2 and region server certificates for SLES for SAP 12 SP2 on demand images. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-180=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): regionServiceClientConfigSAPEC2-1.0.0-2.1 References: https://bugzilla.suse.com/1021408 From sle-updates at lists.suse.com Wed Feb 1 10:11:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2017 18:11:22 +0100 (CET) Subject: SUSE-RU-2017:0350-1: Recommended update for POS_Image3 Message-ID: <20170201171122.D871BFF7A@maintenance.suse.de> SUSE Recommended Update: Recommended update for POS_Image3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0350-1 Rating: low References: #1011372 #1014589 #1014809 #1020636 #979925 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update provides POS_Image3 3.5.6, which brings the following fixes: - Improve SUSE Manager 3 compatibility. (bsc#1014589) - Use correct Manager channels for 64bit images. (bsc#1014809) - Better check for resolvable hostname. (bsc#1020636) - More fixes for directly referenced image. (bsc#979925) - Allow empty IP during registration. (bsc#1011372) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-POS_Image3-12964=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 x86_64): POS_Migration-3.5.6-23.1 POS_Server-Admin3-3.5.6-23.1 POS_Server-AdminGUI-3.5.6-23.1 POS_Server-AdminTools3-3.5.6-23.1 POS_Server-BranchTools3-3.5.6-23.1 POS_Server-Modules3-3.5.6-23.1 POS_Server3-3.5.6-23.1 admind-1.9-23.1 admind-client-1.9-23.1 posbios-1.0-23.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): POS_Image-Minimal3-3.4.0-23.1 POS_Image-Netboot-hooks-3.4.0-23.1 POS_Image-Tools-3.4.0-23.1 POS_Image3-3.5.6-23.1 References: https://bugzilla.suse.com/1011372 https://bugzilla.suse.com/1014589 https://bugzilla.suse.com/1014809 https://bugzilla.suse.com/1020636 https://bugzilla.suse.com/979925 From sle-updates at lists.suse.com Wed Feb 1 10:12:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2017 18:12:32 +0100 (CET) Subject: SUSE-RU-2017:0351-1: Recommended update for google-compute-engine-init Message-ID: <20170201171232.77392FF79@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0351-1 Rating: low References: #1015829 #1016372 #1017395 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for google-compute-engine-init fixes the following issues: - Scripts that are one-shot should not be marked as "stop_on_removal" as there is no process running. (bsc#1017395) - Add and improved support for alias IPs in the IP forwarding daemon. (bsc#1016372, bsc#1015829) - Fix startup script to run after network setup. - Provide a service to enable network interfaces on boot. For a detailed description of all changes and improvements, please refer to the changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-181=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20161212-6.1 References: https://bugzilla.suse.com/1015829 https://bugzilla.suse.com/1016372 https://bugzilla.suse.com/1017395 From sle-updates at lists.suse.com Wed Feb 1 13:09:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2017 21:09:12 +0100 (CET) Subject: SUSE-RU-2017:0352-1: moderate: Recommended update for python-azure-agent Message-ID: <20170201200912.3DB10FF70@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0352-1 Rating: moderate References: #1011029 #1018369 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-azure-agent provides various fixes and improvements: - Cleanup SUSE configuration. - Update RDMA configuration. - Add a log message when primary nic is not found. - Add telemetry event for host plugin usage. - Prevent duplicates in sysinfo. - Add support for Match blocks in sshd configuration. - Support offline hostname changes. - Ensure configuration file is updated correctly. - Support NetworkManager leases. - Fix password encoding. - Fix for hostnamectl. - Fix password encrypting failure in python 2.*. - Handle interrupt signal. - Fix the issues for mounting resourcedisk. - Support for F5 Networks BIG-IP. - Fix sfdisk options. - Fix for fetch manifest. - Fix issue with xfs swapon. - Handle deprovisioning interruption. - Reduce goal state logging. - Increase polling rate. - Support OnHold flag. - Fix for decode_config. - Azure stack certificate fix. - Enable over-provisioning support. - Enable host plugin scenarios. Additionally, python-azure-agent replaced WALinuxAgent, therefore WALinuxAgent is now marked as unsupported. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-182=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): WALinuxAgent-2.0.17-19.1 python-azure-agent-2.2.3-24.1 References: https://bugzilla.suse.com/1011029 https://bugzilla.suse.com/1018369 From sle-updates at lists.suse.com Wed Feb 1 13:09:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Feb 2017 21:09:49 +0100 (CET) Subject: SUSE-RU-2017:0353-1: Recommended update for sle-manager-tools-release Message-ID: <20170201200949.BC4E9FF7A@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-manager-tools-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0353-1 Rating: low References: #1014803 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sle-manager-tools-release fixes the following issues: - Remove requirement on patterns-sle-manager_client. SUSE Manager 3 uses salt and the pattern provides packages from the traditional stack. (bsc#1014803) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-183=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): sle-manager-tools-release-12-9.1 References: https://bugzilla.suse.com/1014803 From sle-updates at lists.suse.com Thu Feb 2 16:08:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Feb 2017 00:08:25 +0100 (CET) Subject: SUSE-RU-2017:0365-1: Recommended update for slepos-guide_en Message-ID: <20170202230825.9B377FF70@maintenance.suse.de> SUSE Recommended Update: Recommended update for slepos-guide_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0365-1 Rating: low References: #1010021 #1014215 Affected Products: SUSE Linux Enterprise Point of Sale 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The SUSE Linux Enterprise Point of Service Guide was updated to fix minor issues. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2017-184=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): slepos-guide_en-12-4.2 slepos-guide_en-pdf-12-4.2 References: https://bugzilla.suse.com/1010021 https://bugzilla.suse.com/1014215 From sle-updates at lists.suse.com Thu Feb 2 16:08:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Feb 2017 00:08:59 +0100 (CET) Subject: SUSE-SU-2017:0366-1: moderate: Security update for cpio Message-ID: <20170202230859.15F43FF7A@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0366-1 Rating: moderate References: #1020108 #963448 Cross-References: CVE-2016-2037 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cpio fixes two issues. This security issue was fixed: - CVE-2016-2037: The cpio_safer_name_suffix function in util.c in cpio allowed remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file (bsc#963448). This non-security issue was fixed: - bsc#1020108: Always use 32 bit CRC to prevent checksum errors for files greater than 32MB Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-185=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-185=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-185=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-185=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-185=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): cpio-2.11-32.1 cpio-debuginfo-2.11-32.1 cpio-debugsource-2.11-32.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): cpio-lang-2.11-32.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): cpio-2.11-32.1 cpio-debuginfo-2.11-32.1 cpio-debugsource-2.11-32.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): cpio-lang-2.11-32.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cpio-2.11-32.1 cpio-debuginfo-2.11-32.1 cpio-debugsource-2.11-32.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): cpio-lang-2.11-32.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): cpio-2.11-32.1 cpio-debuginfo-2.11-32.1 cpio-debugsource-2.11-32.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): cpio-lang-2.11-32.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): cpio-lang-2.11-32.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cpio-2.11-32.1 cpio-debuginfo-2.11-32.1 cpio-debugsource-2.11-32.1 References: https://www.suse.com/security/cve/CVE-2016-2037.html https://bugzilla.suse.com/1020108 https://bugzilla.suse.com/963448 From sle-updates at lists.suse.com Thu Feb 2 16:09:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Feb 2017 00:09:35 +0100 (CET) Subject: SUSE-SU-2017:0367-1: moderate: Security update for ceph Message-ID: <20170202230935.A6EC9FF7A@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0367-1 Rating: moderate References: #1005179 #1007216 #1008501 #1008894 #1014338 #977940 #982141 #985232 #987144 #990438 #999688 Cross-References: CVE-2016-5009 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for ceph fixes the following issues: * CVE-2016-5009: moncommand with empty prefix could crash monitor [bsc#987144] * Invalid commandd in SOC7 with ceph [bsc#1008894] * Performance fix was missing in SES4 [bsc#1005179] * ceph build problems on ppc64le [bsc#982141] * ceph make build unit test failure [bsc#977940] * ceph-deploy mon create-initial fails on one node [bsc#999688] * MDS dies while running xfstests [bsc#985232] * Typerror while calling _recover_auth_meta() [bsc#1008501] * OSD daemon uses ~100% CPU load right after OSD creation / first OSD start [bsc#1014338] * civetweb HTTPS support not working [bsc#990438] * systemd is killing off OSDs [bsc#1007216] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-186=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-186=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-186=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-186=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): ceph-debugsource-10.2.4+git.1481215985.12b091b-15.2 libcephfs-devel-10.2.4+git.1481215985.12b091b-15.2 librados-devel-10.2.4+git.1481215985.12b091b-15.2 librados-devel-debuginfo-10.2.4+git.1481215985.12b091b-15.2 libradosstriper-devel-10.2.4+git.1481215985.12b091b-15.2 librbd-devel-10.2.4+git.1481215985.12b091b-15.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ceph-common-10.2.4+git.1481215985.12b091b-15.2 ceph-common-debuginfo-10.2.4+git.1481215985.12b091b-15.2 ceph-debugsource-10.2.4+git.1481215985.12b091b-15.2 libcephfs1-10.2.4+git.1481215985.12b091b-15.2 libcephfs1-debuginfo-10.2.4+git.1481215985.12b091b-15.2 librados2-10.2.4+git.1481215985.12b091b-15.2 librados2-debuginfo-10.2.4+git.1481215985.12b091b-15.2 libradosstriper1-10.2.4+git.1481215985.12b091b-15.2 libradosstriper1-debuginfo-10.2.4+git.1481215985.12b091b-15.2 librbd1-10.2.4+git.1481215985.12b091b-15.2 librbd1-debuginfo-10.2.4+git.1481215985.12b091b-15.2 python-cephfs-10.2.4+git.1481215985.12b091b-15.2 python-cephfs-debuginfo-10.2.4+git.1481215985.12b091b-15.2 python-rados-10.2.4+git.1481215985.12b091b-15.2 python-rados-debuginfo-10.2.4+git.1481215985.12b091b-15.2 python-rbd-10.2.4+git.1481215985.12b091b-15.2 python-rbd-debuginfo-10.2.4+git.1481215985.12b091b-15.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): ceph-common-10.2.4+git.1481215985.12b091b-15.2 ceph-common-debuginfo-10.2.4+git.1481215985.12b091b-15.2 ceph-debugsource-10.2.4+git.1481215985.12b091b-15.2 libcephfs1-10.2.4+git.1481215985.12b091b-15.2 libcephfs1-debuginfo-10.2.4+git.1481215985.12b091b-15.2 librados2-10.2.4+git.1481215985.12b091b-15.2 librados2-debuginfo-10.2.4+git.1481215985.12b091b-15.2 libradosstriper1-10.2.4+git.1481215985.12b091b-15.2 libradosstriper1-debuginfo-10.2.4+git.1481215985.12b091b-15.2 librbd1-10.2.4+git.1481215985.12b091b-15.2 librbd1-debuginfo-10.2.4+git.1481215985.12b091b-15.2 python-cephfs-10.2.4+git.1481215985.12b091b-15.2 python-cephfs-debuginfo-10.2.4+git.1481215985.12b091b-15.2 python-rados-10.2.4+git.1481215985.12b091b-15.2 python-rados-debuginfo-10.2.4+git.1481215985.12b091b-15.2 python-rbd-10.2.4+git.1481215985.12b091b-15.2 python-rbd-debuginfo-10.2.4+git.1481215985.12b091b-15.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ceph-common-10.2.4+git.1481215985.12b091b-15.2 ceph-common-debuginfo-10.2.4+git.1481215985.12b091b-15.2 ceph-debugsource-10.2.4+git.1481215985.12b091b-15.2 libcephfs1-10.2.4+git.1481215985.12b091b-15.2 libcephfs1-debuginfo-10.2.4+git.1481215985.12b091b-15.2 librados2-10.2.4+git.1481215985.12b091b-15.2 librados2-debuginfo-10.2.4+git.1481215985.12b091b-15.2 libradosstriper1-10.2.4+git.1481215985.12b091b-15.2 libradosstriper1-debuginfo-10.2.4+git.1481215985.12b091b-15.2 librbd1-10.2.4+git.1481215985.12b091b-15.2 librbd1-debuginfo-10.2.4+git.1481215985.12b091b-15.2 python-cephfs-10.2.4+git.1481215985.12b091b-15.2 python-cephfs-debuginfo-10.2.4+git.1481215985.12b091b-15.2 python-rados-10.2.4+git.1481215985.12b091b-15.2 python-rados-debuginfo-10.2.4+git.1481215985.12b091b-15.2 python-rbd-10.2.4+git.1481215985.12b091b-15.2 python-rbd-debuginfo-10.2.4+git.1481215985.12b091b-15.2 References: https://www.suse.com/security/cve/CVE-2016-5009.html https://bugzilla.suse.com/1005179 https://bugzilla.suse.com/1007216 https://bugzilla.suse.com/1008501 https://bugzilla.suse.com/1008894 https://bugzilla.suse.com/1014338 https://bugzilla.suse.com/977940 https://bugzilla.suse.com/982141 https://bugzilla.suse.com/985232 https://bugzilla.suse.com/987144 https://bugzilla.suse.com/990438 https://bugzilla.suse.com/999688 From sle-updates at lists.suse.com Fri Feb 3 04:08:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Feb 2017 12:08:31 +0100 (CET) Subject: SUSE-SU-2017:0375-1: moderate: Security update for libcap-ng Message-ID: <20170203110831.6EE06FF7A@maintenance.suse.de> SUSE Security Update: Security update for libcap-ng ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0375-1 Rating: moderate References: #876832 Cross-References: CVE-2014-3215 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libcap-ng was updated to fix one security issue. This security issue was fixed: - CVE-2014-3215: seunshare in policycoreutils (which uses libcap-ng) is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which made it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges (bsc#876832). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libcap-ng-12965=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libcap-ng-12965=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libcap-ng-12965=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcap-ng-devel-0.6.3-1.9.6 python-capng-0.6.3-1.9.6 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcap-ng-utils-0.6.3-1.9.6 libcap-ng0-0.6.3-1.9.6 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libcap-ng0-32bit-0.6.3-1.9.6 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcap-ng-debuginfo-0.6.3-1.9.6 libcap-ng-debugsource-0.6.3-1.9.6 References: https://www.suse.com/security/cve/CVE-2014-3215.html https://bugzilla.suse.com/876832 From sle-updates at lists.suse.com Fri Feb 3 07:07:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Feb 2017 15:07:09 +0100 (CET) Subject: SUSE-RU-2017:0376-1: Recommended update for SUSE Manager product definition Message-ID: <20170203140709.964EDFF70@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager product definition ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0376-1 Rating: low References: #1020331 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The product definitions of SUSE Manager Server and Proxy 3.0 have been updated to allow the upgrade of the base SUSE Linux Enterprise Server 12 system from Service Pack 1 to Service Pack 2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-188=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-188=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): SUSE-Manager-Server-release-3.0-3.2 SUSE-Manager-Server-release-POOL-3.0-3.2 - SUSE Manager Proxy 3.0 (x86_64): SUSE-Manager-Proxy-release-3.0-3.2 SUSE-Manager-Proxy-release-POOL-3.0-3.2 References: https://bugzilla.suse.com/1020331 From sle-updates at lists.suse.com Fri Feb 3 07:07:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Feb 2017 15:07:34 +0100 (CET) Subject: SUSE-OU-2017:0377-1: Initial release of supportutils-plugin-salt Message-ID: <20170203140734.A1451FF7A@maintenance.suse.de> SUSE Optional Update: Initial release of supportutils-plugin-salt ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:0377-1 Rating: low References: #1003547 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: supportutils-plugin-salt, used for collecting debug information when troubleshooting Salt, has been added to SUSE Manager Client Tools 11-SP3 and 11-SP4. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-supportutils-plugin-salt-12966=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-supportutils-plugin-salt-12966=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): supportutils-plugin-salt-1.1.0-2.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): supportutils-plugin-salt-1.1.0-2.1 References: https://bugzilla.suse.com/1003547 From sle-updates at lists.suse.com Fri Feb 3 10:06:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Feb 2017 18:06:48 +0100 (CET) Subject: SUSE-OU-2017:0378-1: Initial release of supportutils-plugin-salt Message-ID: <20170203170648.95941FF70@maintenance.suse.de> SUSE Optional Update: Initial release of supportutils-plugin-salt ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:0378-1 Rating: low References: #1003547 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: supportutils-plugin-salt, used for collecting debug information when troubleshooting Salt, has been added to SUSE Manager Server and Proxy 3.0 and to SUSE Manager Client Tools 12. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-190=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-190=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-190=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (noarch): supportutils-plugin-salt-1.1.0-2.1 - SUSE Manager Server 3.0 (noarch): supportutils-plugin-salt-1.1.0-2.1 - SUSE Manager Proxy 3.0 (noarch): supportutils-plugin-salt-1.1.0-2.1 References: https://bugzilla.suse.com/1003547 From sle-updates at lists.suse.com Fri Feb 3 16:07:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Feb 2017 00:07:36 +0100 (CET) Subject: SUSE-SU-2017:0379-1: moderate: Security update for gcc48 Message-ID: <20170203230736.26095FF70@maintenance.suse.de> SUSE Security Update: Security update for gcc48 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0379-1 Rating: moderate References: #1011348 #889990 #899871 #917169 #919274 #922534 #924525 #924687 #930176 #934689 #945842 #947772 #947791 #948168 #949000 #951644 #955382 #970009 #976627 #977654 #981311 #988274 Cross-References: CVE-2015-5276 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 21 fixes is now available. Description: This update for gcc48 to version 4.8.5 fixes several issues. This security issue was fixed: - CVE-2015-5276: The std::random_device class in libstdc++ did not properly handle short reads from blocking sources, which made it easier for context-dependent attackers to predict the random values via unspecified vectors (bsc#945842). These non-security issues were fixed: - Provide missing libasan0-32bit and other multilibs via the updated product description [bsc#951644] - Fixed libffi issue for armv7l [bsc#988274] - Fixed libffi issue for armv7l [bsc#988274] - Fixed a kernel miscompile on aarch64 [bnc#981311] - Fixed a ppc64le ICE. [bnc#976627] - Fixed issue with using gcov and #pragma pack [bsc#977654] - Fixed samba build on AARCH64 [bsc#970009] - Fixed HTM builtins on powerpc [bsc#955382] - Fixed build of SLOF [bsc#949000] - Fixed libffi issues on aarch64 [bsc#948168] - Fixed no_instrument_function attribute handling on PPC64 with -mprofile-kernel [bsc#947791] - Fixed bogus integer overflow in constant expression [bsc#934689] - Fixed ICE with atomics on aarch64 [bsc#930176] - Fixed -imacros bug [bsc#917169] - Fixed incorrect -Warray-bounds warnings [bsc#919274] - Updated -mhotpatch for s390x [bsc#924525] - Fixed ppc64le issue with doubleword vector extract [bsc#924687] - Fixed reload issue on S390. - Keep functions leaf when they are instrumented for profiling on s390[x] [bsc#899871] - Avoid accessing invalid memory when passing aggregates by value [bsc#922534] - Rework of the memory allocator for C++ exceptions used in OOM situations [bsc#889990] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gcc48-12968=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gcc48-12968=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): cpp48-4.8.5-4.2 gcc48-4.8.5-4.2 gcc48-c++-4.8.5-4.2 gcc48-fortran-4.8.5-4.2 gcc48-info-4.8.5-4.2 gcc48-locale-4.8.5-4.2 libstdc++48-devel-4.8.5-4.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): gcc48-32bit-4.8.5-4.2 gcc48-fortran-32bit-4.8.5-4.2 libstdc++48-devel-32bit-4.8.5-4.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 x86_64): libasan0-4.8.5-4.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 x86_64): libasan0-32bit-4.8.5-4.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gcc48-debuginfo-4.8.5-4.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gcc48-debugsource-4.8.5-4.2 References: https://www.suse.com/security/cve/CVE-2015-5276.html https://bugzilla.suse.com/1011348 https://bugzilla.suse.com/889990 https://bugzilla.suse.com/899871 https://bugzilla.suse.com/917169 https://bugzilla.suse.com/919274 https://bugzilla.suse.com/922534 https://bugzilla.suse.com/924525 https://bugzilla.suse.com/924687 https://bugzilla.suse.com/930176 https://bugzilla.suse.com/934689 https://bugzilla.suse.com/945842 https://bugzilla.suse.com/947772 https://bugzilla.suse.com/947791 https://bugzilla.suse.com/948168 https://bugzilla.suse.com/949000 https://bugzilla.suse.com/951644 https://bugzilla.suse.com/955382 https://bugzilla.suse.com/970009 https://bugzilla.suse.com/976627 https://bugzilla.suse.com/977654 https://bugzilla.suse.com/981311 https://bugzilla.suse.com/988274 From sle-updates at lists.suse.com Fri Feb 3 16:12:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Feb 2017 00:12:36 +0100 (CET) Subject: SUSE-SU-2017:0380-1: moderate: Security update for libxml2 Message-ID: <20170203231236.83FA1FF7B@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0380-1 Rating: moderate References: #1005544 #1010675 #1013930 #1014873 #1017497 Cross-References: CVE-2016-4658 CVE-2016-9318 CVE-2016-9597 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for libxml2 fixes the following issues: * CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544] * Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] * CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497). For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-192=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-192=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-192=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-192=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-33.1 libxml2-devel-2.9.4-33.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxml2-2-2.9.4-33.1 libxml2-2-debuginfo-2.9.4-33.1 libxml2-debugsource-2.9.4-33.1 libxml2-tools-2.9.4-33.1 libxml2-tools-debuginfo-2.9.4-33.1 python-libxml2-2.9.4-33.1 python-libxml2-debuginfo-2.9.4-33.1 python-libxml2-debugsource-2.9.4-33.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libxml2-doc-2.9.4-33.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libxml2-2-2.9.4-33.1 libxml2-2-debuginfo-2.9.4-33.1 libxml2-debugsource-2.9.4-33.1 libxml2-tools-2.9.4-33.1 libxml2-tools-debuginfo-2.9.4-33.1 python-libxml2-2.9.4-33.1 python-libxml2-debuginfo-2.9.4-33.1 python-libxml2-debugsource-2.9.4-33.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): libxml2-doc-2.9.4-33.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libxml2-2-32bit-2.9.4-33.1 libxml2-2-debuginfo-32bit-2.9.4-33.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libxml2-2-2.9.4-33.1 libxml2-2-32bit-2.9.4-33.1 libxml2-2-debuginfo-2.9.4-33.1 libxml2-2-debuginfo-32bit-2.9.4-33.1 libxml2-debugsource-2.9.4-33.1 libxml2-tools-2.9.4-33.1 libxml2-tools-debuginfo-2.9.4-33.1 python-libxml2-2.9.4-33.1 python-libxml2-debuginfo-2.9.4-33.1 python-libxml2-debugsource-2.9.4-33.1 References: https://www.suse.com/security/cve/CVE-2016-4658.html https://www.suse.com/security/cve/CVE-2016-9318.html https://www.suse.com/security/cve/CVE-2016-9597.html https://bugzilla.suse.com/1005544 https://bugzilla.suse.com/1010675 https://bugzilla.suse.com/1013930 https://bugzilla.suse.com/1014873 https://bugzilla.suse.com/1017497 From sle-updates at lists.suse.com Mon Feb 6 07:10:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2017 15:10:12 +0100 (CET) Subject: SUSE-SU-2017:0392-1: important: Security update for spice Message-ID: <20170206141012.BD714FF70@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0392-1 Rating: important References: #1023078 #1023079 Cross-References: CVE-2016-9577 CVE-2016-9578 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-200=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-200=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-200=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (x86_64): libspice-server-devel-0.12.7-8.1 spice-debugsource-0.12.7-8.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libspice-server1-0.12.7-8.1 libspice-server1-debuginfo-0.12.7-8.1 spice-debugsource-0.12.7-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libspice-server1-0.12.7-8.1 libspice-server1-debuginfo-0.12.7-8.1 spice-debugsource-0.12.7-8.1 References: https://www.suse.com/security/cve/CVE-2016-9577.html https://www.suse.com/security/cve/CVE-2016-9578.html https://bugzilla.suse.com/1023078 https://bugzilla.suse.com/1023079 From sle-updates at lists.suse.com Mon Feb 6 07:10:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2017 15:10:49 +0100 (CET) Subject: SUSE-SU-2017:0393-1: important: Security update for spice Message-ID: <20170206141049.147ABFF7A@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0393-1 Rating: important References: #1023078 #1023079 Cross-References: CVE-2016-9577 CVE-2016-9578 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-199=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-199=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libspice-server1-0.12.4-8.12.1 libspice-server1-debuginfo-0.12.4-8.12.1 spice-debugsource-0.12.4-8.12.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libspice-server1-0.12.4-8.12.1 libspice-server1-debuginfo-0.12.4-8.12.1 spice-debugsource-0.12.4-8.12.1 References: https://www.suse.com/security/cve/CVE-2016-9577.html https://www.suse.com/security/cve/CVE-2016-9578.html https://bugzilla.suse.com/1023078 https://bugzilla.suse.com/1023079 From sle-updates at lists.suse.com Mon Feb 6 07:11:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2017 15:11:23 +0100 (CET) Subject: SUSE-SU-2017:0394-1: Security update for guile Message-ID: <20170206141123.EAFB1FF7A@maintenance.suse.de> SUSE Security Update: Security update for guile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0394-1 Rating: low References: #1004221 Cross-References: CVE-2016-8605 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-guile-12969=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-guile-12969=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-guile-12969=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): guile-devel-1.8.5-24.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): guile-1.8.5-24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): guile-debuginfo-1.8.5-24.1 guile-debugsource-1.8.5-24.1 References: https://www.suse.com/security/cve/CVE-2016-8605.html https://bugzilla.suse.com/1004221 From sle-updates at lists.suse.com Mon Feb 6 07:12:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2017 15:12:03 +0100 (CET) Subject: SUSE-SU-2017:0396-1: important: Security update for spice Message-ID: <20170206141203.3C55CFF7A@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0396-1 Rating: important References: #1023078 #1023079 Cross-References: CVE-2016-9577 CVE-2016-9578 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-spice-12970=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-spice-12970=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-spice-12970=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libspice-server-devel-0.12.4-8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libspice-server1-0.12.4-8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): spice-debuginfo-0.12.4-8.1 spice-debugsource-0.12.4-8.1 References: https://www.suse.com/security/cve/CVE-2016-9577.html https://www.suse.com/security/cve/CVE-2016-9578.html https://bugzilla.suse.com/1023078 https://bugzilla.suse.com/1023079 From sle-updates at lists.suse.com Mon Feb 6 07:13:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2017 15:13:01 +0100 (CET) Subject: SUSE-SU-2017:0398-1: Security update for guile Message-ID: <20170206141301.CE74BFF7A@maintenance.suse.de> SUSE Security Update: Security update for guile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0398-1 Rating: low References: #1004221 Cross-References: CVE-2016-8605 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-196=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-196=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-196=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-196=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-196=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-196=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-196=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): guile-debuginfo-2.0.9-8.3 guile-debugsource-2.0.9-8.3 guile-devel-2.0.9-8.3 libguilereadline-v-18-18-2.0.9-8.3 libguilereadline-v-18-18-debuginfo-2.0.9-8.3 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): guile-debuginfo-2.0.9-8.3 guile-debugsource-2.0.9-8.3 guile-devel-2.0.9-8.3 libguilereadline-v-18-18-2.0.9-8.3 libguilereadline-v-18-18-debuginfo-2.0.9-8.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): guile-2.0.9-8.3 guile-debuginfo-2.0.9-8.3 guile-debugsource-2.0.9-8.3 guile-modules-2_0-2.0.9-8.3 libguile-2_0-22-2.0.9-8.3 libguile-2_0-22-debuginfo-2.0.9-8.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): guile-2.0.9-8.3 guile-debuginfo-2.0.9-8.3 guile-debugsource-2.0.9-8.3 guile-modules-2_0-2.0.9-8.3 libguile-2_0-22-2.0.9-8.3 libguile-2_0-22-debuginfo-2.0.9-8.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): guile-2.0.9-8.3 guile-debuginfo-2.0.9-8.3 guile-debugsource-2.0.9-8.3 guile-modules-2_0-2.0.9-8.3 libguile-2_0-22-2.0.9-8.3 libguile-2_0-22-debuginfo-2.0.9-8.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): guile-2.0.9-8.3 guile-debuginfo-2.0.9-8.3 guile-debugsource-2.0.9-8.3 guile-modules-2_0-2.0.9-8.3 libguile-2_0-22-2.0.9-8.3 libguile-2_0-22-debuginfo-2.0.9-8.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): guile-2.0.9-8.3 guile-debuginfo-2.0.9-8.3 guile-debugsource-2.0.9-8.3 guile-modules-2_0-2.0.9-8.3 libguile-2_0-22-2.0.9-8.3 libguile-2_0-22-debuginfo-2.0.9-8.3 References: https://www.suse.com/security/cve/CVE-2016-8605.html https://bugzilla.suse.com/1004221 From sle-updates at lists.suse.com Mon Feb 6 07:14:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2017 15:14:51 +0100 (CET) Subject: SUSE-SU-2017:0400-1: important: Security update for spice Message-ID: <20170206141451.6C76EFF7A@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0400-1 Rating: important References: #1023078 #1023079 Cross-References: CVE-2016-9577 CVE-2016-9578 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-198=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-198=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-198=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): libspice-server-devel-0.12.5-7.1 spice-debugsource-0.12.5-7.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libspice-server1-0.12.5-7.1 libspice-server1-debuginfo-0.12.5-7.1 spice-debugsource-0.12.5-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libspice-server1-0.12.5-7.1 libspice-server1-debuginfo-0.12.5-7.1 spice-debugsource-0.12.5-7.1 References: https://www.suse.com/security/cve/CVE-2016-9577.html https://www.suse.com/security/cve/CVE-2016-9578.html https://bugzilla.suse.com/1023078 https://bugzilla.suse.com/1023079 From sle-updates at lists.suse.com Mon Feb 6 13:07:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Feb 2017 21:07:31 +0100 (CET) Subject: SUSE-SU-2017:0407-1: important: Security update for the Linux Kernel Message-ID: <20170206200731.21229FF70@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0407-1 Rating: important References: #1003813 #1005666 #1007197 #1008557 #1008567 #1008831 #1008833 #1008876 #1008979 #1009062 #1009969 #1010040 #1010213 #1010294 #1010475 #1010478 #1010501 #1010502 #1010507 #1010612 #1010711 #1010716 #1011685 #1012060 #1012422 #1012754 #1012917 #1012985 #1013001 #1013038 #1013479 #1013531 #1013533 #1013540 #1013604 #1014410 #1014746 #1016713 #1016725 #1016961 #1017164 #1017170 #1017410 #1017710 #1018100 #1019032 #1019148 #1019260 #1019300 #1019783 #1019851 #1020214 #1020602 #1021258 #856380 #857394 #858727 #921338 #921778 #922052 #922056 #923036 #923037 #924381 #938963 #972993 #980560 #981709 #983087 #983348 #984194 #984419 #985850 #987192 #987576 #990384 #991273 #993739 #997807 #999101 Cross-References: CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-10088 CVE-2016-7910 CVE-2016-7911 CVE-2016-7913 CVE-2016-7914 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8645 CVE-2016-8655 CVE-2016-9083 CVE-2016-9084 CVE-2016-9555 CVE-2016-9576 CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806 CVE-2017-2583 CVE-2017-2584 CVE-2017-5551 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP1 ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 56 fixes is now available. Description: The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) (bnc#1010501). - CVE-2015-8963: Fixed a race condition in kernel/events/core.c that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010502). - CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that allowed local users to obtain sensitive information from kernel memory (bnc#1010507). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1017710). - CVE-2016-7910: Fixed a use-after-free vulnerability in the block subsystem that allowed local users to gain privileges (bnc#1010716). - CVE-2016-7911: Fixed a race condition in the get_task_ioprio function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010711). - CVE-2016-7913: Fixed a bug in the xc2028_set_config function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010478). - CVE-2016-7914: The assoc_array_insert_into_terminal_node function did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) (bnc#1010475). - CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could have enabled a local malicious application to execute arbitrary code within the context of the kernel. (bnc#1014746). - CVE-2016-8632: The net subsystem did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) (bnc#1008831). - CVE-2016-8633: The firewire subsystem allowed remote attackers to execute arbitrary code via crafted fragmented packets in certain unusual hardware configurations (bnc#1008833). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) (bnc#1009969). - CVE-2016-8655: Fixed a race condition in the network subsystem that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1012754). - CVE-2016-9083: The PCI subsystem local users to bypass integer overflow checks and cause a denial of service (memory corruption) or have unspecified other impact (bnc#1007197). - CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact (bnc#1007197). - CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-9576: The block subsystem did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1013604). - CVE-2016-9756: The kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory (bnc#1013038). - CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact (bnc#1013531). - CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1013533). - CVE-2016-9806: Fixed a race condition in the netlink_dump() function which could have allowed local users to cause a denial of service (double free) or possibly have unspecified other impact (bnc#1013540). - CVE-2017-2583: kvm: x86: fixed emulation of "MOV SS, null selector" (bsc#1020602). - CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) (bnc#1019851). - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013001). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052 bsc#922056). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - bnx2x: fix lockdep splat (bsc#922052 bsc#922056). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087). - btrfs: Revert "do not delay inode ref updates during log replay" (bsc#987192). - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100). - btrfs: do not delay inode ref updates during log replay (bsc#987192). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL) (bsc#1008876). - cpuset: fix sched_load_balance that was accidentally broken in a previous update (bsc#1010294). - ext4: fix data exposure after a crash (bsc#1012985). - fs/dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - fuse: do not use iocb after it may have been freed (bsc#1012985). - hpilo: Add support for iLO5 (bsc#999101). - ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381 bsc#921338). - ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036). - ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727). - ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727). - ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036). - ibmveth: calculate gso_segs for large packets (bsc#1019148). - ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148). - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148). - ibmveth: set correct gso_size and gso_type (bsc#1019148). - igb: Fix oops caused by missing queue pairing (bnc#857394). - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062). - ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961). - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963). - kabi: protect __sk_mem_reclaim (kabi). - kabi: protect struct perf_event_context (kabi). - kabi: reintroduce sk_filter (kabi). - kernel: remove broken memory detection sanity check (bnc#1008567, LTC#148072). - kgr: ignore zombie tasks during the patching (bnc#1008979). - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612). - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410). - net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727). - net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036). - net/mlx5e: Do not modify CQ before it was created (bnc#923036). - net/mlx5e: Do not try to modify CQ moderation if it is not supported (bnc#923036). - net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036). - net/mlx5e: Remove wrong poll CQ optimization (bnc#923036). - netback: correct array index (bsc#983348). - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nfsv4: Fix "NFS Lock reclaim failed" errors (bsc#1014410). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - posix_acl: Fixup acl reference leak and missing conversions in ext3, gfs2, jfs, hfsplus. - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - proc: avoid including "mountproto=" with no protocol in /proc/mounts (bsc#1019260). - raid1: ignore discard error (bsc#1017164). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060) - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001). - sfc: clear napi_hash state when copying channels (bsc#923037). - sfc: fix potential stack corruption from running past stat bitmask (bsc#923037). - sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE (bsc#991273). - target: add XCOPY target/segment desc sense codes (bsc#991273). - target: bounds check XCOPY segment descriptor list (bsc#991273). - target: bounds check XCOPY total descriptor list length (bsc#991273). - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170). - target: check for XCOPY parameter truncation (bsc#991273). - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273). - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273). - target: support XCOPY requests without parameters (bsc#991273). - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273). - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#921778). - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507). - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479). - xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419). - xenbus: correctly signal errors from xenstored_local_init() (luckily none so far). - xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560). - xfs: refactor xlog_recover_process_data() (bsc#1019300). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP1: zypper in -t patch SUSE-SLE-RT-12-SP1-2017-202=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP1 (noarch): kernel-devel-rt-3.12.69-60.30.1 kernel-source-rt-3.12.69-60.30.1 - SUSE Linux Enterprise Real Time Extension 12-SP1 (x86_64): kernel-compute-3.12.69-60.30.1 kernel-compute-base-3.12.69-60.30.1 kernel-compute-base-debuginfo-3.12.69-60.30.1 kernel-compute-debuginfo-3.12.69-60.30.1 kernel-compute-debugsource-3.12.69-60.30.1 kernel-compute-devel-3.12.69-60.30.1 kernel-compute_debug-debuginfo-3.12.69-60.30.1 kernel-compute_debug-debugsource-3.12.69-60.30.1 kernel-compute_debug-devel-3.12.69-60.30.1 kernel-compute_debug-devel-debuginfo-3.12.69-60.30.1 kernel-rt-3.12.69-60.30.1 kernel-rt-base-3.12.69-60.30.1 kernel-rt-base-debuginfo-3.12.69-60.30.1 kernel-rt-debuginfo-3.12.69-60.30.1 kernel-rt-debugsource-3.12.69-60.30.1 kernel-rt-devel-3.12.69-60.30.1 kernel-rt_debug-debuginfo-3.12.69-60.30.1 kernel-rt_debug-debugsource-3.12.69-60.30.1 kernel-rt_debug-devel-3.12.69-60.30.1 kernel-rt_debug-devel-debuginfo-3.12.69-60.30.1 kernel-syms-rt-3.12.69-60.30.1 References: https://www.suse.com/security/cve/CVE-2015-8962.html https://www.suse.com/security/cve/CVE-2015-8963.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-7910.html https://www.suse.com/security/cve/CVE-2016-7911.html https://www.suse.com/security/cve/CVE-2016-7913.html https://www.suse.com/security/cve/CVE-2016-7914.html https://www.suse.com/security/cve/CVE-2016-8399.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-8633.html https://www.suse.com/security/cve/CVE-2016-8645.html https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9083.html https://www.suse.com/security/cve/CVE-2016-9084.html https://www.suse.com/security/cve/CVE-2016-9555.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9756.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://www.suse.com/security/cve/CVE-2017-2583.html https://www.suse.com/security/cve/CVE-2017-2584.html https://www.suse.com/security/cve/CVE-2017-5551.html https://bugzilla.suse.com/1003813 https://bugzilla.suse.com/1005666 https://bugzilla.suse.com/1007197 https://bugzilla.suse.com/1008557 https://bugzilla.suse.com/1008567 https://bugzilla.suse.com/1008831 https://bugzilla.suse.com/1008833 https://bugzilla.suse.com/1008876 https://bugzilla.suse.com/1008979 https://bugzilla.suse.com/1009062 https://bugzilla.suse.com/1009969 https://bugzilla.suse.com/1010040 https://bugzilla.suse.com/1010213 https://bugzilla.suse.com/1010294 https://bugzilla.suse.com/1010475 https://bugzilla.suse.com/1010478 https://bugzilla.suse.com/1010501 https://bugzilla.suse.com/1010502 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010612 https://bugzilla.suse.com/1010711 https://bugzilla.suse.com/1010716 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1012060 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012754 https://bugzilla.suse.com/1012917 https://bugzilla.suse.com/1012985 https://bugzilla.suse.com/1013001 https://bugzilla.suse.com/1013038 https://bugzilla.suse.com/1013479 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/1013540 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014410 https://bugzilla.suse.com/1014746 https://bugzilla.suse.com/1016713 https://bugzilla.suse.com/1016725 https://bugzilla.suse.com/1016961 https://bugzilla.suse.com/1017164 https://bugzilla.suse.com/1017170 https://bugzilla.suse.com/1017410 https://bugzilla.suse.com/1017710 https://bugzilla.suse.com/1018100 https://bugzilla.suse.com/1019032 https://bugzilla.suse.com/1019148 https://bugzilla.suse.com/1019260 https://bugzilla.suse.com/1019300 https://bugzilla.suse.com/1019783 https://bugzilla.suse.com/1019851 https://bugzilla.suse.com/1020214 https://bugzilla.suse.com/1020602 https://bugzilla.suse.com/1021258 https://bugzilla.suse.com/856380 https://bugzilla.suse.com/857394 https://bugzilla.suse.com/858727 https://bugzilla.suse.com/921338 https://bugzilla.suse.com/921778 https://bugzilla.suse.com/922052 https://bugzilla.suse.com/922056 https://bugzilla.suse.com/923036 https://bugzilla.suse.com/923037 https://bugzilla.suse.com/924381 https://bugzilla.suse.com/938963 https://bugzilla.suse.com/972993 https://bugzilla.suse.com/980560 https://bugzilla.suse.com/981709 https://bugzilla.suse.com/983087 https://bugzilla.suse.com/983348 https://bugzilla.suse.com/984194 https://bugzilla.suse.com/984419 https://bugzilla.suse.com/985850 https://bugzilla.suse.com/987192 https://bugzilla.suse.com/987576 https://bugzilla.suse.com/990384 https://bugzilla.suse.com/991273 https://bugzilla.suse.com/993739 https://bugzilla.suse.com/997807 https://bugzilla.suse.com/999101 From sle-updates at lists.suse.com Mon Feb 6 16:07:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2017 00:07:33 +0100 (CET) Subject: SUSE-SU-2017:0408-1: important: Security update for mysql Message-ID: <20170206230733.EAC0EFF70@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0408-1 Rating: important References: #1020868 #1020873 #1020875 #1020877 #1020882 #1020884 #1020885 #1020890 #1020891 #1020894 #1020896 #1022428 Cross-References: CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This mysql version update to 5.5.54 fixes the following issues: - CVE-2017-3318: Unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: Unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3313: Unspecified vulnerability affecting the MyISAM component (bsc#1020890) - CVE-2017-3312: Insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: Unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: Unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: Unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3244: Unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: Unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: Unspecified vulnerability affecting the Optimizer component (bsc#1020882) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) Release Notes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-mysql-12971=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-mysql-12971=1 - SUSE Manager 2.1: zypper in -t patch sleman21-mysql-12971=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12971=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12971=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mysql-12971=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mysql-12971=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-12971=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mysql-12971=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libmysql55client18-32bit-5.5.54-0.35.1 libmysql55client18-5.5.54-0.35.1 libmysql55client_r18-5.5.54-0.35.1 mysql-5.5.54-0.35.1 mysql-client-5.5.54-0.35.1 mysql-tools-5.5.54-0.35.1 - SUSE Manager Proxy 2.1 (x86_64): libmysql55client18-32bit-5.5.54-0.35.1 libmysql55client18-5.5.54-0.35.1 libmysql55client_r18-5.5.54-0.35.1 mysql-5.5.54-0.35.1 mysql-client-5.5.54-0.35.1 mysql-tools-5.5.54-0.35.1 - SUSE Manager 2.1 (s390x x86_64): libmysql55client18-32bit-5.5.54-0.35.1 libmysql55client18-5.5.54-0.35.1 libmysql55client_r18-5.5.54-0.35.1 mysql-5.5.54-0.35.1 mysql-client-5.5.54-0.35.1 mysql-tools-5.5.54-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.54-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.54-0.35.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.54-0.35.1 libmysql55client_r18-5.5.54-0.35.1 mysql-5.5.54-0.35.1 mysql-client-5.5.54-0.35.1 mysql-tools-5.5.54-0.35.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.54-0.35.1 libmysql55client_r18-32bit-5.5.54-0.35.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.54-0.35.1 libmysql55client_r18-x86-5.5.54-0.35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libmysql55client18-5.5.54-0.35.1 libmysql55client_r18-5.5.54-0.35.1 mysql-5.5.54-0.35.1 mysql-client-5.5.54-0.35.1 mysql-tools-5.5.54-0.35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libmysql55client18-32bit-5.5.54-0.35.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libmysql55client18-5.5.54-0.35.1 libmysql55client_r18-5.5.54-0.35.1 mysql-5.5.54-0.35.1 mysql-client-5.5.54-0.35.1 mysql-tools-5.5.54-0.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.54-0.35.1 mysql-debugsource-5.5.54-0.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mysql-debuginfo-5.5.54-0.35.1 mysql-debugsource-5.5.54-0.35.1 References: https://www.suse.com/security/cve/CVE-2017-3238.html https://www.suse.com/security/cve/CVE-2017-3243.html https://www.suse.com/security/cve/CVE-2017-3244.html https://www.suse.com/security/cve/CVE-2017-3258.html https://www.suse.com/security/cve/CVE-2017-3265.html https://www.suse.com/security/cve/CVE-2017-3291.html https://www.suse.com/security/cve/CVE-2017-3312.html https://www.suse.com/security/cve/CVE-2017-3313.html https://www.suse.com/security/cve/CVE-2017-3317.html https://www.suse.com/security/cve/CVE-2017-3318.html https://bugzilla.suse.com/1020868 https://bugzilla.suse.com/1020873 https://bugzilla.suse.com/1020875 https://bugzilla.suse.com/1020877 https://bugzilla.suse.com/1020882 https://bugzilla.suse.com/1020884 https://bugzilla.suse.com/1020885 https://bugzilla.suse.com/1020890 https://bugzilla.suse.com/1020891 https://bugzilla.suse.com/1020894 https://bugzilla.suse.com/1020896 https://bugzilla.suse.com/1022428 From sle-updates at lists.suse.com Tue Feb 7 07:08:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2017 15:08:20 +0100 (CET) Subject: SUSE-RU-2017:0410-1: moderate: Recommended update for crowbar-ceph Message-ID: <20170207140820.CF3FCFF70@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0410-1 Rating: moderate References: #1015069 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-ceph fixes the following issues: - Ensure all ceph nodes allocate IPs on client network. (bsc#1015069) - get_osd_nodes(): Just return hostnames, not net configuration. (bsc#1015069) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-204=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): crowbar-ceph-4.0+git.1481830969.55c8c94-2.1 References: https://bugzilla.suse.com/1015069 From sle-updates at lists.suse.com Tue Feb 7 10:08:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2017 18:08:57 +0100 (CET) Subject: SUSE-SU-2017:0411-1: important: Security update for mariadb Message-ID: <20170207170857.3EADCFF70@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0411-1 Rating: important References: #1008253 #1020868 #1020873 #1020875 #1020877 #1020878 #1020882 #1020884 #1020885 #1020891 #1020894 #1020896 #1022428 Cross-References: CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3317 CVE-2017-3318 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878) - CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882) - CVE-2016-6664: Root Privilege Escalation (bsc#1008253) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) - notable changes: * XtraDB updated to 5.6.34-79.1 * TokuDB updated to 5.6.34-79.1 * Innodb updated to 5.6.35 * Performance Schema updated to 5.6.35 Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10029-release-notes * https://kb.askmonty.org/en/mariadb-10029-changelog Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-205=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-205=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libmysqlclient-devel-10.0.29-20.23.1 libmysqlclient18-10.0.29-20.23.1 libmysqlclient18-32bit-10.0.29-20.23.1 libmysqlclient18-debuginfo-10.0.29-20.23.1 libmysqlclient18-debuginfo-32bit-10.0.29-20.23.1 libmysqlclient_r18-10.0.29-20.23.1 libmysqld-devel-10.0.29-20.23.1 libmysqld18-10.0.29-20.23.1 libmysqld18-debuginfo-10.0.29-20.23.1 mariadb-10.0.29-20.23.1 mariadb-client-10.0.29-20.23.1 mariadb-client-debuginfo-10.0.29-20.23.1 mariadb-debuginfo-10.0.29-20.23.1 mariadb-debugsource-10.0.29-20.23.1 mariadb-errormessages-10.0.29-20.23.1 mariadb-tools-10.0.29-20.23.1 mariadb-tools-debuginfo-10.0.29-20.23.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.29-20.23.1 libmysqlclient18-10.0.29-20.23.1 libmysqlclient18-debuginfo-10.0.29-20.23.1 libmysqlclient_r18-10.0.29-20.23.1 libmysqld-devel-10.0.29-20.23.1 libmysqld18-10.0.29-20.23.1 libmysqld18-debuginfo-10.0.29-20.23.1 mariadb-10.0.29-20.23.1 mariadb-client-10.0.29-20.23.1 mariadb-client-debuginfo-10.0.29-20.23.1 mariadb-debuginfo-10.0.29-20.23.1 mariadb-debugsource-10.0.29-20.23.1 mariadb-errormessages-10.0.29-20.23.1 mariadb-tools-10.0.29-20.23.1 mariadb-tools-debuginfo-10.0.29-20.23.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.29-20.23.1 libmysqlclient18-debuginfo-32bit-10.0.29-20.23.1 References: https://www.suse.com/security/cve/CVE-2016-6664.html https://www.suse.com/security/cve/CVE-2017-3238.html https://www.suse.com/security/cve/CVE-2017-3243.html https://www.suse.com/security/cve/CVE-2017-3244.html https://www.suse.com/security/cve/CVE-2017-3257.html https://www.suse.com/security/cve/CVE-2017-3258.html https://www.suse.com/security/cve/CVE-2017-3265.html https://www.suse.com/security/cve/CVE-2017-3291.html https://www.suse.com/security/cve/CVE-2017-3312.html https://www.suse.com/security/cve/CVE-2017-3317.html https://www.suse.com/security/cve/CVE-2017-3318.html https://bugzilla.suse.com/1008253 https://bugzilla.suse.com/1020868 https://bugzilla.suse.com/1020873 https://bugzilla.suse.com/1020875 https://bugzilla.suse.com/1020877 https://bugzilla.suse.com/1020878 https://bugzilla.suse.com/1020882 https://bugzilla.suse.com/1020884 https://bugzilla.suse.com/1020885 https://bugzilla.suse.com/1020891 https://bugzilla.suse.com/1020894 https://bugzilla.suse.com/1020896 https://bugzilla.suse.com/1022428 From sle-updates at lists.suse.com Tue Feb 7 10:11:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2017 18:11:30 +0100 (CET) Subject: SUSE-SU-2017:0412-1: important: Security update for mariadb Message-ID: <20170207171130.3D25DFF70@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0412-1 Rating: important References: #1008253 #1020868 #1020873 #1020875 #1020877 #1020878 #1020882 #1020884 #1020885 #1020891 #1020894 #1020896 #1022428 Cross-References: CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3317 CVE-2017-3318 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878) - CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882) - CVE-2016-6664: Root Privilege Escalation (bsc#1008253) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) - notable changes: * XtraDB updated to 5.6.34-79.1 * TokuDB updated to 5.6.34-79.1 * Innodb updated to 5.6.35 * Performance Schema updated to 5.6.35 Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10029-release-notes * https://kb.askmonty.org/en/mariadb-10029-changelog Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-207=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-207=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-207=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-207=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-207=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-207=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-207=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-207=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-207=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libmysqlclient_r18-10.0.29-22.1 libmysqlclient_r18-32bit-10.0.29-22.1 mariadb-debuginfo-10.0.29-22.1 mariadb-debugsource-10.0.29-22.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.29-22.1 libmysqlclient_r18-32bit-10.0.29-22.1 mariadb-debuginfo-10.0.29-22.1 mariadb-debugsource-10.0.29-22.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.29-22.1 libmysqlclient_r18-10.0.29-22.1 libmysqld-devel-10.0.29-22.1 libmysqld18-10.0.29-22.1 libmysqld18-debuginfo-10.0.29-22.1 mariadb-debuginfo-10.0.29-22.1 mariadb-debugsource-10.0.29-22.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.29-22.1 libmysqlclient_r18-10.0.29-22.1 libmysqld-devel-10.0.29-22.1 libmysqld18-10.0.29-22.1 libmysqld18-debuginfo-10.0.29-22.1 mariadb-debuginfo-10.0.29-22.1 mariadb-debugsource-10.0.29-22.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmysqlclient18-10.0.29-22.1 libmysqlclient18-debuginfo-10.0.29-22.1 mariadb-10.0.29-22.1 mariadb-client-10.0.29-22.1 mariadb-client-debuginfo-10.0.29-22.1 mariadb-debuginfo-10.0.29-22.1 mariadb-debugsource-10.0.29-22.1 mariadb-errormessages-10.0.29-22.1 mariadb-tools-10.0.29-22.1 mariadb-tools-debuginfo-10.0.29-22.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libmysqlclient18-10.0.29-22.1 libmysqlclient18-debuginfo-10.0.29-22.1 mariadb-10.0.29-22.1 mariadb-client-10.0.29-22.1 mariadb-client-debuginfo-10.0.29-22.1 mariadb-debuginfo-10.0.29-22.1 mariadb-debugsource-10.0.29-22.1 mariadb-errormessages-10.0.29-22.1 mariadb-tools-10.0.29-22.1 mariadb-tools-debuginfo-10.0.29-22.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libmysqlclient18-32bit-10.0.29-22.1 libmysqlclient18-debuginfo-32bit-10.0.29-22.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.29-22.1 libmysqlclient18-debuginfo-10.0.29-22.1 mariadb-10.0.29-22.1 mariadb-client-10.0.29-22.1 mariadb-client-debuginfo-10.0.29-22.1 mariadb-debuginfo-10.0.29-22.1 mariadb-debugsource-10.0.29-22.1 mariadb-errormessages-10.0.29-22.1 mariadb-tools-10.0.29-22.1 mariadb-tools-debuginfo-10.0.29-22.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.29-22.1 libmysqlclient18-debuginfo-32bit-10.0.29-22.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libmysqlclient18-10.0.29-22.1 libmysqlclient18-32bit-10.0.29-22.1 libmysqlclient18-debuginfo-10.0.29-22.1 libmysqlclient18-debuginfo-32bit-10.0.29-22.1 libmysqlclient_r18-10.0.29-22.1 libmysqlclient_r18-32bit-10.0.29-22.1 mariadb-10.0.29-22.1 mariadb-client-10.0.29-22.1 mariadb-client-debuginfo-10.0.29-22.1 mariadb-debuginfo-10.0.29-22.1 mariadb-debugsource-10.0.29-22.1 mariadb-errormessages-10.0.29-22.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.29-22.1 libmysqlclient18-32bit-10.0.29-22.1 libmysqlclient18-debuginfo-10.0.29-22.1 libmysqlclient18-debuginfo-32bit-10.0.29-22.1 libmysqlclient_r18-10.0.29-22.1 libmysqlclient_r18-32bit-10.0.29-22.1 mariadb-10.0.29-22.1 mariadb-client-10.0.29-22.1 mariadb-client-debuginfo-10.0.29-22.1 mariadb-debuginfo-10.0.29-22.1 mariadb-debugsource-10.0.29-22.1 mariadb-errormessages-10.0.29-22.1 References: https://www.suse.com/security/cve/CVE-2016-6664.html https://www.suse.com/security/cve/CVE-2017-3238.html https://www.suse.com/security/cve/CVE-2017-3243.html https://www.suse.com/security/cve/CVE-2017-3244.html https://www.suse.com/security/cve/CVE-2017-3257.html https://www.suse.com/security/cve/CVE-2017-3258.html https://www.suse.com/security/cve/CVE-2017-3265.html https://www.suse.com/security/cve/CVE-2017-3291.html https://www.suse.com/security/cve/CVE-2017-3312.html https://www.suse.com/security/cve/CVE-2017-3317.html https://www.suse.com/security/cve/CVE-2017-3318.html https://bugzilla.suse.com/1008253 https://bugzilla.suse.com/1020868 https://bugzilla.suse.com/1020873 https://bugzilla.suse.com/1020875 https://bugzilla.suse.com/1020877 https://bugzilla.suse.com/1020878 https://bugzilla.suse.com/1020882 https://bugzilla.suse.com/1020884 https://bugzilla.suse.com/1020885 https://bugzilla.suse.com/1020891 https://bugzilla.suse.com/1020894 https://bugzilla.suse.com/1020896 https://bugzilla.suse.com/1022428 From sle-updates at lists.suse.com Tue Feb 7 10:14:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2017 18:14:47 +0100 (CET) Subject: SUSE-SU-2017:0415-1: moderate: Security update for expat Message-ID: <20170207171447.51212FF7B@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0415-1 Rating: moderate References: #1022037 #983215 #983216 Cross-References: CVE-2012-6702 CVE-2016-5300 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-expat-12972=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-expat-12972=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-expat-12972=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-expat-12972=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libexpat-devel-2.0.1-88.41.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libexpat-devel-2.0.1-88.41.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): expat-2.0.1-88.41.1 libexpat1-2.0.1-88.41.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libexpat1-32bit-2.0.1-88.41.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libexpat1-x86-2.0.1-88.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): expat-debuginfo-2.0.1-88.41.1 expat-debugsource-2.0.1-88.41.1 References: https://www.suse.com/security/cve/CVE-2012-6702.html https://www.suse.com/security/cve/CVE-2016-5300.html https://bugzilla.suse.com/1022037 https://bugzilla.suse.com/983215 https://bugzilla.suse.com/983216 From sle-updates at lists.suse.com Tue Feb 7 13:08:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2017 21:08:05 +0100 (CET) Subject: SUSE-RU-2017:0417-1: Recommended update for libseccomp Message-ID: <20170207200805.6A21DFF7A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libseccomp ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0417-1 Rating: low References: #1019900 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides libseccomp version 2.3.1 which fixes the following issues: - Fixed a problem with 32-bit x86 socket syscalls on some systems (fate#321647, bsc#1019900) - Fixed problems with ipc syscalls on 32-bit x86 - Fixed problems with socket and ipc syscalls on s390 and s390x Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-209=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-209=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-209=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-209=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libseccomp-debugsource-2.3.1-10.1 libseccomp-devel-2.3.1-10.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libseccomp-debugsource-2.3.1-10.1 libseccomp2-2.3.1-10.1 libseccomp2-debuginfo-2.3.1-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libseccomp-debugsource-2.3.1-10.1 libseccomp2-2.3.1-10.1 libseccomp2-debuginfo-2.3.1-10.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libseccomp2-32bit-2.3.1-10.1 libseccomp2-debuginfo-32bit-2.3.1-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libseccomp-debugsource-2.3.1-10.1 libseccomp2-2.3.1-10.1 libseccomp2-32bit-2.3.1-10.1 libseccomp2-debuginfo-2.3.1-10.1 libseccomp2-debuginfo-32bit-2.3.1-10.1 References: https://bugzilla.suse.com/1019900 From sle-updates at lists.suse.com Tue Feb 7 13:08:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Feb 2017 21:08:33 +0100 (CET) Subject: SUSE-RU-2017:0418-1: moderate: Recommended update for crash Message-ID: <20170207200833.122DFFF7C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0418-1 Rating: moderate References: #1002876 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes an incompatibility with recent kernel updates released for SUSE Linux Enterprise Server 12. Crash would fail with the message "invalid structure member offset" when attempting to read the vmcore. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-210=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-210=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): crash-7.0.5-13.1 crash-debuginfo-7.0.5-13.1 crash-debugsource-7.0.5-13.1 crash-kmp-default-7.0.5_k3.12.60_52.63-13.1 crash-kmp-default-debuginfo-7.0.5_k3.12.60_52.63-13.1 crash-kmp-xen-7.0.5_k3.12.60_52.63-13.1 crash-kmp-xen-debuginfo-7.0.5_k3.12.60_52.63-13.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): crash-7.0.5-13.1 crash-debuginfo-7.0.5-13.1 crash-debugsource-7.0.5-13.1 crash-kmp-default-7.0.5_k3.12.60_52.63-13.1 crash-kmp-default-debuginfo-7.0.5_k3.12.60_52.63-13.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): crash-kmp-xen-7.0.5_k3.12.60_52.63-13.1 crash-kmp-xen-debuginfo-7.0.5_k3.12.60_52.63-13.1 References: https://bugzilla.suse.com/1002876 From sle-updates at lists.suse.com Wed Feb 8 10:08:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Feb 2017 18:08:28 +0100 (CET) Subject: SUSE-RU-2017:0423-1: Recommended update for yast2-smt Message-ID: <20170208170828.425D9FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0423-1 Rating: low References: #1019551 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-smt provides the following fixes: - Fix mirroring of custom repositories. (bsc#1019551) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-215=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): yast2-smt-3.0.8-10.3.1 References: https://bugzilla.suse.com/1019551 From sle-updates at lists.suse.com Wed Feb 8 10:09:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Feb 2017 18:09:00 +0100 (CET) Subject: SUSE-SU-2017:0424-1: moderate: Security update for expat Message-ID: <20170208170900.8E05EFF7C@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0424-1 Rating: moderate References: #983215 #983216 Cross-References: CVE-2012-6702 CVE-2016-5300 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-212=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-212=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-212=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-212=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-212=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-212=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-212=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-20.2 expat-debugsource-2.1.0-20.2 libexpat-devel-2.1.0-20.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): expat-debuginfo-2.1.0-20.2 expat-debugsource-2.1.0-20.2 libexpat-devel-2.1.0-20.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): expat-2.1.0-20.2 expat-debuginfo-2.1.0-20.2 expat-debugsource-2.1.0-20.2 libexpat1-2.1.0-20.2 libexpat1-debuginfo-2.1.0-20.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): expat-2.1.0-20.2 expat-debuginfo-2.1.0-20.2 expat-debugsource-2.1.0-20.2 libexpat1-2.1.0-20.2 libexpat1-debuginfo-2.1.0-20.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): expat-debuginfo-32bit-2.1.0-20.2 libexpat1-32bit-2.1.0-20.2 libexpat1-debuginfo-32bit-2.1.0-20.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): expat-2.1.0-20.2 expat-debuginfo-2.1.0-20.2 expat-debugsource-2.1.0-20.2 libexpat1-2.1.0-20.2 libexpat1-debuginfo-2.1.0-20.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): expat-debuginfo-32bit-2.1.0-20.2 libexpat1-32bit-2.1.0-20.2 libexpat1-debuginfo-32bit-2.1.0-20.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): expat-2.1.0-20.2 expat-debuginfo-2.1.0-20.2 expat-debuginfo-32bit-2.1.0-20.2 expat-debugsource-2.1.0-20.2 libexpat1-2.1.0-20.2 libexpat1-32bit-2.1.0-20.2 libexpat1-debuginfo-2.1.0-20.2 libexpat1-debuginfo-32bit-2.1.0-20.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): expat-2.1.0-20.2 expat-debuginfo-2.1.0-20.2 expat-debuginfo-32bit-2.1.0-20.2 expat-debugsource-2.1.0-20.2 libexpat1-2.1.0-20.2 libexpat1-32bit-2.1.0-20.2 libexpat1-debuginfo-2.1.0-20.2 libexpat1-debuginfo-32bit-2.1.0-20.2 References: https://www.suse.com/security/cve/CVE-2012-6702.html https://www.suse.com/security/cve/CVE-2016-5300.html https://bugzilla.suse.com/983215 https://bugzilla.suse.com/983216 From sle-updates at lists.suse.com Wed Feb 8 10:09:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Feb 2017 18:09:41 +0100 (CET) Subject: SUSE-RU-2017:0425-1: Recommended update for yast2-packager, yast2-update Message-ID: <20170208170941.83495FF7C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager, yast2-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0425-1 Rating: low References: #1009834 #954813 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-packager and yast2-update provides fixes and enhancements. yast2-packager: - Prevent double URL encoding when using ISO images as repositories. (bsc#954813) - Packages module is able to perform a package selection proposal during system upgrade. (bsc#1009834) yast2-update: - Allow YaST modules to add packages during upgrade. (bsc#1009834) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-211=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-211=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-211=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-packager-3.1.121-30.11.2 yast2-update-3.1.44-12.3.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-packager-3.1.121-30.11.2 yast2-update-3.1.44-12.3.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-packager-3.1.121-30.11.2 yast2-update-3.1.44-12.3.3 References: https://bugzilla.suse.com/1009834 https://bugzilla.suse.com/954813 From sle-updates at lists.suse.com Wed Feb 8 10:10:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Feb 2017 18:10:26 +0100 (CET) Subject: SUSE-SU-2017:0426-1: important: Security update for MozillaFirefox Message-ID: <20170208171026.23FD7FF7C@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0426-1 Rating: important References: #1021814 #1021817 #1021818 #1021819 #1021820 #1021821 #1021822 #1021823 #1021824 #1021991 Cross-References: CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991): * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bsc#1021818) * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-12973=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-12973=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-12973=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12973=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12973=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-12973=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-12973=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12973=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12973=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.7.0esr-65.2 MozillaFirefox-translations-45.7.0esr-65.2 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.7.0esr-65.2 MozillaFirefox-translations-45.7.0esr-65.2 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.7.0esr-65.2 MozillaFirefox-translations-45.7.0esr-65.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.7.0esr-65.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.7.0esr-65.2 MozillaFirefox-translations-45.7.0esr-65.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.7.0esr-65.2 MozillaFirefox-translations-45.7.0esr-65.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.7.0esr-65.2 MozillaFirefox-translations-45.7.0esr-65.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.7.0esr-65.2 MozillaFirefox-debugsource-45.7.0esr-65.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.7.0esr-65.2 MozillaFirefox-debugsource-45.7.0esr-65.2 References: https://www.suse.com/security/cve/CVE-2017-5373.html https://www.suse.com/security/cve/CVE-2017-5375.html https://www.suse.com/security/cve/CVE-2017-5376.html https://www.suse.com/security/cve/CVE-2017-5378.html https://www.suse.com/security/cve/CVE-2017-5380.html https://www.suse.com/security/cve/CVE-2017-5383.html https://www.suse.com/security/cve/CVE-2017-5386.html https://www.suse.com/security/cve/CVE-2017-5390.html https://www.suse.com/security/cve/CVE-2017-5396.html https://bugzilla.suse.com/1021814 https://bugzilla.suse.com/1021817 https://bugzilla.suse.com/1021818 https://bugzilla.suse.com/1021819 https://bugzilla.suse.com/1021820 https://bugzilla.suse.com/1021821 https://bugzilla.suse.com/1021822 https://bugzilla.suse.com/1021823 https://bugzilla.suse.com/1021824 https://bugzilla.suse.com/1021991 From sle-updates at lists.suse.com Wed Feb 8 19:07:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2017 03:07:39 +0100 (CET) Subject: SUSE-SU-2017:0427-1: important: Security update for MozillaFirefox Message-ID: <20170209020739.A901BFF6C@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0427-1 Rating: important References: #1021814 #1021817 #1021818 #1021819 #1021820 #1021821 #1021822 #1021823 #1021824 #1021991 Cross-References: CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991): * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bsc#1021818) * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-217=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-217=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-217=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-217=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-217=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-217=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-217=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-217=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-217=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.7.0esr-99.1 MozillaFirefox-debugsource-45.7.0esr-99.1 MozillaFirefox-devel-45.7.0esr-99.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.7.0esr-99.1 MozillaFirefox-debugsource-45.7.0esr-99.1 MozillaFirefox-devel-45.7.0esr-99.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.7.0esr-99.1 MozillaFirefox-debuginfo-45.7.0esr-99.1 MozillaFirefox-debugsource-45.7.0esr-99.1 MozillaFirefox-translations-45.7.0esr-99.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-45.7.0esr-99.1 MozillaFirefox-debuginfo-45.7.0esr-99.1 MozillaFirefox-debugsource-45.7.0esr-99.1 MozillaFirefox-translations-45.7.0esr-99.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-45.7.0esr-99.1 MozillaFirefox-debuginfo-45.7.0esr-99.1 MozillaFirefox-debugsource-45.7.0esr-99.1 MozillaFirefox-translations-45.7.0esr-99.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.7.0esr-99.1 MozillaFirefox-debuginfo-45.7.0esr-99.1 MozillaFirefox-debugsource-45.7.0esr-99.1 MozillaFirefox-translations-45.7.0esr-99.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.7.0esr-99.1 MozillaFirefox-debuginfo-45.7.0esr-99.1 MozillaFirefox-debugsource-45.7.0esr-99.1 MozillaFirefox-translations-45.7.0esr-99.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-45.7.0esr-99.1 MozillaFirefox-debuginfo-45.7.0esr-99.1 MozillaFirefox-debugsource-45.7.0esr-99.1 MozillaFirefox-translations-45.7.0esr-99.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.7.0esr-99.1 MozillaFirefox-debuginfo-45.7.0esr-99.1 MozillaFirefox-debugsource-45.7.0esr-99.1 MozillaFirefox-translations-45.7.0esr-99.1 References: https://www.suse.com/security/cve/CVE-2017-5373.html https://www.suse.com/security/cve/CVE-2017-5375.html https://www.suse.com/security/cve/CVE-2017-5376.html https://www.suse.com/security/cve/CVE-2017-5378.html https://www.suse.com/security/cve/CVE-2017-5380.html https://www.suse.com/security/cve/CVE-2017-5383.html https://www.suse.com/security/cve/CVE-2017-5386.html https://www.suse.com/security/cve/CVE-2017-5390.html https://www.suse.com/security/cve/CVE-2017-5396.html https://bugzilla.suse.com/1021814 https://bugzilla.suse.com/1021817 https://bugzilla.suse.com/1021818 https://bugzilla.suse.com/1021819 https://bugzilla.suse.com/1021820 https://bugzilla.suse.com/1021821 https://bugzilla.suse.com/1021822 https://bugzilla.suse.com/1021823 https://bugzilla.suse.com/1021824 https://bugzilla.suse.com/1021991 From sle-updates at lists.suse.com Thu Feb 9 07:09:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2017 15:09:40 +0100 (CET) Subject: SUSE-RU-2017:0430-1: Recommended update for lvm2 Message-ID: <20170209140940.A6D0DFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0430-1 Rating: low References: #1012973 #1017034 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 fixes the following issue: - Remove special case for md in 69-dm-lvm-metadata.rules. (bsc#1012973) - Booting from MPIO fails to activate LVM. (bsc#1017034) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-218=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-218=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-218=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-218=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): device-mapper-devel-1.02.97-81.1 lvm2-debuginfo-2.02.120-81.1 lvm2-debugsource-2.02.120-81.1 lvm2-devel-2.02.120-81.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): device-mapper-1.02.97-81.1 device-mapper-debuginfo-1.02.97-81.1 lvm2-2.02.120-81.1 lvm2-debuginfo-2.02.120-81.1 lvm2-debugsource-2.02.120-81.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): device-mapper-32bit-1.02.97-81.1 device-mapper-debuginfo-32bit-1.02.97-81.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): lvm2-clvm-2.02.120-81.1 lvm2-clvm-debuginfo-2.02.120-81.1 lvm2-cmirrord-2.02.120-81.1 lvm2-cmirrord-debuginfo-2.02.120-81.1 lvm2-debuginfo-2.02.120-81.1 lvm2-debugsource-2.02.120-81.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): device-mapper-1.02.97-81.1 device-mapper-32bit-1.02.97-81.1 device-mapper-debuginfo-1.02.97-81.1 device-mapper-debuginfo-32bit-1.02.97-81.1 lvm2-2.02.120-81.1 lvm2-debuginfo-2.02.120-81.1 lvm2-debugsource-2.02.120-81.1 References: https://bugzilla.suse.com/1012973 https://bugzilla.suse.com/1017034 From sle-updates at lists.suse.com Thu Feb 9 07:10:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2017 15:10:25 +0100 (CET) Subject: SUSE-SU-2017:0431-1: moderate: Security update for nodejs6 Message-ID: <20170209141025.6075FFF7C@maintenance.suse.de> SUSE Security Update: Security update for nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0431-1 Rating: moderate References: #1009528 #1022085 #1022086 Cross-References: CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs6 fixes the following issues: New upstream LTS release 6.9.5. The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528) Other fixes: - Add basic check that Node.js loads successfully to spec file - New upstream LTS release 6.9.3 * build: shared library support is now working for AIX builds * deps/npm: upgrade npm to 3.10.10 * deps/V8: destructuring of arrow function arguments via computed property no longer throws * inspector: /json/version returns object, not an object wrapped in an array * module: using --debug-brk and --eval together now works as expected * process: improve performance of nextTick up to 20% * repl: the division operator will no longer be accidentally parsed as regex * repl: improved support for generator functions * timers: recanceling a cancelled timers will no longer throw - New upstream LTS version 6.9.2 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-221=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.9.5-7.1 nodejs6-debuginfo-6.9.5-7.1 nodejs6-debugsource-6.9.5-7.1 nodejs6-devel-6.9.5-7.1 npm6-6.9.5-7.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.9.5-7.1 References: https://www.suse.com/security/cve/CVE-2016-7055.html https://www.suse.com/security/cve/CVE-2017-3731.html https://www.suse.com/security/cve/CVE-2017-3732.html https://bugzilla.suse.com/1009528 https://bugzilla.suse.com/1022085 https://bugzilla.suse.com/1022086 From sle-updates at lists.suse.com Thu Feb 9 07:11:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2017 15:11:08 +0100 (CET) Subject: SUSE-RU-2017:0432-1: Recommended update for vm-install Message-ID: <20170209141108.1F710FF7C@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0432-1 Rating: low References: #1004324 #978526 #992780 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for vm-install fixes the following issues: - Upgrade of SLES11SP4 PV guest to SLES12SP1 does not work with qcow2 disk device (bsc#992780) - SLES12 install from SLES11 hypervisor (bsc#1004324) - Text mode installation doesn't allow specifying install source (bsc#978526) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-vm-install-12975=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): vm-install-0.6.46-8.1 References: https://bugzilla.suse.com/1004324 https://bugzilla.suse.com/978526 https://bugzilla.suse.com/992780 From sle-updates at lists.suse.com Thu Feb 9 07:11:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2017 15:11:55 +0100 (CET) Subject: SUSE-SU-2017:0433-1: moderate: Security update for libgit2 Message-ID: <20170209141155.D86EAFF7C@maintenance.suse.de> SUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0433-1 Rating: moderate References: #1019036 #1019037 Cross-References: CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 CVE-2017-5338 CVE-2017-5339 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libgit2 fixes the several issues. These security issues were fixed: - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5338: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5339: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2016-10128: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). - CVE-2016-10129: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-220=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (x86_64): libgit2-24-0.24.1-6.1 libgit2-24-debuginfo-0.24.1-6.1 libgit2-debugsource-0.24.1-6.1 References: https://www.suse.com/security/cve/CVE-2016-10128.html https://www.suse.com/security/cve/CVE-2016-10129.html https://www.suse.com/security/cve/CVE-2016-10130.html https://www.suse.com/security/cve/CVE-2017-5338.html https://www.suse.com/security/cve/CVE-2017-5339.html https://bugzilla.suse.com/1019036 https://bugzilla.suse.com/1019037 From sle-updates at lists.suse.com Thu Feb 9 13:08:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2017 21:08:04 +0100 (CET) Subject: SUSE-SU-2017:0436-1: important: Security update for opus Message-ID: <20170209200804.620C5FF6C@maintenance.suse.de> SUSE Security Update: Security update for opus ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0436-1 Rating: important References: #1020102 Cross-References: CVE-2017-0381 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for opus fixes the following issues: - CVE-2017-0381: Fixed a remote code execution vulnerability in silk/NLSF_stabilize.c when playing certain media files (bsc#1020102) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-223=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-223=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-223=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-223=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-223=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-223=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-223=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libopus-devel-1.1-3.1 libopus-devel-static-1.1-3.1 opus-debugsource-1.1-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libopus-devel-1.1-3.1 libopus-devel-static-1.1-3.1 opus-debugsource-1.1-3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libopus0-1.1-3.1 libopus0-debuginfo-1.1-3.1 opus-debugsource-1.1-3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libopus0-1.1-3.1 libopus0-debuginfo-1.1-3.1 opus-debugsource-1.1-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libopus0-1.1-3.1 libopus0-debuginfo-1.1-3.1 opus-debugsource-1.1-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libopus0-1.1-3.1 libopus0-debuginfo-1.1-3.1 opus-debugsource-1.1-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libopus0-1.1-3.1 libopus0-debuginfo-1.1-3.1 opus-debugsource-1.1-3.1 References: https://www.suse.com/security/cve/CVE-2017-0381.html https://bugzilla.suse.com/1020102 From sle-updates at lists.suse.com Thu Feb 9 13:08:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2017 21:08:33 +0100 (CET) Subject: SUSE-SU-2017:0437-1: important: Security update for the Linux Kernel Message-ID: <20170209200833.1BAC9FF7C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0437-1 Rating: important References: #1003813 #1005877 #1007615 #1008557 #1008645 #1008831 #1008833 #1008893 #1009875 #1010150 #1010175 #1010201 #1010467 #1010501 #1010507 #1010711 #1010713 #1010716 #1011685 #1011820 #1012183 #1012411 #1012422 #1012832 #1012851 #1012852 #1012917 #1013018 #1013038 #1013042 #1013070 #1013531 #1013542 #1014410 #1014454 #1014746 #1015561 #1015752 #1015760 #1015796 #1015803 #1015817 #1015828 #1015844 #1015848 #1015878 #1015932 #1016320 #1016505 #1016520 #1016668 #1016688 #1016824 #1016831 #1017686 #1017710 #1019079 #1019148 #1019165 #1019348 #1019783 #1020214 #1021258 #748806 #786036 #790588 #795297 #800999 #821612 #824171 #851603 #853052 #871728 #901809 #909350 #909491 #913387 #914939 #919382 #924708 #925065 #953233 #961589 #962846 #969340 #973691 #987333 #987576 #989152 #989680 #989896 #990245 #992991 #993739 #993832 #996541 #996557 #997401 #999101 Cross-References: CVE-2004-0230 CVE-2012-6704 CVE-2013-6368 CVE-2015-1350 CVE-2015-8962 CVE-2015-8964 CVE-2016-10088 CVE-2016-5696 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2017-5551 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 79 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013070). - KABI fix (bsc#1014410). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - be2net: Do not leak iomapped memory on removal (bug#925065). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - crypto: add ghash-generic in the supported.conf(bsc#1016824) - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106 (bsc#913387). - dm: do not call dm_sync_table() when creating new devices (bnc#901809). - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348) - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668). - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018). - ext4: fix reference counting bug on block allocation error (bsc#1013018). - futex: Acknowledge a new waiter in counter before plist (bsc#851603). - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603). - hpilo: Add support for iLO5 (bsc#999101). - ibmveth: calculate gso_segs for large packets (bsc#1019165). - ibmveth: set correct gso_size and gso_type (bsc#1019165). - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491 FATE#317388). - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector (bsc#795297 FATE#313656). - igb: Fix oops caused by missing queue pairing (bsc#909491 FATE#317388). - igb: Fix oops on changing number of rings (bsc#909491 FATE#317388). - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (bsc#909491 FATE#317388). - igb: Unpair the queues when changing the number of queues (bsc#909491 FATE#317388). - kexec: add a kexec_crash_loaded() function (bsc#973691). - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680). - kvm: Distangle eventfd code from irqchip (bsc#989680). - kvm: Iterate over only vcpus that are preempted (bsc#989680). - kvm: Record the preemption status of vcpus using preempt notifiers (bsc#989680). - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680). - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680). - kvm: make processes waiting on vcpu mutex killable (bsc#989680). - kvm: nVMX: Add preemption timer support (bsc#989680). - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680). - kvm: use symbolic constant for nr interrupts (bsc#989680). - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680). - kvm: x86: Run PIT work in own kthread (bsc#989680). - kvm: x86: limit difference between kvmclock updates (bsc#989680). - libata: introduce ata_host->n_tags to avoid oops on SAS controllers (bsc#871728). - libata: remove n_tags to avoid kABI breakage (bsc#871728). - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846). - libfc: Fixup disc_mutex handling (bsc#962846). - libfc: Issue PRLI after a PRLO has been received (bsc#962846). - libfc: Revisit kref handling (bnc#990245). - libfc: Update rport reference counting (bsc#953233). - libfc: do not send ABTS when resetting exchanges (bsc#962846). - libfc: fixup locking of ptp_setup() (bsc#962846). - libfc: reset exchange manager during LOGO handling (bsc#962846). - libfc: send LOGO for PLOGI failure (bsc#962846). - locking/mutex: Explicitly mark task as running after wakeup (bsc#1012411). - memstick: mspro_block: add missing curly braces (bsc#1016688). - mlx4: Fix error flow when sending mads under SRIOV (bsc#786036 FATE#314304). - mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036 FATE#314304). - mlx4: Fix memory leak if QP creation failed (bsc#786036 FATE#314304). - mlx4: Fix potential deadlock when sending mad to wire (bsc#786036 FATE#314304). - mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036 FATE#314304). - mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036 FATE#314304). - mlx4: add missing braces in verify_qp_parameters (bsc#786036 FATE#314304). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (bnc#961589). - mm: fix crashes from mbind() merging vmas (bnc#1005877). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (bsc#1008645). - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036 FATE#314304). - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382 FATE#317529). - net/mlx4_core: Avoid returning success in case of an error flow (bsc#786036 FATE#314304). - net/mlx4_core: Do not BUG_ON during reset when PCI is offline (bsc#924708). - net/mlx4_core: Do not access comm channel if it has not yet been initialized (bsc#924708). - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards (bsc#919382 FATE#317529). - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec (bsc#786036 FATE#314304). - net/mlx4_core: Implement pci_resume callback (bsc#924708). - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT (bug#919382 FATE#317529). - net/mlx4_en: Choose time-stamping shift value according to HW frequency (bsc#919382 FATE#317529). - net/mlx4_en: Fix HW timestamp init issue upon system startup (bsc#919382 FATE#317529). - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036 FATE#314304). - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036 FATE#314304). - net/mlx4_en: Remove dependency between timestamping capability and service_task (bsc#919382 FATE#317529). - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382 FATE#317529). - netfront: do not truncate grant references. - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nfsv4: Handle timeouts correctly when probing for lease validity (bsc#1014410). - nvme: Automatic namespace rescan (bsc#1017686). - nvme: Metadata format support (bsc#1017686). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc/MSI: Fix race condition in tearing down MSI interrupts (bsc#1010201). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201). - powerpc: scan_features() updates incorrect bits for REAL_LE (bsc#1010201). - printk/sched: Introduce special printk_sched() for those awkward (bsc#996541). - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851). - qlcnic: fix a loop exit condition better (bsc#909350 FATE#317546). - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() (bnc#800999 FATE#313899). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rt2x00: fix rfkill regression on rt2500pci (bnc#748806). - s390/zcrypt: kernel: Fix invalid domain response handling (bsc#1016320). - scsi: Fix erratic device offline during EH (bsc#993832). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi_error: count medium access timeout only once per EH run (bsc#993832). - scsi_error: fixup crash in scsi_eh_reset (bsc#993832) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013070). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache (bsc#1012917). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - tg3: Fix temperature reporting (bnc#790588 FATE#313912). - usb: console: fix potential use after free (bsc#1015817). - usb: console: fix uninitialised ldisc semaphore (bsc#1015817). - usb: cp210x: Corrected USB request type definitions (bsc#1015932). - usb: cp210x: relocate private data from USB interface to port (bsc#1015932). - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932). - usb: ftdi_sio: fix null deref at port probe (bsc#1015796). - usb: ipaq.c: fix a timeout loop (bsc#1015848). - usb: opticon: fix non-atomic allocation in write path (bsc#1015803). - usb: option: fix runtime PM handling (bsc#1015752). - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932). - usb: serial: cp210x: add 8-bit and 32-bit register access functions (bsc#1015932). - usb: serial: cp210x: add new access functions for large registers (bsc#1015932). - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932). - usb: serial: fix potential use-after-free after failed probe (bsc#1015828). - usb: serial: io_edgeport: fix memory leaks in attach error path (bsc#1016505). - usb: serial: io_edgeport: fix memory leaks in probe error path (bsc#1016505). - usb: serial: keyspan: fix use-after-free in probe error path (bsc#1016520). - usb: sierra: fix AA deadlock in open error path (bsc#1015561). - usb: sierra: fix remote wakeup (bsc#1015561). - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561). - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561). - usb: sierra: fix use after free at suspend/resume (bsc#1015561). - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760). - usb: usb_wwan: fix race between write and resume (bsc#1015760). - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760). - usb: usb_wwan: fix urb leak in write error path (bsc#1015760). - usb: usb_wwan: fix write and suspend race (bsc#1015760). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844). - xenbus: do not invoke is_ready() for most device states (bsc#987333). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-12977=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-12977=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-12977=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-12977=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-94.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-94.1 kernel-default-base-3.0.101-94.1 kernel-default-devel-3.0.101-94.1 kernel-source-3.0.101-94.1 kernel-syms-3.0.101-94.1 kernel-trace-3.0.101-94.1 kernel-trace-base-3.0.101-94.1 kernel-trace-devel-3.0.101-94.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-94.1 kernel-ec2-base-3.0.101-94.1 kernel-ec2-devel-3.0.101-94.1 kernel-xen-3.0.101-94.1 kernel-xen-base-3.0.101-94.1 kernel-xen-devel-3.0.101-94.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-94.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-94.1 kernel-bigmem-base-3.0.101-94.1 kernel-bigmem-devel-3.0.101-94.1 kernel-ppc64-3.0.101-94.1 kernel-ppc64-base-3.0.101-94.1 kernel-ppc64-devel-3.0.101-94.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-94.1 kernel-pae-base-3.0.101-94.1 kernel-pae-devel-3.0.101-94.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-94.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-94.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-94.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-94.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-94.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-94.1 kernel-default-debugsource-3.0.101-94.1 kernel-trace-debuginfo-3.0.101-94.1 kernel-trace-debugsource-3.0.101-94.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-94.1 kernel-trace-devel-debuginfo-3.0.101-94.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-94.1 kernel-ec2-debugsource-3.0.101-94.1 kernel-xen-debuginfo-3.0.101-94.1 kernel-xen-debugsource-3.0.101-94.1 kernel-xen-devel-debuginfo-3.0.101-94.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-94.1 kernel-bigmem-debugsource-3.0.101-94.1 kernel-ppc64-debuginfo-3.0.101-94.1 kernel-ppc64-debugsource-3.0.101-94.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-94.1 kernel-pae-debugsource-3.0.101-94.1 kernel-pae-devel-debuginfo-3.0.101-94.1 References: https://www.suse.com/security/cve/CVE-2004-0230.html https://www.suse.com/security/cve/CVE-2012-6704.html https://www.suse.com/security/cve/CVE-2013-6368.html https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2015-8962.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-7910.html https://www.suse.com/security/cve/CVE-2016-7911.html https://www.suse.com/security/cve/CVE-2016-7916.html https://www.suse.com/security/cve/CVE-2016-8399.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-8633.html https://www.suse.com/security/cve/CVE-2016-8646.html https://www.suse.com/security/cve/CVE-2016-9555.html https://www.suse.com/security/cve/CVE-2016-9685.html https://www.suse.com/security/cve/CVE-2016-9756.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2017-5551.html https://bugzilla.suse.com/1003813 https://bugzilla.suse.com/1005877 https://bugzilla.suse.com/1007615 https://bugzilla.suse.com/1008557 https://bugzilla.suse.com/1008645 https://bugzilla.suse.com/1008831 https://bugzilla.suse.com/1008833 https://bugzilla.suse.com/1008893 https://bugzilla.suse.com/1009875 https://bugzilla.suse.com/1010150 https://bugzilla.suse.com/1010175 https://bugzilla.suse.com/1010201 https://bugzilla.suse.com/1010467 https://bugzilla.suse.com/1010501 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010711 https://bugzilla.suse.com/1010713 https://bugzilla.suse.com/1010716 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1011820 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012411 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012832 https://bugzilla.suse.com/1012851 https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1012917 https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1013038 https://bugzilla.suse.com/1013042 https://bugzilla.suse.com/1013070 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013542 https://bugzilla.suse.com/1014410 https://bugzilla.suse.com/1014454 https://bugzilla.suse.com/1014746 https://bugzilla.suse.com/1015561 https://bugzilla.suse.com/1015752 https://bugzilla.suse.com/1015760 https://bugzilla.suse.com/1015796 https://bugzilla.suse.com/1015803 https://bugzilla.suse.com/1015817 https://bugzilla.suse.com/1015828 https://bugzilla.suse.com/1015844 https://bugzilla.suse.com/1015848 https://bugzilla.suse.com/1015878 https://bugzilla.suse.com/1015932 https://bugzilla.suse.com/1016320 https://bugzilla.suse.com/1016505 https://bugzilla.suse.com/1016520 https://bugzilla.suse.com/1016668 https://bugzilla.suse.com/1016688 https://bugzilla.suse.com/1016824 https://bugzilla.suse.com/1016831 https://bugzilla.suse.com/1017686 https://bugzilla.suse.com/1017710 https://bugzilla.suse.com/1019079 https://bugzilla.suse.com/1019148 https://bugzilla.suse.com/1019165 https://bugzilla.suse.com/1019348 https://bugzilla.suse.com/1019783 https://bugzilla.suse.com/1020214 https://bugzilla.suse.com/1021258 https://bugzilla.suse.com/748806 https://bugzilla.suse.com/786036 https://bugzilla.suse.com/790588 https://bugzilla.suse.com/795297 https://bugzilla.suse.com/800999 https://bugzilla.suse.com/821612 https://bugzilla.suse.com/824171 https://bugzilla.suse.com/851603 https://bugzilla.suse.com/853052 https://bugzilla.suse.com/871728 https://bugzilla.suse.com/901809 https://bugzilla.suse.com/909350 https://bugzilla.suse.com/909491 https://bugzilla.suse.com/913387 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/919382 https://bugzilla.suse.com/924708 https://bugzilla.suse.com/925065 https://bugzilla.suse.com/953233 https://bugzilla.suse.com/961589 https://bugzilla.suse.com/962846 https://bugzilla.suse.com/969340 https://bugzilla.suse.com/973691 https://bugzilla.suse.com/987333 https://bugzilla.suse.com/987576 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989680 https://bugzilla.suse.com/989896 https://bugzilla.suse.com/990245 https://bugzilla.suse.com/992991 https://bugzilla.suse.com/993739 https://bugzilla.suse.com/993832 https://bugzilla.suse.com/996541 https://bugzilla.suse.com/996557 https://bugzilla.suse.com/997401 https://bugzilla.suse.com/999101 From sle-updates at lists.suse.com Thu Feb 9 13:28:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Feb 2017 21:28:35 +0100 (CET) Subject: SUSE-RU-2017:0438-1: Recommended update for yast2-smt Message-ID: <20170209202835.46D46FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0438-1 Rating: low References: #1019551 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-smt provides the following fixes: - Fix mirroring of custom repositories. (bsc#1019551) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-yast2-smt-12976=1 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (noarch): yast2-smt-2.17.31-0.9.1 References: https://bugzilla.suse.com/1019551 From sle-updates at lists.suse.com Thu Feb 9 16:07:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2017 00:07:36 +0100 (CET) Subject: SUSE-RU-2017:0440-1: important: Recommended update for spacewalk-backend Message-ID: <20170209230736.BB56BFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for spacewalk-backend ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0440-1 Rating: important References: #1023016 Affected Products: SUSE Manager Proxy 2.1 SUSE Manager 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for spacewalk-backend fixes the following regression: - Adjust string format to older python to fix a value error when syncing patches. (bsc#1023016) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-spacewalk-backend-12978=1 - SUSE Manager 2.1: zypper in -t patch sleman21-spacewalk-backend-12978=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (x86_64): spacewalk-backend-2.1.55.28-33.1 spacewalk-backend-libs-2.1.55.28-33.1 - SUSE Manager 2.1 (s390x x86_64): spacewalk-backend-2.1.55.28-33.1 spacewalk-backend-app-2.1.55.28-33.1 spacewalk-backend-applet-2.1.55.28-33.1 spacewalk-backend-config-files-2.1.55.28-33.1 spacewalk-backend-config-files-common-2.1.55.28-33.1 spacewalk-backend-config-files-tool-2.1.55.28-33.1 spacewalk-backend-iss-2.1.55.28-33.1 spacewalk-backend-iss-export-2.1.55.28-33.1 spacewalk-backend-libs-2.1.55.28-33.1 spacewalk-backend-package-push-server-2.1.55.28-33.1 spacewalk-backend-server-2.1.55.28-33.1 spacewalk-backend-sql-2.1.55.28-33.1 spacewalk-backend-sql-oracle-2.1.55.28-33.1 spacewalk-backend-sql-postgresql-2.1.55.28-33.1 spacewalk-backend-tools-2.1.55.28-33.1 spacewalk-backend-xml-export-libs-2.1.55.28-33.1 spacewalk-backend-xmlrpc-2.1.55.28-33.1 References: https://bugzilla.suse.com/1023016 From sle-updates at lists.suse.com Fri Feb 10 13:07:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Feb 2017 21:07:36 +0100 (CET) Subject: SUSE-SU-2017:0441-1: moderate: Security update for openssl Message-ID: <20170210200736.90F81FF7C@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0441-1 Rating: moderate References: #1000677 #1001912 #1009528 #1019637 #1021641 #1022085 #1022086 #1022271 Cross-References: CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7055: The x86_64 optimized montgomery multiplication may produce incorrect results (bsc#1009528) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (bsc#1022086) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Non-security issues fixed: - fix crash in openssl speed (bsc#1000677) - fix X509_CERT_FILE path (bsc#1022271) - AES XTS key parts must not be identical in FIPS mode (bsc#1019637) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-228=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-228=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-228=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-228=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-59.1 openssl-debuginfo-1.0.2j-59.1 openssl-debugsource-1.0.2j-59.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libopenssl-devel-1.0.2j-59.1 libopenssl1_0_0-1.0.2j-59.1 libopenssl1_0_0-debuginfo-1.0.2j-59.1 libopenssl1_0_0-hmac-1.0.2j-59.1 openssl-1.0.2j-59.1 openssl-debuginfo-1.0.2j-59.1 openssl-debugsource-1.0.2j-59.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): openssl-doc-1.0.2j-59.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libopenssl-devel-1.0.2j-59.1 libopenssl1_0_0-1.0.2j-59.1 libopenssl1_0_0-debuginfo-1.0.2j-59.1 libopenssl1_0_0-hmac-1.0.2j-59.1 openssl-1.0.2j-59.1 openssl-debuginfo-1.0.2j-59.1 openssl-debugsource-1.0.2j-59.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): openssl-doc-1.0.2j-59.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libopenssl1_0_0-32bit-1.0.2j-59.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-59.1 libopenssl1_0_0-hmac-32bit-1.0.2j-59.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libopenssl-devel-1.0.2j-59.1 libopenssl1_0_0-1.0.2j-59.1 libopenssl1_0_0-32bit-1.0.2j-59.1 libopenssl1_0_0-debuginfo-1.0.2j-59.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-59.1 openssl-1.0.2j-59.1 openssl-debuginfo-1.0.2j-59.1 openssl-debugsource-1.0.2j-59.1 References: https://www.suse.com/security/cve/CVE-2016-7055.html https://www.suse.com/security/cve/CVE-2017-3731.html https://www.suse.com/security/cve/CVE-2017-3732.html https://bugzilla.suse.com/1000677 https://bugzilla.suse.com/1001912 https://bugzilla.suse.com/1009528 https://bugzilla.suse.com/1019637 https://bugzilla.suse.com/1021641 https://bugzilla.suse.com/1022085 https://bugzilla.suse.com/1022086 https://bugzilla.suse.com/1022271 From sle-updates at lists.suse.com Fri Feb 10 19:14:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Feb 2017 03:14:33 +0100 (CET) Subject: SUSE-RU-2017:0452-1: Recommended update for grub2 Message-ID: <20170211021433.CB6A3FF7C@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0452-1 Rating: low References: #1004324 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 provides the following fixes: - Load lvm module to support Xen PV booting from LVM volumes. (bsc#1004324) - Merge upstream fixes to better work with XFS file systems. (bsc#1004324) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-grub2-12981=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-grub2-12981=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (x86_64): grub2-x86_64-efi-2.00-0.65.4 grub2-x86_64-xen-2.00-0.65.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): grub2-debuginfo-2.00-0.65.4 grub2-debugsource-2.00-0.65.4 References: https://bugzilla.suse.com/1004324 From sle-updates at lists.suse.com Mon Feb 13 07:08:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2017 15:08:16 +0100 (CET) Subject: SUSE-SU-2017:0453-1: moderate: Security update for tiff Message-ID: <20170213140816.995FDFF6C@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0453-1 Rating: moderate References: #1019611 #1022103 Cross-References: CVE-2017-5225 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tiff fixes the following issues: - A crafted TIFF image could cause a crash and potential code execution when processed by the 'tiffcp' utility (CVE-2017-5225, bsc#1019611). Also a regression from the version update to 4.0.7 was fixed in handling TIFFTAG_FAXRECVPARAMS. (bsc#1022103) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-231=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-231=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-231=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-231=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-231=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-231=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-231=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.7-40.1 tiff-debuginfo-4.0.7-40.1 tiff-debugsource-4.0.7-40.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtiff-devel-4.0.7-40.1 tiff-debuginfo-4.0.7-40.1 tiff-debugsource-4.0.7-40.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libtiff5-4.0.7-40.1 libtiff5-debuginfo-4.0.7-40.1 tiff-4.0.7-40.1 tiff-debuginfo-4.0.7-40.1 tiff-debugsource-4.0.7-40.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libtiff5-4.0.7-40.1 libtiff5-debuginfo-4.0.7-40.1 tiff-4.0.7-40.1 tiff-debuginfo-4.0.7-40.1 tiff-debugsource-4.0.7-40.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libtiff5-32bit-4.0.7-40.1 libtiff5-debuginfo-32bit-4.0.7-40.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtiff5-4.0.7-40.1 libtiff5-debuginfo-4.0.7-40.1 tiff-4.0.7-40.1 tiff-debuginfo-4.0.7-40.1 tiff-debugsource-4.0.7-40.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtiff5-32bit-4.0.7-40.1 libtiff5-debuginfo-32bit-4.0.7-40.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libtiff5-32bit-4.0.7-40.1 libtiff5-4.0.7-40.1 libtiff5-debuginfo-32bit-4.0.7-40.1 libtiff5-debuginfo-4.0.7-40.1 tiff-debuginfo-4.0.7-40.1 tiff-debugsource-4.0.7-40.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtiff5-32bit-4.0.7-40.1 libtiff5-4.0.7-40.1 libtiff5-debuginfo-32bit-4.0.7-40.1 libtiff5-debuginfo-4.0.7-40.1 tiff-debuginfo-4.0.7-40.1 tiff-debugsource-4.0.7-40.1 References: https://www.suse.com/security/cve/CVE-2017-5225.html https://bugzilla.suse.com/1019611 https://bugzilla.suse.com/1022103 From sle-updates at lists.suse.com Mon Feb 13 13:07:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2017 21:07:51 +0100 (CET) Subject: SUSE-RU-2017:0454-1: moderate: Recommended update for libvirt Message-ID: <20170213200751.99609F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0454-1 Rating: moderate References: #1012474 #1015590 #974279 #987002 #993507 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libvirt provides the following fixes: - Don't resume lockspaces in qemu's resume event handler. (bsc#1015590) - Always enable PAE for x86_64 Xen HVM. (bsc#987002) - Remove unhandled file and capability rules in lxc's AppArmor profile template. (bsc#974279) - Check if console/channel PTY is null before attempting to open it. (bsc#1012474) - Fix device hot(un)plug. (bsc#993507) - Remove unhandled file and capability rules in AppArmor LXC profile template. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libvirt-12984=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libvirt-12984=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libvirt-12984=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-devel-1.2.5-22.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libvirt-devel-32bit-1.2.5-22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-1.2.5-22.1 libvirt-client-1.2.5-22.1 libvirt-doc-1.2.5-22.1 libvirt-lock-sanlock-1.2.5-22.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libvirt-client-32bit-1.2.5-22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-debuginfo-1.2.5-22.1 libvirt-debugsource-1.2.5-22.1 References: https://bugzilla.suse.com/1012474 https://bugzilla.suse.com/1015590 https://bugzilla.suse.com/974279 https://bugzilla.suse.com/987002 https://bugzilla.suse.com/993507 From sle-updates at lists.suse.com Mon Feb 13 13:09:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2017 21:09:11 +0100 (CET) Subject: SUSE-RU-2017:0455-1: Recommended update for openstack-neutron and openstack-resource-agents Message-ID: <20170213200911.B304FFF7C@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron and openstack-resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0455-1 Rating: low References: #965886 #974420 #975582 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openstack-neutron and openstack-resource-agents fixes the following issues: - Update neutron server startup check for SSL connections. (bsc#975582) - neutron: Improve help message for --l3-agent-evacuate option. (bsc#974420) - neutron: Improve neutron-server start dependency handling. (bsc#965886) - neutron-ha-tool: Fix active/passive usage. - neutron-ha-tool: os_password is no longer a mandatory option. - neutron-ha-tool: Fix monitor return code. - neutron-ha-tool: Clarify risks of not using shared storage. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openstack-201611-12982=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): openstack-neutron-doc-2014.2.4.juno-25.2 openstack-resource-agents-1.0+git.1459538831.fff75c5-12.1 - SUSE OpenStack Cloud 5 (x86_64): openstack-neutron-2014.2.4.juno-25.1 openstack-neutron-dhcp-agent-2014.2.4.juno-25.1 openstack-neutron-ha-tool-2014.2.4.juno-25.1 openstack-neutron-ibm-agent-2014.2.4.juno-25.1 openstack-neutron-l3-agent-2014.2.4.juno-25.1 openstack-neutron-lbaas-agent-2014.2.4.juno-25.1 openstack-neutron-linuxbridge-agent-2014.2.4.juno-25.1 openstack-neutron-metadata-agent-2014.2.4.juno-25.1 openstack-neutron-metering-agent-2014.2.4.juno-25.1 openstack-neutron-mlnx-agent-2014.2.4.juno-25.1 openstack-neutron-nec-agent-2014.2.4.juno-25.1 openstack-neutron-nvsd-agent-2014.2.4.juno-25.1 openstack-neutron-openvswitch-agent-2014.2.4.juno-25.1 openstack-neutron-plugin-cisco-2014.2.4.juno-25.1 openstack-neutron-restproxy-agent-2014.2.4.juno-25.1 openstack-neutron-ryu-agent-2014.2.4.juno-25.1 openstack-neutron-server-2014.2.4.juno-25.1 openstack-neutron-vpn-agent-2014.2.4.juno-25.1 python-neutron-2014.2.4.juno-25.1 References: https://bugzilla.suse.com/965886 https://bugzilla.suse.com/974420 https://bugzilla.suse.com/975582 From sle-updates at lists.suse.com Mon Feb 13 13:30:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Feb 2017 21:30:02 +0100 (CET) Subject: SUSE-RU-2017:0457-1: Recommended update for openstack-nova Message-ID: <20170213203002.62D3AF7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0457-1 Rating: low References: #990448 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-nova fixes the following issues: - Improve dependency handling while nova-compute start. (bsc#990448) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openstack-nova-12983=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): openstack-nova-doc-2014.2.4.juno-32.1 - SUSE OpenStack Cloud 5 (x86_64): openstack-nova-2014.2.4.juno-32.1 openstack-nova-api-2014.2.4.juno-32.1 openstack-nova-cells-2014.2.4.juno-32.1 openstack-nova-cert-2014.2.4.juno-32.1 openstack-nova-compute-2014.2.4.juno-32.1 openstack-nova-conductor-2014.2.4.juno-32.1 openstack-nova-console-2014.2.4.juno-32.1 openstack-nova-consoleauth-2014.2.4.juno-32.1 openstack-nova-novncproxy-2014.2.4.juno-32.1 openstack-nova-objectstore-2014.2.4.juno-32.1 openstack-nova-scheduler-2014.2.4.juno-32.1 openstack-nova-serialproxy-2014.2.4.juno-32.1 openstack-nova-vncproxy-2014.2.4.juno-32.1 python-nova-2014.2.4.juno-32.1 References: https://bugzilla.suse.com/990448 From sle-updates at lists.suse.com Tue Feb 14 10:08:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2017 18:08:24 +0100 (CET) Subject: SUSE-SU-2017:0459-1: moderate: Security update for gd Message-ID: <20170214170824.BF199FF81@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0459-1 Rating: moderate References: #1022264 #1022265 #1022283 Cross-References: CVE-2016-10167 CVE-2016-10168 CVE-2016-9317 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gd fixes the following security issues: - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gd-12985=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gd-12985=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gd-12985=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-devel-2.0.36.RC1-52.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-2.0.36.RC1-52.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-debuginfo-2.0.36.RC1-52.32.1 gd-debugsource-2.0.36.RC1-52.32.1 References: https://www.suse.com/security/cve/CVE-2016-10167.html https://www.suse.com/security/cve/CVE-2016-10168.html https://www.suse.com/security/cve/CVE-2016-9317.html https://bugzilla.suse.com/1022264 https://bugzilla.suse.com/1022265 https://bugzilla.suse.com/1022283 From sle-updates at lists.suse.com Tue Feb 14 13:08:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2017 21:08:08 +0100 (CET) Subject: SUSE-SU-2017:0460-1: important: Security update for java-1_8_0-ibm Message-ID: <20170214200808.4E56AFF7B@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0460-1 Rating: important References: #1024218 Cross-References: CVE-2016-2183 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for java-1_8_0-ibm to version 8.0-4.0 fixes a lot of security issues (bsc#1024218): Following CVEs are fixed: CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2016-2183 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2017-3252 More information can be found on: https://developer.ibm.com/javasdk/support/security-vulnerabilities/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-237=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-237=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-237=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-237=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.0-23.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.0-23.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr4.0-23.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.0-23.1 java-1_8_0-ibm-plugin-1.8.0_sr4.0-23.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr4.0-23.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.0-23.1 java-1_8_0-ibm-plugin-1.8.0_sr4.0-23.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-5547.html https://www.suse.com/security/cve/CVE-2016-5548.html https://www.suse.com/security/cve/CVE-2016-5549.html https://www.suse.com/security/cve/CVE-2016-5552.html https://www.suse.com/security/cve/CVE-2017-3231.html https://www.suse.com/security/cve/CVE-2017-3241.html https://www.suse.com/security/cve/CVE-2017-3252.html https://www.suse.com/security/cve/CVE-2017-3253.html https://www.suse.com/security/cve/CVE-2017-3259.html https://www.suse.com/security/cve/CVE-2017-3261.html https://www.suse.com/security/cve/CVE-2017-3272.html https://www.suse.com/security/cve/CVE-2017-3289.html https://bugzilla.suse.com/1024218 From sle-updates at lists.suse.com Tue Feb 14 13:08:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Feb 2017 21:08:35 +0100 (CET) Subject: SUSE-SU-2017:0461-1: moderate: Security update for openssl Message-ID: <20170214200835.4B0A0FF7F@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0461-1 Rating: moderate References: #1000677 #1001912 #1004499 #1005878 #1019334 #1021641 #1022085 #1022271 Cross-References: CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has four fixes is now available. Description: This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085, CVE-2017-3731) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - fix ca-bundle path (bsc#1022271) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-236=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-236=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-236=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libopenssl-devel-1.0.1i-54.5.1 openssl-debuginfo-1.0.1i-54.5.1 openssl-debugsource-1.0.1i-54.5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.5.1 libopenssl1_0_0-debuginfo-1.0.1i-54.5.1 libopenssl1_0_0-hmac-1.0.1i-54.5.1 openssl-1.0.1i-54.5.1 openssl-debuginfo-1.0.1i-54.5.1 openssl-debugsource-1.0.1i-54.5.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.5.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.5.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.5.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): openssl-doc-1.0.1i-54.5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-54.5.1 libopenssl1_0_0-32bit-1.0.1i-54.5.1 libopenssl1_0_0-debuginfo-1.0.1i-54.5.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.5.1 openssl-1.0.1i-54.5.1 openssl-debuginfo-1.0.1i-54.5.1 openssl-debugsource-1.0.1i-54.5.1 References: https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-7056.html https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2017-3731.html https://bugzilla.suse.com/1000677 https://bugzilla.suse.com/1001912 https://bugzilla.suse.com/1004499 https://bugzilla.suse.com/1005878 https://bugzilla.suse.com/1019334 https://bugzilla.suse.com/1021641 https://bugzilla.suse.com/1022085 https://bugzilla.suse.com/1022271 From sle-updates at lists.suse.com Tue Feb 14 16:08:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2017 00:08:08 +0100 (CET) Subject: SUSE-RU-2017:0463-1: moderate: Recommended update for libusb-1_0 Message-ID: <20170214230808.C95CEFF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libusb-1_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0463-1 Rating: moderate References: #1023977 #978501 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for the libusb 1.0 library libusb-1_0 fixes the following issues and brings new features: - Fix race condition causing delayed completion of sync transfers. (bsc#978501) - Numerous bug fixes and improvements - Add libusb_get_device_speed() - Add libusb_has_capability() - Add libusb_error_name() - Add libusb_get_version() Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libusb-1_0-12986=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libusb-1_0-12986=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-libusb-1_0-12986=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libusb-1_0-12986=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libusb-1_0-12986=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libusb-1_0-devel-1.0.9-8.4.4.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libusb-1_0-0-1.0.9-8.4.4.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libusb-1_0-0-1.0.9-8.4.4.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libusb-1_0-0-32bit-1.0.9-8.4.4.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libusb-1_0-0-1.0.9-8.4.4.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libusb-1_0-0-32bit-1.0.9-8.4.4.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libusb-1_0-0-1.0.9-8.4.4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libusb-1_0-debuginfo-1.0.9-8.4.4.1 libusb-1_0-debugsource-1.0.9-8.4.4.1 References: https://bugzilla.suse.com/1023977 https://bugzilla.suse.com/978501 From sle-updates at lists.suse.com Tue Feb 14 16:08:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2017 00:08:48 +0100 (CET) Subject: SUSE-SU-2017:0464-1: important: Security update for the Linux Kernel Message-ID: <20170214230848.B3380FF7F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0464-1 Rating: important References: #1003813 #1005666 #1007197 #1008557 #1008567 #1008833 #1008876 #1008979 #1009062 #1009969 #1010040 #1010213 #1010294 #1010475 #1010478 #1010501 #1010502 #1010507 #1010612 #1010711 #1010716 #1012060 #1012422 #1012917 #1012985 #1013001 #1013038 #1013479 #1013531 #1013540 #1013542 #1014410 #1014746 #1016713 #1016725 #1016961 #1017164 #1017170 #1017410 #1017589 #1017710 #1018100 #1019032 #1019148 #1019260 #1019300 #1019783 #1019851 #1020214 #1020602 #1021258 #856380 #857394 #858727 #921338 #921778 #922052 #922056 #923036 #923037 #924381 #938963 #972993 #980560 #981709 #983087 #983348 #984194 #984419 #985850 #987192 #987576 #990384 #991273 #993739 #997807 #999101 Cross-References: CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-10088 CVE-2016-7910 CVE-2016-7911 CVE-2016-7913 CVE-2016-7914 CVE-2016-8399 CVE-2016-8633 CVE-2016-8645 CVE-2016-9083 CVE-2016-9084 CVE-2016-9756 CVE-2016-9793 CVE-2016-9806 CVE-2017-2583 CVE-2017-2584 CVE-2017-5551 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has 58 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935 (bnc#1014746). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug" (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531 1013542). - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540 1017589). - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bsc#1019851). - CVE-2017-2583: Fixed broken emulation of "MOV SS, null selector" (bsc#1020602). - CVE-2017-5551: Clear SGID bit when setting file permissions on tmpfs (bsc#1021258). The following non-security bugs were fixed: - Fixup acl reference leak and missing conversions in ext3, gfs2, jfs, hfsplus - RAID1: ignore discard error (bsc#1017164). - Update patches.suse/btrfs-8446-fix-qgroup-accounting-when-creating-snap.patch (bsc#972993). - blacklist: PCI fixes required only for cxl (bsc#1016713). - blacklist: cxl fixes on SLE12 SP1 (bsc#1016725) - blacklist: ibmvnic fixes on SLE12 SP1 (bsc#1016961) - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052 fate#318602 bsc#922056 FATE#318604). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - bnx2x: fix lockdep splat (bsc#922052 fate#318602 bsc#922056 FATE#318604). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087). - btrfs: Revert "Btrfs: do not delay inode ref updates during log replay" (bsc#987192). - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100). - btrfs: do not delay inode ref updates during log replay (bsc#987192). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL) (bsc#1008876). - ext4: fix data exposure after a crash (bsc#1012985). - fs: avoid including "mountproto=" with no protocol in /proc/mounts (bsc#1019260). - fuse: do not use iocb after it may have been freed (bsc#1012985). - hpilo: Add support for iLO5 (bsc#999101). - ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381 FATE#318568 bsc#921338). - ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036 FATE#318772). - ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727 FATE#315946). - ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727 FATE#315946). - ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036 FATE#318772). - ibmveth: calculate gso_segs for large packets (bsc#1019148). - ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148). - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148). - ibmveth: set correct gso_size and gso_type (bsc#1019148). - igb: Fix oops caused by missing queue pairing (bnc#857394). - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062). - ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961). - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963 FATE#319084). - kabi fix (bsc#1014410). - kabi: Whitelist KVM KABI changes resulting from adding a hcall. caused by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected as result of changing KVM KABI so whitelisting for now. If we get some additional input from IBM we can back out the patch. - kabi: protect __sk_mem_reclaim (kabi). - kabi: protect struct perf_event_context (kabi). - kabi: reintroduce sk_filter (kabi). - kbuild: Fix removal of the debian/ directory (bsc#1010213). - kernel: remove broken memory detection sanity check (bnc#1008567, LTC#148072). - kgr: ignore zombie tasks during the patching (bnc#1008979). - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612). - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410). - move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727 FATE#315946). - net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036 FATE#318772). - net/mlx5e: Do not modify CQ before it was created (bnc#923036 FATE#318772). - net/mlx5e: Do not try to modify CQ moderation if it is not supported (bnc#923036 FATE#318772). - net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036 FATE#318772). - net/mlx5e: Remove wrong poll CQ optimization (bnc#923036 FATE#318772). - netback: correct array index (bsc#983348). - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060) - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001). - serial: 8250_pci: Fix potential use-after-free in error path (bsc#1013001). - sfc: clear napi_hash state when copying channels (bsc#923037 FATE#318563). - sfc: fix potential stack corruption from running past stat bitmask (bsc#923037 FATE#318563). - sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380 FATE#315942). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - supported.conf: Add lib/*.ko to supported.conf (bsc#1019032) - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE (bsc#991273). - target: add XCOPY target/segment desc sense codes (bsc#991273). - target: bounds check XCOPY segment descriptor list (bsc#991273). - target: bounds check XCOPY total descriptor list length (bsc#991273). - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170). - target: check for XCOPY parameter truncation (bsc#991273). - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273). - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273). - target: support XCOPY requests without parameters (bsc#991273). - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273). - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#921778 FATE#318558). - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507). - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479). - xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419). - xenbus: correctly signal errors from xenstored_local_init() (luckily none so far). - xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560). - xfs: refactor xlog_recover_process_data() (bsc#1019300). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-238=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-238=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-238=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-238=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-238=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-238=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.69-60.64.29.1 kernel-default-debugsource-3.12.69-60.64.29.1 kernel-default-extra-3.12.69-60.64.29.1 kernel-default-extra-debuginfo-3.12.69-60.64.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.69-60.64.29.1 kernel-obs-build-debugsource-3.12.69-60.64.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.69-60.64.29.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.69-60.64.29.1 kernel-default-base-3.12.69-60.64.29.1 kernel-default-base-debuginfo-3.12.69-60.64.29.1 kernel-default-debuginfo-3.12.69-60.64.29.1 kernel-default-debugsource-3.12.69-60.64.29.1 kernel-default-devel-3.12.69-60.64.29.1 kernel-syms-3.12.69-60.64.29.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.69-60.64.29.1 kernel-xen-base-3.12.69-60.64.29.1 kernel-xen-base-debuginfo-3.12.69-60.64.29.1 kernel-xen-debuginfo-3.12.69-60.64.29.1 kernel-xen-debugsource-3.12.69-60.64.29.1 kernel-xen-devel-3.12.69-60.64.29.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.69-60.64.29.1 kernel-macros-3.12.69-60.64.29.1 kernel-source-3.12.69-60.64.29.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.69-60.64.29.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.69-60.64.29.1 kernel-ec2-debuginfo-3.12.69-60.64.29.1 kernel-ec2-debugsource-3.12.69-60.64.29.1 kernel-ec2-devel-3.12.69-60.64.29.1 kernel-ec2-extra-3.12.69-60.64.29.1 kernel-ec2-extra-debuginfo-3.12.69-60.64.29.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_29-default-1-4.1 kgraft-patch-3_12_69-60_64_29-xen-1-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.69-60.64.29.1 kernel-default-debuginfo-3.12.69-60.64.29.1 kernel-default-debugsource-3.12.69-60.64.29.1 kernel-default-devel-3.12.69-60.64.29.1 kernel-default-extra-3.12.69-60.64.29.1 kernel-default-extra-debuginfo-3.12.69-60.64.29.1 kernel-syms-3.12.69-60.64.29.1 kernel-xen-3.12.69-60.64.29.1 kernel-xen-debuginfo-3.12.69-60.64.29.1 kernel-xen-debugsource-3.12.69-60.64.29.1 kernel-xen-devel-3.12.69-60.64.29.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.69-60.64.29.1 kernel-macros-3.12.69-60.64.29.1 kernel-source-3.12.69-60.64.29.1 References: https://www.suse.com/security/cve/CVE-2015-8962.html https://www.suse.com/security/cve/CVE-2015-8963.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-7910.html https://www.suse.com/security/cve/CVE-2016-7911.html https://www.suse.com/security/cve/CVE-2016-7913.html https://www.suse.com/security/cve/CVE-2016-7914.html https://www.suse.com/security/cve/CVE-2016-8399.html https://www.suse.com/security/cve/CVE-2016-8633.html https://www.suse.com/security/cve/CVE-2016-8645.html https://www.suse.com/security/cve/CVE-2016-9083.html https://www.suse.com/security/cve/CVE-2016-9084.html https://www.suse.com/security/cve/CVE-2016-9756.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2016-9806.html https://www.suse.com/security/cve/CVE-2017-2583.html https://www.suse.com/security/cve/CVE-2017-2584.html https://www.suse.com/security/cve/CVE-2017-5551.html https://bugzilla.suse.com/1003813 https://bugzilla.suse.com/1005666 https://bugzilla.suse.com/1007197 https://bugzilla.suse.com/1008557 https://bugzilla.suse.com/1008567 https://bugzilla.suse.com/1008833 https://bugzilla.suse.com/1008876 https://bugzilla.suse.com/1008979 https://bugzilla.suse.com/1009062 https://bugzilla.suse.com/1009969 https://bugzilla.suse.com/1010040 https://bugzilla.suse.com/1010213 https://bugzilla.suse.com/1010294 https://bugzilla.suse.com/1010475 https://bugzilla.suse.com/1010478 https://bugzilla.suse.com/1010501 https://bugzilla.suse.com/1010502 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010612 https://bugzilla.suse.com/1010711 https://bugzilla.suse.com/1010716 https://bugzilla.suse.com/1012060 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012917 https://bugzilla.suse.com/1012985 https://bugzilla.suse.com/1013001 https://bugzilla.suse.com/1013038 https://bugzilla.suse.com/1013479 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013540 https://bugzilla.suse.com/1013542 https://bugzilla.suse.com/1014410 https://bugzilla.suse.com/1014746 https://bugzilla.suse.com/1016713 https://bugzilla.suse.com/1016725 https://bugzilla.suse.com/1016961 https://bugzilla.suse.com/1017164 https://bugzilla.suse.com/1017170 https://bugzilla.suse.com/1017410 https://bugzilla.suse.com/1017589 https://bugzilla.suse.com/1017710 https://bugzilla.suse.com/1018100 https://bugzilla.suse.com/1019032 https://bugzilla.suse.com/1019148 https://bugzilla.suse.com/1019260 https://bugzilla.suse.com/1019300 https://bugzilla.suse.com/1019783 https://bugzilla.suse.com/1019851 https://bugzilla.suse.com/1020214 https://bugzilla.suse.com/1020602 https://bugzilla.suse.com/1021258 https://bugzilla.suse.com/856380 https://bugzilla.suse.com/857394 https://bugzilla.suse.com/858727 https://bugzilla.suse.com/921338 https://bugzilla.suse.com/921778 https://bugzilla.suse.com/922052 https://bugzilla.suse.com/922056 https://bugzilla.suse.com/923036 https://bugzilla.suse.com/923037 https://bugzilla.suse.com/924381 https://bugzilla.suse.com/938963 https://bugzilla.suse.com/972993 https://bugzilla.suse.com/980560 https://bugzilla.suse.com/981709 https://bugzilla.suse.com/983087 https://bugzilla.suse.com/983348 https://bugzilla.suse.com/984194 https://bugzilla.suse.com/984419 https://bugzilla.suse.com/985850 https://bugzilla.suse.com/987192 https://bugzilla.suse.com/987576 https://bugzilla.suse.com/990384 https://bugzilla.suse.com/991273 https://bugzilla.suse.com/993739 https://bugzilla.suse.com/997807 https://bugzilla.suse.com/999101 From sle-updates at lists.suse.com Wed Feb 15 04:09:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2017 12:09:16 +0100 (CET) Subject: SUSE-SU-2017:0467-1: moderate: Security update for libXpm Message-ID: <20170215110916.17396FF81@maintenance.suse.de> SUSE Security Update: Security update for libXpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0467-1 Rating: moderate References: #1021315 Cross-References: CVE-2016-10164 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libXpm fixes the following issues: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-240=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-240=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-240=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-240=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-240=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-240=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-240=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libXpm-debugsource-3.5.11-5.1 libXpm-devel-3.5.11-5.1 libXpm-tools-3.5.11-5.1 libXpm-tools-debuginfo-3.5.11-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libXpm-debugsource-3.5.11-5.1 libXpm-devel-3.5.11-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libXpm-debugsource-3.5.11-5.1 libXpm4-3.5.11-5.1 libXpm4-debuginfo-3.5.11-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libXpm-debugsource-3.5.11-5.1 libXpm4-3.5.11-5.1 libXpm4-debuginfo-3.5.11-5.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libXpm4-32bit-3.5.11-5.1 libXpm4-debuginfo-32bit-3.5.11-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libXpm-debugsource-3.5.11-5.1 libXpm4-3.5.11-5.1 libXpm4-debuginfo-3.5.11-5.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libXpm4-32bit-3.5.11-5.1 libXpm4-debuginfo-32bit-3.5.11-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libXpm-debugsource-3.5.11-5.1 libXpm4-3.5.11-5.1 libXpm4-32bit-3.5.11-5.1 libXpm4-debuginfo-3.5.11-5.1 libXpm4-debuginfo-32bit-3.5.11-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libXpm-debugsource-3.5.11-5.1 libXpm4-3.5.11-5.1 libXpm4-32bit-3.5.11-5.1 libXpm4-debuginfo-3.5.11-5.1 libXpm4-debuginfo-32bit-3.5.11-5.1 References: https://www.suse.com/security/cve/CVE-2016-10164.html https://bugzilla.suse.com/1021315 From sle-updates at lists.suse.com Wed Feb 15 04:09:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2017 12:09:47 +0100 (CET) Subject: SUSE-SU-2017:0468-1: moderate: Security update for gd Message-ID: <20170215110947.49E56FF7F@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0468-1 Rating: moderate References: #1022263 #1022264 #1022265 #1022283 #1022284 #1022553 Cross-References: CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6906 CVE-2016-6912 CVE-2016-9317 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for gd fixes the following security issues: - CVE-2016-6906: An out-of-bounds read in TGA decompression was fixed which could have lead to crashes. (bsc#1022553) - CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) allowed remote attackers to have unspecified impact via large width and height values. (bsc#1022284) - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the GD Graphics Library (aka libgd) (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-241=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-241=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-241=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-241=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-241=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-241=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-241=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-241=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-241=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gd-32bit-2.1.0-23.1 gd-debuginfo-32bit-2.1.0-23.1 gd-debugsource-2.1.0-23.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gd-32bit-2.1.0-23.1 gd-debuginfo-32bit-2.1.0-23.1 gd-debugsource-2.1.0-23.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.1.0-23.1 gd-debugsource-2.1.0-23.1 gd-devel-2.1.0-23.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gd-debuginfo-2.1.0-23.1 gd-debugsource-2.1.0-23.1 gd-devel-2.1.0-23.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gd-2.1.0-23.1 gd-debuginfo-2.1.0-23.1 gd-debugsource-2.1.0-23.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gd-2.1.0-23.1 gd-debuginfo-2.1.0-23.1 gd-debugsource-2.1.0-23.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gd-2.1.0-23.1 gd-debuginfo-2.1.0-23.1 gd-debugsource-2.1.0-23.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gd-2.1.0-23.1 gd-32bit-2.1.0-23.1 gd-debuginfo-2.1.0-23.1 gd-debuginfo-32bit-2.1.0-23.1 gd-debugsource-2.1.0-23.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gd-2.1.0-23.1 gd-32bit-2.1.0-23.1 gd-debuginfo-2.1.0-23.1 gd-debuginfo-32bit-2.1.0-23.1 gd-debugsource-2.1.0-23.1 References: https://www.suse.com/security/cve/CVE-2016-10166.html https://www.suse.com/security/cve/CVE-2016-10167.html https://www.suse.com/security/cve/CVE-2016-10168.html https://www.suse.com/security/cve/CVE-2016-6906.html https://www.suse.com/security/cve/CVE-2016-6912.html https://www.suse.com/security/cve/CVE-2016-9317.html https://bugzilla.suse.com/1022263 https://bugzilla.suse.com/1022264 https://bugzilla.suse.com/1022265 https://bugzilla.suse.com/1022283 https://bugzilla.suse.com/1022284 https://bugzilla.suse.com/1022553 From sle-updates at lists.suse.com Wed Feb 15 10:08:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2017 18:08:14 +0100 (CET) Subject: SUSE-SU-2017:0470-1: moderate: Security update for xorg-x11-libXpm Message-ID: <20170215170814.92F61FF7B@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0470-1 Rating: moderate References: #1021315 Cross-References: CVE-2016-10164 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-libXpm fixes the following security issue: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libXpm-12988=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libXpm-12988=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libXpm-12988=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXpm-devel-7.4-3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXpm-devel-32bit-7.4-3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXpm-7.4-3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXpm-32bit-7.4-3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libXpm-x86-7.4-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXpm-debuginfo-7.4-3.1 xorg-x11-libXpm-debugsource-7.4-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): xorg-x11-libXpm-debuginfo-32bit-7.4-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): xorg-x11-libXpm-debuginfo-x86-7.4-3.1 References: https://www.suse.com/security/cve/CVE-2016-10164.html https://bugzilla.suse.com/1021315 From sle-updates at lists.suse.com Wed Feb 15 13:07:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2017 21:07:56 +0100 (CET) Subject: SUSE-SU-2017:0471-1: important: Security update for the Linux Kernel Message-ID: <20170215200756.9BD48FF7B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0471-1 Rating: important References: #1003153 #1003925 #1004462 #1004517 #1005666 #1007197 #1008833 #1008979 #1009969 #1010040 #1010475 #1010478 #1010501 #1010502 #1010507 #1010612 #1010711 #1010716 #1011820 #1012422 #1013038 #1013531 #1013540 #1013542 #1014746 #1016482 #1017410 #1017589 #1017710 #1019300 #1019851 #1020602 #1021258 #881008 #915183 #958606 #961257 #970083 #971989 #976195 #978094 #980371 #980560 #981038 #981597 #981709 #982282 #982544 #983619 #983721 #983977 #984148 #984419 #984755 #985978 #986362 #986365 #986445 #986569 #986572 #986811 #986941 #987542 #987565 #987576 #989152 #990384 #991608 #991665 #993392 #993890 #993891 #994296 #994748 #994881 #995968 #997708 #998795 #999584 #999600 #999932 #999943 Cross-References: CVE-2014-9904 CVE-2015-8956 CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-10088 CVE-2016-4470 CVE-2016-4998 CVE-2016-5696 CVE-2016-5828 CVE-2016-5829 CVE-2016-6130 CVE-2016-6327 CVE-2016-6480 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7425 CVE-2016-7910 CVE-2016-7911 CVE-2016-7913 CVE-2016-7914 CVE-2016-8399 CVE-2016-8633 CVE-2016-8645 CVE-2016-8658 CVE-2016-9083 CVE-2016-9084 CVE-2016-9756 CVE-2016-9793 CVE-2016-9806 CVE-2017-2583 CVE-2017-2584 CVE-2017-5551 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 34 vulnerabilities and has 48 fixes is now available. Description: The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented: - The ext2 filesystem got reenabled and supported to allow support for "XIP" (Execute In Place) (FATE#320805). The following security bugs were fixed: - CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. A user/process inside guest could have used this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest. (bsc#1020602). - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935 (bnc#1014746). - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502). - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misused the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability (bnc#987542). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362 bnc#986365). - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call (bnc#986569). - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). The following non-security bugs were fixed: - base: make module_create_drivers_dir race-free (bnc#983977). - btrfs-8448-improve-performance-on-fsync-against-new-inode.patch: Disable (bsc#981597). - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619). - btrfs: be more precise on errors when getting an inode from disk (bsc#981038). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - cdc-acm: added sanity checking for probe() (bsc#993891). - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805) - ext4: Add parameter for tuning handling of ext2 (bsc#976195). - ext4: Fixup handling for custom configs in tuning. - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419). - ipv6: Fix improper use or RCU in patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch. (bsc#961257) - ipv6: KABI workaround for ipv6: add complete rcu protection around np->opt. - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544). - kabi: reintroduce sk_filter (kabi). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612, fate#313296). - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410, fate#313296). - kgr: ignore zombie tasks during the patching (bnc#1008979). - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - modsign: Print appropriate status message when accessing UEFI variable (bsc#958606). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mpt3sas: Fix panic when aer correct error occurred (bsc#997708, bsc#999943). - netfilter: allow logging fron non-init netns (bsc#970083). - netfilter: bridge: do not leak skb in error paths (bsc#982544). - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544). - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544). - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584). - nfs: Fix a regression in the read() syscall (bsc#999584). - pci/aer: Clear error status registers during enumeration and restore (bsc#985978). - ppp: defer netns reference release for ppp channel (bsc#980371). - reiserfs: fix race in prealloc discard (bsc#987576). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - scsi: Increase REPORT_LUNS timeout (bsc#982282). - series.conf: move stray netfilter patches to the right section - squashfs3: properly handle dir_emit() failures (bsc#998795). - supported.conf: Add ext2 - timers: Use proper base migration in add_timer_on() (bnc#993392). - tty: audit: Fix audit source (bsc#1016482). - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094) - xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560). - xfs: fixed signedness of error code in xfs_inode_buf_verify (bsc#1003153). - xfs: fix premature enospc on inode allocation (bsc#984148). - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148). - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148). - xfs: refactor xlog_recover_process_data() (bsc#1019300). - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565). - xhci: silence warnings in switch (bnc#991665). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-247=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-247=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-247=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.66.1 kernel-macros-3.12.61-52.66.1 kernel-source-3.12.61-52.66.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.66.1 kernel-default-base-3.12.61-52.66.1 kernel-default-base-debuginfo-3.12.61-52.66.1 kernel-default-debuginfo-3.12.61-52.66.1 kernel-default-debugsource-3.12.61-52.66.1 kernel-default-devel-3.12.61-52.66.1 kernel-syms-3.12.61-52.66.1 kernel-xen-3.12.61-52.66.1 kernel-xen-base-3.12.61-52.66.1 kernel-xen-base-debuginfo-3.12.61-52.66.1 kernel-xen-debuginfo-3.12.61-52.66.1 kernel-xen-debugsource-3.12.61-52.66.1 kernel-xen-devel-3.12.61-52.66.1 kgraft-patch-3_12_61-52_66-default-1-2.1 kgraft-patch-3_12_61-52_66-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.66.1 kernel-default-base-3.12.61-52.66.1 kernel-default-base-debuginfo-3.12.61-52.66.1 kernel-default-debuginfo-3.12.61-52.66.1 kernel-default-debugsource-3.12.61-52.66.1 kernel-default-devel-3.12.61-52.66.1 kernel-syms-3.12.61-52.66.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.66.1 kernel-macros-3.12.61-52.66.1 kernel-source-3.12.61-52.66.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.66.1 kernel-xen-base-3.12.61-52.66.1 kernel-xen-base-debuginfo-3.12.61-52.66.1 kernel-xen-debuginfo-3.12.61-52.66.1 kernel-xen-debugsource-3.12.61-52.66.1 kernel-xen-devel-3.12.61-52.66.1 kgraft-patch-3_12_61-52_66-default-1-2.1 kgraft-patch-3_12_61-52_66-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.66.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.66.1 kernel-ec2-debuginfo-3.12.61-52.66.1 kernel-ec2-debugsource-3.12.61-52.66.1 kernel-ec2-devel-3.12.61-52.66.1 kernel-ec2-extra-3.12.61-52.66.1 kernel-ec2-extra-debuginfo-3.12.61-52.66.1 References: https://www.suse.com/security/cve/CVE-2014-9904.html https://www.suse.com/security/cve/CVE-2015-8956.html https://www.suse.com/security/cve/CVE-2015-8962.html https://www.suse.com/security/cve/CVE-2015-8963.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-5828.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6130.html https://www.suse.com/security/cve/CVE-2016-6327.html https://www.suse.com/security/cve/CVE-2016-6480.html https://www.suse.com/security/cve/CVE-2016-6828.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7097.html https://www.suse.com/security/cve/CVE-2016-7425.html https://www.suse.com/security/cve/CVE-2016-7910.html https://www.suse.com/security/cve/CVE-2016-7911.html https://www.suse.com/security/cve/CVE-2016-7913.html https://www.suse.com/security/cve/CVE-2016-7914.html https://www.suse.com/security/cve/CVE-2016-8399.html https://www.suse.com/security/cve/CVE-2016-8633.html https://www.suse.com/security/cve/CVE-2016-8645.html https://www.suse.com/security/cve/CVE-2016-8658.html https://www.suse.com/security/cve/CVE-2016-9083.html https://www.suse.com/security/cve/CVE-2016-9084.html https://www.suse.com/security/cve/CVE-2016-9756.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2016-9806.html https://www.suse.com/security/cve/CVE-2017-2583.html https://www.suse.com/security/cve/CVE-2017-2584.html https://www.suse.com/security/cve/CVE-2017-5551.html https://bugzilla.suse.com/1003153 https://bugzilla.suse.com/1003925 https://bugzilla.suse.com/1004462 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1005666 https://bugzilla.suse.com/1007197 https://bugzilla.suse.com/1008833 https://bugzilla.suse.com/1008979 https://bugzilla.suse.com/1009969 https://bugzilla.suse.com/1010040 https://bugzilla.suse.com/1010475 https://bugzilla.suse.com/1010478 https://bugzilla.suse.com/1010501 https://bugzilla.suse.com/1010502 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010612 https://bugzilla.suse.com/1010711 https://bugzilla.suse.com/1010716 https://bugzilla.suse.com/1011820 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1013038 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013540 https://bugzilla.suse.com/1013542 https://bugzilla.suse.com/1014746 https://bugzilla.suse.com/1016482 https://bugzilla.suse.com/1017410 https://bugzilla.suse.com/1017589 https://bugzilla.suse.com/1017710 https://bugzilla.suse.com/1019300 https://bugzilla.suse.com/1019851 https://bugzilla.suse.com/1020602 https://bugzilla.suse.com/1021258 https://bugzilla.suse.com/881008 https://bugzilla.suse.com/915183 https://bugzilla.suse.com/958606 https://bugzilla.suse.com/961257 https://bugzilla.suse.com/970083 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/976195 https://bugzilla.suse.com/978094 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980560 https://bugzilla.suse.com/981038 https://bugzilla.suse.com/981597 https://bugzilla.suse.com/981709 https://bugzilla.suse.com/982282 https://bugzilla.suse.com/982544 https://bugzilla.suse.com/983619 https://bugzilla.suse.com/983721 https://bugzilla.suse.com/983977 https://bugzilla.suse.com/984148 https://bugzilla.suse.com/984419 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/985978 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986445 https://bugzilla.suse.com/986569 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/986811 https://bugzilla.suse.com/986941 https://bugzilla.suse.com/987542 https://bugzilla.suse.com/987565 https://bugzilla.suse.com/987576 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/990384 https://bugzilla.suse.com/991608 https://bugzilla.suse.com/991665 https://bugzilla.suse.com/993392 https://bugzilla.suse.com/993890 https://bugzilla.suse.com/993891 https://bugzilla.suse.com/994296 https://bugzilla.suse.com/994748 https://bugzilla.suse.com/994881 https://bugzilla.suse.com/995968 https://bugzilla.suse.com/997708 https://bugzilla.suse.com/998795 https://bugzilla.suse.com/999584 https://bugzilla.suse.com/999600 https://bugzilla.suse.com/999932 https://bugzilla.suse.com/999943 From sle-updates at lists.suse.com Wed Feb 15 13:23:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2017 21:23:04 +0100 (CET) Subject: SUSE-RU-2017:0472-1: Recommended update for ses-manual_en Message-ID: <20170215202304.50B72FF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0472-1 Rating: low References: #1010932 #1012551 #1012586 #1013658 #1014039 #1014155 #1014194 #1014621 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: The Administration and Deployment Guide for SUSE Enterprise Storage 4 has been updated to document: - Added information about required rights in /var/log/ceph. (bsc#1010932) - Added section about XFS corruption. (bsc#1012551) - Fixed title of Upgrade-chapter. (bsc#1012586) - Removed appendix A "Salt State (SLS) File Example". (bsc#1014155) - Moved "iSCSI Gateways Upgrade" to "General Upgrade Procedure". (bsc#1014194) - Added information about "zypper migration" man page. (bsc#1014621) - Added note about deploying with DeepSea. (bsc#1014039) - Documented that NFS-Ganesha is a technology preview. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-244=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): ses-admin_en-pdf-4-11.1 ses-manual_en-4-11.1 References: https://bugzilla.suse.com/1010932 https://bugzilla.suse.com/1012551 https://bugzilla.suse.com/1012586 https://bugzilla.suse.com/1013658 https://bugzilla.suse.com/1014039 https://bugzilla.suse.com/1014155 https://bugzilla.suse.com/1014194 https://bugzilla.suse.com/1014621 From sle-updates at lists.suse.com Wed Feb 15 13:24:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2017 21:24:34 +0100 (CET) Subject: SUSE-SU-2017:0473-1: moderate: Security update for ppp Message-ID: <20170215202434.52298FF7F@maintenance.suse.de> SUSE Security Update: Security update for ppp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0473-1 Rating: moderate References: #927841 Cross-References: CVE-2015-3310 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The ppp package was updated to fix the following security issue: - CVE-2015-3310: Fixed a buffer overflow in radius plug-in's rc_mksid() (bsc#927841). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ppp-12989=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ppp-12989=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ppp-12989=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ppp-devel-2.4.5.git-2.31.7 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ppp-2.4.5.git-2.31.7 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ppp-debuginfo-2.4.5.git-2.31.7 ppp-debugsource-2.4.5.git-2.31.7 References: https://www.suse.com/security/cve/CVE-2015-3310.html https://bugzilla.suse.com/927841 From sle-updates at lists.suse.com Wed Feb 15 13:25:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Feb 2017 21:25:01 +0100 (CET) Subject: SUSE-SU-2017:0474-1: moderate: Security update for ppp Message-ID: <20170215202501.645E6FF7F@maintenance.suse.de> SUSE Security Update: Security update for ppp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0474-1 Rating: moderate References: #927841 Cross-References: CVE-2015-3310 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The ppp package was updated to fix the following security issue: - CVE-2015-3310: Fixed a buffer overflow in radius plug-in's rc_mksid() (bsc#927841). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-246=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-246=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-246=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-246=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-246=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-246=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-246=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ppp-debuginfo-2.4.7-3.4 ppp-debugsource-2.4.7-3.4 ppp-devel-2.4.7-3.4 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ppp-debuginfo-2.4.7-3.4 ppp-debugsource-2.4.7-3.4 ppp-devel-2.4.7-3.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ppp-2.4.7-3.4 ppp-debuginfo-2.4.7-3.4 ppp-debugsource-2.4.7-3.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ppp-2.4.7-3.4 ppp-debuginfo-2.4.7-3.4 ppp-debugsource-2.4.7-3.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ppp-2.4.7-3.4 ppp-debuginfo-2.4.7-3.4 ppp-debugsource-2.4.7-3.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ppp-2.4.7-3.4 ppp-debuginfo-2.4.7-3.4 ppp-debugsource-2.4.7-3.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ppp-2.4.7-3.4 ppp-debuginfo-2.4.7-3.4 ppp-debugsource-2.4.7-3.4 References: https://www.suse.com/security/cve/CVE-2015-3310.html https://bugzilla.suse.com/927841 From sle-updates at lists.suse.com Wed Feb 15 22:08:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2017 06:08:08 +0100 (CET) Subject: SUSE-SU-2017:0475-1: moderate: Security update for susestudio Message-ID: <20170216050808.7CC33FF81@maintenance.suse.de> SUSE Security Update: Security update for susestudio ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0475-1 Rating: moderate References: #870697 #887489 #929102 #942185 #947225 #963741 #968797 #969322 #972406 #972425 #974130 #979110 #979124 #981095 #983404 #983999 Cross-References: CVE-2015-3448 CVE-2015-7576 CVE-2015-7577 CVE-2016-0751 CVE-2016-0752 Affected Products: SUSE Studio Onsite Runner 1.3 SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 11 fixes is now available. Description: This update provides SUSE Studio Runner 1.3.14, which brings fixes for the following issues: - bsc#968797: 11 SP3 appliance gets invalid distribution upgrade from SLMS. - bsc#947225: Second build of appliance will not register to SLMS, wrong product name. - bsc#983404: UEFI boot missing for SLE11 SP4. - bsc#972406: Kiwi export config.sh script has /build-custom out of order. - bsc#981095: Add user "ldap" to default_users list for assigning owners for overlay files. - bsc#972425: Runlevel 3 is being ignored in appliance configuration. - bsc#983999: SLES 12 appliance build does not include gpg keys from base product. - bsc#979110: SLES 12 will not build for EC2. - bsc#929102: Plaintext Password Local Disclosure in rubygem-rest-client. (CVE-2015-3448) - bsc#963741: Security fixes for Rails v3.2.22. (CVE-2015-7576, CVE-2015-7577, CVE-2016-0751, CVE-2016-0752) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite Runner 1.3: zypper in -t patch slestso13-susestudio-12990=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-12990=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite Runner 1.3 (noarch): studio-help-1.3.20-0.6.9 - SUSE Studio Onsite Runner 1.3 (s390x): libcontainment-insomnia-0.1.1-0.9.4.19 libjansson4-2.2.1-0.9.11.6 qemu-ext2-0.1.1-0.9.4.19 rubygem-bundler19-1.7.0-0.13.10 susestudio-bundled-packages-1.3.14-52.1 susestudio-common-1.3.14-52.1 susestudio-runner-1.3.14-52.1 susestudio-ui-server-1.3.14-52.1 - SUSE Studio Onsite 1.3 (noarch): studio-help-1.3.20-0.6.9 - SUSE Studio Onsite 1.3 (x86_64): libcontainment-insomnia-0.1.1-0.9.4.19 libjansson4-2.2.1-0.9.11.6 qemu-ext2-0.1.1-0.9.4.19 rubygem-bundler19-1.7.0-0.13.10 susestudio-1.3.14-52.1 susestudio-bundled-packages-1.3.14-52.1 susestudio-common-1.3.14-52.1 susestudio-runner-1.3.14-52.1 susestudio-sid-1.3.14-52.1 susestudio-ui-server-1.3.14-52.1 References: https://www.suse.com/security/cve/CVE-2015-3448.html https://www.suse.com/security/cve/CVE-2015-7576.html https://www.suse.com/security/cve/CVE-2015-7577.html https://www.suse.com/security/cve/CVE-2016-0751.html https://www.suse.com/security/cve/CVE-2016-0752.html https://bugzilla.suse.com/870697 https://bugzilla.suse.com/887489 https://bugzilla.suse.com/929102 https://bugzilla.suse.com/942185 https://bugzilla.suse.com/947225 https://bugzilla.suse.com/963741 https://bugzilla.suse.com/968797 https://bugzilla.suse.com/969322 https://bugzilla.suse.com/972406 https://bugzilla.suse.com/972425 https://bugzilla.suse.com/974130 https://bugzilla.suse.com/979110 https://bugzilla.suse.com/979124 https://bugzilla.suse.com/981095 https://bugzilla.suse.com/983404 https://bugzilla.suse.com/983999 From sle-updates at lists.suse.com Thu Feb 16 13:07:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Feb 2017 21:07:37 +0100 (CET) Subject: SUSE-RU-2017:0476-1: important: Recommended update for docker Message-ID: <20170216200737.F235CFF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0476-1 Rating: important References: #1016992 #1020806 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for docker fixes the following issues: - Containers using old run-time options did no longer start after the last docker update. This patch provides the appropriate oci runtime to remedy that issue. When those containers are started by the new docker version, the runtime is automatically migrated to the new one. [bsc#1020806, bsc#1016992] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-249=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-249=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): docker-1.12.6-90.1 docker-debuginfo-1.12.6-90.1 docker-debugsource-1.12.6-90.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-1.12.6-90.1 docker-debuginfo-1.12.6-90.1 docker-debugsource-1.12.6-90.1 References: https://bugzilla.suse.com/1016992 https://bugzilla.suse.com/1020806 From sle-updates at lists.suse.com Thu Feb 16 16:07:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2017 00:07:52 +0100 (CET) Subject: SUSE-RU-2017:0478-1: moderate: Recommended update for portus Message-ID: <20170216230752.7C0FEFF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for portus ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0478-1 Rating: moderate References: #1022834 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Portus 2.2.0, which brings fixes and enhancements: Bug fixing: - Remove auth/cover.js from precompilation. - Fix activities. - Portus will now properly update the image ID when a tag has been pushed. - Fixed how image updates are handled. - Follow a consistent order in the signup form. - Hide passwords stored in webhooks. - Removed reference of missing stylesheets. Features: - portusctl will show a warning when using the --local-registry flag if the package has not been installed. - Portus now supports Docker Distribution 2.5. - Allow docker-compose users to specify an alternative port. Documentation: - Avoid confusion on the hostnames to be used. - Clarified how the --local-registry flag works. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-250=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): portus-2.2.0-19.1 portus-debuginfo-2.2.0-19.1 portus-debugsource-2.2.0-19.1 References: https://bugzilla.suse.com/1022834 From sle-updates at lists.suse.com Fri Feb 17 07:09:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2017 15:09:24 +0100 (CET) Subject: SUSE-RU-2017:0489-1: Recommended update for release-notes-sled Message-ID: <20170217140924.F0C75FF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0489-1 Rating: low References: #1017579 #1021007 #1021089 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Desktop 12 SP2 have been updated to document: - Information about release notes of skipped product versions. - Fixed "SP3 SP1" typo. (bsc#1021007) - No Support for Samba as Active Directory-Style Domain Controller. (fate#320709, bsc#1017579) - Support for 3D Graphics in VMware Guest. (fate#318990) - Mutt Has Been Updated to 1.6.0. (fate#320751) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-252=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-252=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): release-notes-sled-12.2.20170131-18.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): release-notes-sled-12.2.20170131-18.6.1 References: https://bugzilla.suse.com/1017579 https://bugzilla.suse.com/1021007 https://bugzilla.suse.com/1021089 From sle-updates at lists.suse.com Fri Feb 17 07:10:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2017 15:10:07 +0100 (CET) Subject: SUSE-SU-2017:0490-1: important: Security update for java-1_7_0-openjdk Message-ID: <20170217141007.5E721FF7F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0490-1 Rating: important References: #1020905 Cross-References: CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 (bsc#1020905): * Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvments - S8168724, CVE-2016-5549: ECDSA signing improvments - S6253144: Long narrowing conversion should describe the algorithm used and implied "risks" - S6328537: Improve javadocs for Socket class by adding references to SocketOptions - S6978886: javadoc shows stacktrace after print error resulting from disk full - S6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory - S6996372: synchronizing handshaking hash - S7027045: (doc) java/awt/Window.java has several typos in javadoc - S7054969: Null-check-in-finally pattern in java/security documentation - S7072353: JNDI libraries do not build with javac -Xlint:all -Werror - S7075563: Broken link in "javax.swing.SwingWorker" - S7077672: jdk8_tl nightly fail in step-2 build on 8/10/11 - S7088502: Security libraries don't build with javac -Werror - S7092447: Clarify the default locale used in each locale sensitive operation - S7093640: Enable client-side TLS 1.2 by default - S7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed - S7117360: Warnings in java.util.concurrent.atomic package - S7117465: Warning cleanup for IMF classes - S7187144: JavaDoc for ScriptEngineFactory.getProgram() contains an error - S8000418: javadoc should used a standard "generated by javadoc" string - S8000666: javadoc should write directly to Writer instead of composing strings - S8000673: remove dead code from HtmlWriter and subtypes - S8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK - S8001669: javadoc internal DocletAbortException should set cause when appropriate - S8008949: javadoc stopped copying doc-files - S8011402: Move blacklisting certificate logic from hard code to data - S8011547: Update XML Signature implementation to Apache Santuario 1.5.4 - S8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo - S8016217: More javadoc warnings - S8017325: Cleanup of the javadoc tag in java.security.cert - S8017326: Cleanup of the javadoc tag in java.security.spec - S8019772: Fix doclint issues in javax.crypto and javax.security subpackages - S8020557: javadoc cleanup in javax.security - S8020688: Broken links in documentation at http://docs.oracle.com/javase/6/docs/api/index. - S8021108: Clean up doclint warnings and errors in java.text package - S8021417: Fix doclint issues in java.util.concurrent - S8021833: javadoc cleanup in java.net - S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods fails - S8022175: Fix doclint warnings in javax.print - S8022406: Fix doclint issues in java.beans - S8022746: List of spelling errors in API doc - S8024779: [macosx] SwingNode crashes on exit - S8025085: [javadoc] some errors in javax/swing - S8025218: [javadoc] some errors in java/awt classes - S8025249: [javadoc] fix some javadoc errors in javax/swing/ - S8025409: Fix javadoc comments errors and warning reported by doclint report - S8026021: more fix of javadoc errors and warnings reported by doclint, see the description - S8037099: [macosx] Remove all references to GC from native OBJ-C code - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8049244: XML Signature performance issue caused by unbuffered signature data - S8049432: New tests for TLS property jdk.tls.client.protocols - S8050893: (smartcardio) Invert reset argument in tests in sun/security/smartcardio - S8059212: Modify regression tests so that they do not just fail if no cardreader found - S8068279: (typo in the spec) javax.script.ScriptEngineFactory.getLanguageName - S8068491: Update the protocol for references of docs.oracle.com to HTTPS. - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 - S8076369: Introduce the jdk.tls.client.protocols system property for JDK 7u - S8139565: Restrict certificates with DSA keys less than 1024 bits - S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8143959: Certificates requiring blacklisting - S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks - S8148516: Improve the default strength of EC in JDK - S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks - S8151893: Add security property to configure XML Signature secure validation mode - S8155760: Implement Serialization Filtering - S8156802: Better constraint checking - S8161228: URL objects with custom protocol handlers have port changed after deserializing - S8161571: Verifying ECDSA signatures permits trailing bytes - S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar - S8164908: ReflectionFactory support for IIOP and custom serialization - S8165230: RMIConnection addNotificationListeners failing with specific inputs - S8166393: disabledAlgorithms property should not be strictly parsed - S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra is very fast (Trackpad, Retina only) - S8166739: Improve extensibility of ObjectInputFilter information passed to the filter - S8166875: (tz) Support tzdata2016g - S8166878: Connection reset during TLS handshake - S8167356: Follow up fix for jdk8 backport of 8164143. Changes for CMenuComponent.m were missed - S8167459: Add debug output for indicating if a chosen ciphersuite was legacy - S8167472: Chrome interop regression with JDK-8148516 - S8167591: Add MD5 to signed JAR restrictions - S8168861: AnchorCertificates uses hardcoded password for cacerts keystore - S8168993: JDK8u121 L10n resource file update - S8169191: (tz) Support tzdata2016i - S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU - S8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304 - S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property - S8170268: 8u121 L10n resource file update - msgdrop 20 - S8173622: Backport of 7180907 is incomplete - S8173849: Fix use of java.util.Base64 in test cases - S8173854: [TEST] Update DHEKeySizing test case following 8076328 & 8081760 - CVE-2017-3259 Vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. * Backports - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on __APPLE__and _LLP64 systems. - S8000351, PR3316, RH1390708: Tenuring threshold should be unsigned - S8153711, PR3315, RH1284948: [REDO] GlobalRefs never deleted when processing invokeMethod command - S8170888, PR3316, RH1390708: [linux] support for cgroup memory limits in container (ie Docker) environments * Bug fixes - PR3318: Replace 'infinality' with 'improved font rendering' (--enable-improved-font-rendering) - PR3318: Fix compatibility with vanilla Fontconfig - PR3318: Fix glyph y advance - PR3318: Always round glyph advance in 26.6 space - PR3318: Simplify glyph advance handling - PR3324: Fix NSS_LIBDIR substitution in make_generic_profile.sh broken by PR1989 * AArch64 port - S8165673, PR3320: AArch64: Fix JNI floating point argument handling Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-255=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-255=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-255=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-255=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-255=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-255=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-255=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): java-1_7_0-openjdk-1.7.0.131-39.1 java-1_7_0-openjdk-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-debugsource-1.7.0.131-39.1 java-1_7_0-openjdk-demo-1.7.0.131-39.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-devel-1.7.0.131-39.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-headless-1.7.0.131-39.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.131-39.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_7_0-openjdk-1.7.0.131-39.1 java-1_7_0-openjdk-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-debugsource-1.7.0.131-39.1 java-1_7_0-openjdk-demo-1.7.0.131-39.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-devel-1.7.0.131-39.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-headless-1.7.0.131-39.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.131-39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): java-1_7_0-openjdk-1.7.0.131-39.1 java-1_7_0-openjdk-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-debugsource-1.7.0.131-39.1 java-1_7_0-openjdk-demo-1.7.0.131-39.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-devel-1.7.0.131-39.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-headless-1.7.0.131-39.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.131-39.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.131-39.1 java-1_7_0-openjdk-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-debugsource-1.7.0.131-39.1 java-1_7_0-openjdk-demo-1.7.0.131-39.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-devel-1.7.0.131-39.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-headless-1.7.0.131-39.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.131-39.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.131-39.1 java-1_7_0-openjdk-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-debugsource-1.7.0.131-39.1 java-1_7_0-openjdk-demo-1.7.0.131-39.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-devel-1.7.0.131-39.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-headless-1.7.0.131-39.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.131-39.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_7_0-openjdk-1.7.0.131-39.1 java-1_7_0-openjdk-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-debugsource-1.7.0.131-39.1 java-1_7_0-openjdk-headless-1.7.0.131-39.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.131-39.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.131-39.1 java-1_7_0-openjdk-debuginfo-1.7.0.131-39.1 java-1_7_0-openjdk-debugsource-1.7.0.131-39.1 java-1_7_0-openjdk-headless-1.7.0.131-39.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.131-39.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-5546.html https://www.suse.com/security/cve/CVE-2016-5547.html https://www.suse.com/security/cve/CVE-2016-5548.html https://www.suse.com/security/cve/CVE-2016-5549.html https://www.suse.com/security/cve/CVE-2016-5552.html https://www.suse.com/security/cve/CVE-2017-3231.html https://www.suse.com/security/cve/CVE-2017-3241.html https://www.suse.com/security/cve/CVE-2017-3252.html https://www.suse.com/security/cve/CVE-2017-3253.html https://www.suse.com/security/cve/CVE-2017-3259.html https://www.suse.com/security/cve/CVE-2017-3260.html https://www.suse.com/security/cve/CVE-2017-3261.html https://www.suse.com/security/cve/CVE-2017-3272.html https://www.suse.com/security/cve/CVE-2017-3289.html https://bugzilla.suse.com/1020905 From sle-updates at lists.suse.com Fri Feb 17 07:10:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2017 15:10:33 +0100 (CET) Subject: SUSE-RU-2017:0491-1: Recommended update for release-notes-sles Message-ID: <20170217141033.4DFB2FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0491-1 Rating: low References: #1007344 #1016710 #1017579 #1022217 #967407 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP2 have been updated to document: - Information about release notes of skipped product versions. - Availability of new High Performance Computing (HPC) module. - Support for 3D Graphics in VMware Guest. (fate#318990) - No Support for Samba as Active Directory-Style Domain Controller. (fate#320709, bsc#1017579) - Unloading device_handler Modules Not Possible Anymore. (fate#322261, bsc#1007344) - Server Component of Puppet Is Deprecated. (fate#321117) - Btrfs File System Going Read-only When Executing Balance Operation. (fate#322002) - Docker Compose Has Been Removed from the Containers Module. (fate#320740, bsc#967407) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-254=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-254=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): release-notes-sles-12.2.20170208-5.10.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): release-notes-sles-12.2.20170208-5.10.1 References: https://bugzilla.suse.com/1007344 https://bugzilla.suse.com/1016710 https://bugzilla.suse.com/1017579 https://bugzilla.suse.com/1022217 https://bugzilla.suse.com/967407 From sle-updates at lists.suse.com Fri Feb 17 07:11:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2017 15:11:33 +0100 (CET) Subject: SUSE-RU-2017:0492-1: Recommended update for libica2 Message-ID: <20170217141133.A5AB7FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libica2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0492-1 Rating: low References: #1010927 #991485 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libica2 fixes the following issues: - Segmentation fault caused by multithread key generation using openssl (bsc#991485) - libica crashes with illegal instruction on z196/z114 (bsc#1010927) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-251=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (s390x): libica2-debuginfo-2.6.2-22.1 libica2-debugsource-2.6.2-22.1 libica2-devel-2.6.2-22.1 References: https://bugzilla.suse.com/1010927 https://bugzilla.suse.com/991485 From sle-updates at lists.suse.com Fri Feb 17 07:12:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2017 15:12:10 +0100 (CET) Subject: SUSE-RU-2017:0493-1: Recommended update for release-notes-sled Message-ID: <20170217141210.80633FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0493-1 Rating: low References: #1017579 #1022622 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Desktop 12 SP1 have been updated to document: - Information about release notes of skipped product versions. - No Support for Samba as Active Directory-Style Domain Controller. (fate#320709, bsc#1017579) - Zypp History Now Includes Patch Installation. (fate#312298) - Minor formatting corrections for various entries. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-253=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-253=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): release-notes-sled-12.1.20170130-16.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): release-notes-sled-12.1.20170130-16.3.1 References: https://bugzilla.suse.com/1017579 https://bugzilla.suse.com/1022622 From sle-updates at lists.suse.com Fri Feb 17 10:08:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2017 18:08:15 +0100 (CET) Subject: SUSE-SU-2017:0494-1: important: Security update for the Linux Kernel Message-ID: <20170217170815.BD005FF7B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0494-1 Rating: important References: #1001419 #1002165 #1003077 #1003253 #1003925 #1004517 #1007944 #1008374 #1008645 #1008831 #1008833 #1008850 #1009875 #1010150 #1010467 #1010501 #1010507 #1010711 #1010713 #1010716 #1011685 #1011820 #1012183 #1012422 #1012832 #1012851 #1012852 #1012895 #1013038 #1013042 #1013531 #1013542 #1014454 #1014746 #1015878 #1017710 #1018446 #1019079 #1019783 #1021258 #821612 #824171 #914939 #929141 #935436 #956514 #961923 #966826 #967716 #969340 #973691 #979595 #987576 #989152 #989261 #991665 #992566 #992569 #992906 #992991 #993890 #993891 #994296 #994618 #994759 #995968 #996329 #996541 #996557 #997059 #997401 #997708 #998689 #999932 #999943 Cross-References: CVE-2004-0230 CVE-2012-6704 CVE-2015-1350 CVE-2015-8956 CVE-2015-8962 CVE-2015-8964 CVE-2015-8970 CVE-2016-0823 CVE-2016-10088 CVE-2016-3841 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7425 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2017-5551 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 48 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374). - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux, when the GNU Compiler Collection (gcc) stack protector is enabled, used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). The following non-security bugs were fixed: - Always include the git commit in KOTD builds. This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - KVM: x86: SYSENTER emulation is broken (bsc#994618). - NFS: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - NFS: Refresh open-owner id when server says SEQID is bad (bsc#989261). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - NFSv4: add flock_owner to open context (bnc#998689). - NFSv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - NFSv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - NFSv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - NFSv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595). - SELinux: Fix possible NULL pointer dereference in selinux_inode_permission() (bsc#1012895). - USB: fix typo in wMaxPacketSize validation (bsc#991665). - USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, among others). - __ptrace_may_access() should not deny sub-threads (bsc#1012851). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - cdc-acm: added sanity checking for probe() (bsc#993891). - include/linux/math64.h: add div64_ul() (bsc#996329). - kabi-fix for flock_owner addition (bsc#998689). - kabi: get back scsi_device.current_cmnd (bsc#935436). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kexec: add a kexec_crash_loaded() function (bsc#973691). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mpt3sas: Fix panic when aer correct error occurred (bsc#997708, bsc#999943). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (VM Functionality, bsc#1008645). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS and cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils lower than 2.12.1 (bsc#967716). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - printk/sched: Introduce special printk_sched() for those awkward (bsc#1013042, bsc#996541, bsc#1015878). - qlcnic: Schedule napi directly in netpoll (bsc#966826). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/config.sh: Set a fitting release string (bsc#997059) - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - s390/dasd: fix failfast for disconnected devices (bnc#961923, LTC#135138). - sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: remove current_cmnd field from struct scsi_device (bsc#935436). - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - xfs: remove the deprecated nodelaylog option (bsc#992906). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-linux-kernel-12992=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-linux-kernel-12992=1 - SUSE Manager 2.1: zypper in -t patch sleman21-linux-kernel-12992=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-linux-kernel-12992=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-linux-kernel-12992=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-linux-kernel-12992=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-linux-kernel-12992=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): kernel-bigsmp-3.0.101-0.47.96.1 kernel-bigsmp-base-3.0.101-0.47.96.1 kernel-bigsmp-devel-3.0.101-0.47.96.1 kernel-default-3.0.101-0.47.96.1 kernel-default-base-3.0.101-0.47.96.1 kernel-default-devel-3.0.101-0.47.96.1 kernel-ec2-3.0.101-0.47.96.1 kernel-ec2-base-3.0.101-0.47.96.1 kernel-ec2-devel-3.0.101-0.47.96.1 kernel-source-3.0.101-0.47.96.1 kernel-syms-3.0.101-0.47.96.1 kernel-trace-3.0.101-0.47.96.1 kernel-trace-base-3.0.101-0.47.96.1 kernel-trace-devel-3.0.101-0.47.96.1 kernel-xen-3.0.101-0.47.96.1 kernel-xen-base-3.0.101-0.47.96.1 kernel-xen-devel-3.0.101-0.47.96.1 - SUSE Manager Proxy 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.96.1 kernel-bigsmp-base-3.0.101-0.47.96.1 kernel-bigsmp-devel-3.0.101-0.47.96.1 kernel-default-3.0.101-0.47.96.1 kernel-default-base-3.0.101-0.47.96.1 kernel-default-devel-3.0.101-0.47.96.1 kernel-ec2-3.0.101-0.47.96.1 kernel-ec2-base-3.0.101-0.47.96.1 kernel-ec2-devel-3.0.101-0.47.96.1 kernel-source-3.0.101-0.47.96.1 kernel-syms-3.0.101-0.47.96.1 kernel-trace-3.0.101-0.47.96.1 kernel-trace-base-3.0.101-0.47.96.1 kernel-trace-devel-3.0.101-0.47.96.1 kernel-xen-3.0.101-0.47.96.1 kernel-xen-base-3.0.101-0.47.96.1 kernel-xen-devel-3.0.101-0.47.96.1 - SUSE Manager 2.1 (s390x x86_64): kernel-default-3.0.101-0.47.96.1 kernel-default-base-3.0.101-0.47.96.1 kernel-default-devel-3.0.101-0.47.96.1 kernel-source-3.0.101-0.47.96.1 kernel-syms-3.0.101-0.47.96.1 kernel-trace-3.0.101-0.47.96.1 kernel-trace-base-3.0.101-0.47.96.1 kernel-trace-devel-3.0.101-0.47.96.1 - SUSE Manager 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.96.1 kernel-bigsmp-base-3.0.101-0.47.96.1 kernel-bigsmp-devel-3.0.101-0.47.96.1 kernel-ec2-3.0.101-0.47.96.1 kernel-ec2-base-3.0.101-0.47.96.1 kernel-ec2-devel-3.0.101-0.47.96.1 kernel-xen-3.0.101-0.47.96.1 kernel-xen-base-3.0.101-0.47.96.1 kernel-xen-devel-3.0.101-0.47.96.1 - SUSE Manager 2.1 (s390x): kernel-default-man-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.96.1 kernel-default-base-3.0.101-0.47.96.1 kernel-default-devel-3.0.101-0.47.96.1 kernel-source-3.0.101-0.47.96.1 kernel-syms-3.0.101-0.47.96.1 kernel-trace-3.0.101-0.47.96.1 kernel-trace-base-3.0.101-0.47.96.1 kernel-trace-devel-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.96.1 kernel-ec2-base-3.0.101-0.47.96.1 kernel-ec2-devel-3.0.101-0.47.96.1 kernel-xen-3.0.101-0.47.96.1 kernel-xen-base-3.0.101-0.47.96.1 kernel-xen-devel-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.96.1 kernel-bigsmp-base-3.0.101-0.47.96.1 kernel-bigsmp-devel-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.96.1 kernel-pae-base-3.0.101-0.47.96.1 kernel-pae-devel-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.96.1 kernel-trace-extra-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.96.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.96.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.96.1 kernel-default-base-3.0.101-0.47.96.1 kernel-default-devel-3.0.101-0.47.96.1 kernel-ec2-3.0.101-0.47.96.1 kernel-ec2-base-3.0.101-0.47.96.1 kernel-ec2-devel-3.0.101-0.47.96.1 kernel-pae-3.0.101-0.47.96.1 kernel-pae-base-3.0.101-0.47.96.1 kernel-pae-devel-3.0.101-0.47.96.1 kernel-source-3.0.101-0.47.96.1 kernel-syms-3.0.101-0.47.96.1 kernel-trace-3.0.101-0.47.96.1 kernel-trace-base-3.0.101-0.47.96.1 kernel-trace-devel-3.0.101-0.47.96.1 kernel-xen-3.0.101-0.47.96.1 kernel-xen-base-3.0.101-0.47.96.1 kernel-xen-devel-3.0.101-0.47.96.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.96.1 kernel-default-debugsource-3.0.101-0.47.96.1 kernel-trace-debuginfo-3.0.101-0.47.96.1 kernel-trace-debugsource-3.0.101-0.47.96.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.96.1 kernel-ec2-debugsource-3.0.101-0.47.96.1 kernel-xen-debuginfo-3.0.101-0.47.96.1 kernel-xen-debugsource-3.0.101-0.47.96.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.96.1 kernel-bigsmp-debugsource-3.0.101-0.47.96.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.96.1 kernel-pae-debugsource-3.0.101-0.47.96.1 References: https://www.suse.com/security/cve/CVE-2004-0230.html https://www.suse.com/security/cve/CVE-2012-6704.html https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2015-8956.html https://www.suse.com/security/cve/CVE-2015-8962.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2015-8970.html https://www.suse.com/security/cve/CVE-2016-0823.html https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-3841.html https://www.suse.com/security/cve/CVE-2016-6828.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7097.html https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-7425.html https://www.suse.com/security/cve/CVE-2016-7910.html https://www.suse.com/security/cve/CVE-2016-7911.html https://www.suse.com/security/cve/CVE-2016-7916.html https://www.suse.com/security/cve/CVE-2016-8399.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-8633.html https://www.suse.com/security/cve/CVE-2016-8646.html https://www.suse.com/security/cve/CVE-2016-9555.html https://www.suse.com/security/cve/CVE-2016-9685.html https://www.suse.com/security/cve/CVE-2016-9756.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2017-5551.html https://bugzilla.suse.com/1001419 https://bugzilla.suse.com/1002165 https://bugzilla.suse.com/1003077 https://bugzilla.suse.com/1003253 https://bugzilla.suse.com/1003925 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1007944 https://bugzilla.suse.com/1008374 https://bugzilla.suse.com/1008645 https://bugzilla.suse.com/1008831 https://bugzilla.suse.com/1008833 https://bugzilla.suse.com/1008850 https://bugzilla.suse.com/1009875 https://bugzilla.suse.com/1010150 https://bugzilla.suse.com/1010467 https://bugzilla.suse.com/1010501 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010711 https://bugzilla.suse.com/1010713 https://bugzilla.suse.com/1010716 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1011820 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012832 https://bugzilla.suse.com/1012851 https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1012895 https://bugzilla.suse.com/1013038 https://bugzilla.suse.com/1013042 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013542 https://bugzilla.suse.com/1014454 https://bugzilla.suse.com/1014746 https://bugzilla.suse.com/1015878 https://bugzilla.suse.com/1017710 https://bugzilla.suse.com/1018446 https://bugzilla.suse.com/1019079 https://bugzilla.suse.com/1019783 https://bugzilla.suse.com/1021258 https://bugzilla.suse.com/821612 https://bugzilla.suse.com/824171 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/929141 https://bugzilla.suse.com/935436 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/961923 https://bugzilla.suse.com/966826 https://bugzilla.suse.com/967716 https://bugzilla.suse.com/969340 https://bugzilla.suse.com/973691 https://bugzilla.suse.com/979595 https://bugzilla.suse.com/987576 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989261 https://bugzilla.suse.com/991665 https://bugzilla.suse.com/992566 https://bugzilla.suse.com/992569 https://bugzilla.suse.com/992906 https://bugzilla.suse.com/992991 https://bugzilla.suse.com/993890 https://bugzilla.suse.com/993891 https://bugzilla.suse.com/994296 https://bugzilla.suse.com/994618 https://bugzilla.suse.com/994759 https://bugzilla.suse.com/995968 https://bugzilla.suse.com/996329 https://bugzilla.suse.com/996541 https://bugzilla.suse.com/996557 https://bugzilla.suse.com/997059 https://bugzilla.suse.com/997401 https://bugzilla.suse.com/997708 https://bugzilla.suse.com/998689 https://bugzilla.suse.com/999932 https://bugzilla.suse.com/999943 From sle-updates at lists.suse.com Fri Feb 17 10:23:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Feb 2017 18:23:24 +0100 (CET) Subject: SUSE-SU-2017:0495-1: moderate: Security update for openssl1 Message-ID: <20170217172324.5FC92FF7C@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0495-1 Rating: moderate References: #1000677 #1001707 #1001912 #1004499 #1005878 #1019334 #1021641 #1022085 #1022644 Cross-References: CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves four vulnerabilities and has 5 fixes is now available. Description: This update for openssl1 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - call c_rehash in %post (bsc#1001707) - ship static libraries in the devel package (bsc#1022644) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-12991=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.57.1 libopenssl1_0_0-1.0.1g-0.57.1 openssl1-1.0.1g-0.57.1 openssl1-doc-1.0.1g-0.57.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.57.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.57.1 References: https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-7056.html https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2017-3731.html https://bugzilla.suse.com/1000677 https://bugzilla.suse.com/1001707 https://bugzilla.suse.com/1001912 https://bugzilla.suse.com/1004499 https://bugzilla.suse.com/1005878 https://bugzilla.suse.com/1019334 https://bugzilla.suse.com/1021641 https://bugzilla.suse.com/1022085 https://bugzilla.suse.com/1022644 From sle-updates at lists.suse.com Sat Feb 18 07:09:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Feb 2017 15:09:43 +0100 (CET) Subject: SUSE-RU-2017:0503-1: Recommended update for SUSE OpenStack Cloud Deployment and Supplement guides Message-ID: <20170218140943.D3C83FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE OpenStack Cloud Deployment and Supplement guides ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0503-1 Rating: low References: #1002833 #1003614 #1009072 #1013625 #1015973 #1017764 #1018971 #1021111 #1021352 #861532 #920428 #941537 #960523 #964460 #964618 #969537 #970244 #971597 #971787 #972237 #973750 #974464 #974937 #975005 #975943 #977539 #979851 #981900 #982474 #982561 #985662 #987664 #992548 #993428 #993518 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has 35 recommended fixes can now be installed. Description: SUSE OpenStack Cloud Deployment and Supplement guides have been updated to document: Deployment Guide: - Added Information on how to make IBM zSeries available for Compute Nodes. (bsc#964460) - Included to documentation how to recover from DRBD split brain. (bsc#970244) - Fixed awk command in cluster recovery chapter. (bsc#975005) - Fixed settings for the hybrid backend configuration for keystone. (bsc#974464) - Fixed SUSE Manager barclamp description. (bsc#977539) - Clarified wording around the speed quantifier in conduit_maps in the network barclamp. (bsc#993518) - Updated admin server RAM requirements. (bsc#971597) - Changed keystone algorithm recommendation to uuid instead of pki. (bsc#973750) - Fixed wording about teaming mode in the "Network Conduits" section. (bsc#1003614) - Documented trust_delegated_roles parameter for Heat barclamp. (bsc#974937) - Documented support status of admin server on virtual nodes. (bsc#979851) - Added Cinder as a possible Glance option. (bsc#969537) - force_config_drive in nova.conf enabled automatically for compute nodes. (bsc#992548) - Clarified watchdog configuration. (bsc#971787) - Corrected color code descriptions for node status. (bsc#981900) - Provided more information on network bonding modes. (bsc#993428) - Nova HA Setup needs shared storage. (bsc#985662) - Explained that SMT server on admin node can only be used for SUSE Cloud. (bsc#1013625) - Updated hardware requirements for storage nodes. (bsc#982474) - Upgrade requires DNS server role on the admin server. (bsc#982561) - Horizon Session Timeout. (bsc#941537) - Documented minimum ranges for networks. (bsc#972237) - Added Infoblox support. (bsc#1009072) - Better document impact of ceph configuration. (bsc#975943) - Updated start/stop order for services. (bsc#1002833) - Added more details on ceph-radosgw. (bsc#920428) - Updated SSL requirements for HA. (bsc#1015973) - Clarified wording regarding the network requirements for HA. (bsc#960523) - Fixed self-referencing link. (bsc#1017764) - Updated HA requirements for the network. (bsc#987664) - Added software defined network to the network diagrams. (bsc#861532) - Provided additional details on licensing. (bsc#1018971) - Hawk uses https instead http. (bsc#1021111) - Corrections for the Network JSON scheme. (bsc#1021352) - Additions and changes regarding Ceph. - Added "Proof of Concept" (POC) guide. Supplement Guide: - Document how to boot custom kernel from Btrfs with Xen PV. (bsc#964618) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-259=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): suse-openstack-cloud-deployment_en-6-11.1 suse-openstack-cloud-deployment_en-pdf-6-11.1 suse-openstack-cloud-supplement_en-6-10.1 suse-openstack-cloud-supplement_en-pdf-6-10.1 References: https://bugzilla.suse.com/1002833 https://bugzilla.suse.com/1003614 https://bugzilla.suse.com/1009072 https://bugzilla.suse.com/1013625 https://bugzilla.suse.com/1015973 https://bugzilla.suse.com/1017764 https://bugzilla.suse.com/1018971 https://bugzilla.suse.com/1021111 https://bugzilla.suse.com/1021352 https://bugzilla.suse.com/861532 https://bugzilla.suse.com/920428 https://bugzilla.suse.com/941537 https://bugzilla.suse.com/960523 https://bugzilla.suse.com/964460 https://bugzilla.suse.com/964618 https://bugzilla.suse.com/969537 https://bugzilla.suse.com/970244 https://bugzilla.suse.com/971597 https://bugzilla.suse.com/971787 https://bugzilla.suse.com/972237 https://bugzilla.suse.com/973750 https://bugzilla.suse.com/974464 https://bugzilla.suse.com/974937 https://bugzilla.suse.com/975005 https://bugzilla.suse.com/975943 https://bugzilla.suse.com/977539 https://bugzilla.suse.com/979851 https://bugzilla.suse.com/981900 https://bugzilla.suse.com/982474 https://bugzilla.suse.com/982561 https://bugzilla.suse.com/985662 https://bugzilla.suse.com/987664 https://bugzilla.suse.com/992548 https://bugzilla.suse.com/993428 https://bugzilla.suse.com/993518 From sle-updates at lists.suse.com Sat Feb 18 07:17:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Feb 2017 15:17:04 +0100 (CET) Subject: SUSE-RU-2017:0505-1: moderate: Recommended update for smt Message-ID: <20170218141704.5BC9EFF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0505-1 Rating: moderate References: #1018797 #1021405 #969339 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for smt fixes the following issues: - Fix support for creating custom repositories. (bsc#1021405) - Convert PatchRefs table to UTF8. (bsc#1018797) - Create /usr/sbin/rcsmt symbolic link for convenience. (bsc#969339) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-258=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-258=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-258=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-258=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): res-signingkeys-3.0.23-42.1 smt-3.0.23-42.1 smt-debuginfo-3.0.23-42.1 smt-debugsource-3.0.23-42.1 smt-support-3.0.23-42.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): res-signingkeys-3.0.23-42.1 smt-3.0.23-42.1 smt-debuginfo-3.0.23-42.1 smt-debugsource-3.0.23-42.1 smt-support-3.0.23-42.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): res-signingkeys-3.0.23-42.1 smt-3.0.23-42.1 smt-debuginfo-3.0.23-42.1 smt-debugsource-3.0.23-42.1 smt-support-3.0.23-42.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.23-42.1 References: https://bugzilla.suse.com/1018797 https://bugzilla.suse.com/1021405 https://bugzilla.suse.com/969339 From sle-updates at lists.suse.com Mon Feb 20 07:09:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 15:09:49 +0100 (CET) Subject: SUSE-OU-2017:0516-1: Initial release of python-ravello-sdk Message-ID: <20170220140949.EAE57FF7B@maintenance.suse.de> SUSE Optional Update: Initial release of python-ravello-sdk ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:0516-1 Rating: low References: #1018964 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides python-ravello-sdk, a micro-SDK for accessing the Ravello API in Python. It also contains a few useful utility scripts. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-266=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-ravello-sdk-2.1-4.1 References: https://bugzilla.suse.com/1018964 From sle-updates at lists.suse.com Mon Feb 20 07:10:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 15:10:17 +0100 (CET) Subject: SUSE-SU-2017:0517-1: important: Security update for the Linux Kernel Message-ID: <20170220141017.B48C1FF7F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0517-1 Rating: important References: #1020048 #1024938 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to fix the following two issues: - CVE-2017-5970: Remote attackers could have potentially caused a denial of service by sending bad IP options on a socket (bsc#1024938) - Fix a regression in MD RAID1 which could have caused wrong data to be read (bsc#1020048) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-267=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-267=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-267=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-267=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-267=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-267=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.69-60.64.32.1 kernel-default-debugsource-3.12.69-60.64.32.1 kernel-default-extra-3.12.69-60.64.32.1 kernel-default-extra-debuginfo-3.12.69-60.64.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.69-60.64.32.1 kernel-obs-build-debugsource-3.12.69-60.64.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.69-60.64.32.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.69-60.64.32.1 kernel-default-base-3.12.69-60.64.32.1 kernel-default-base-debuginfo-3.12.69-60.64.32.1 kernel-default-debuginfo-3.12.69-60.64.32.1 kernel-default-debugsource-3.12.69-60.64.32.1 kernel-default-devel-3.12.69-60.64.32.1 kernel-syms-3.12.69-60.64.32.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.69-60.64.32.1 kernel-macros-3.12.69-60.64.32.1 kernel-source-3.12.69-60.64.32.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.69-60.64.32.1 kernel-xen-base-3.12.69-60.64.32.1 kernel-xen-base-debuginfo-3.12.69-60.64.32.1 kernel-xen-debuginfo-3.12.69-60.64.32.1 kernel-xen-debugsource-3.12.69-60.64.32.1 kernel-xen-devel-3.12.69-60.64.32.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.69-60.64.32.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.69-60.64.32.1 kernel-ec2-debuginfo-3.12.69-60.64.32.1 kernel-ec2-debugsource-3.12.69-60.64.32.1 kernel-ec2-devel-3.12.69-60.64.32.1 kernel-ec2-extra-3.12.69-60.64.32.1 kernel-ec2-extra-debuginfo-3.12.69-60.64.32.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_32-default-1-2.1 kgraft-patch-3_12_69-60_64_32-xen-1-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.69-60.64.32.1 kernel-macros-3.12.69-60.64.32.1 kernel-source-3.12.69-60.64.32.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.69-60.64.32.1 kernel-default-debuginfo-3.12.69-60.64.32.1 kernel-default-debugsource-3.12.69-60.64.32.1 kernel-default-devel-3.12.69-60.64.32.1 kernel-default-extra-3.12.69-60.64.32.1 kernel-default-extra-debuginfo-3.12.69-60.64.32.1 kernel-syms-3.12.69-60.64.32.1 kernel-xen-3.12.69-60.64.32.1 kernel-xen-debuginfo-3.12.69-60.64.32.1 kernel-xen-debugsource-3.12.69-60.64.32.1 kernel-xen-devel-3.12.69-60.64.32.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1020048 https://bugzilla.suse.com/1024938 From sle-updates at lists.suse.com Mon Feb 20 07:10:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 15:10:58 +0100 (CET) Subject: SUSE-SU-2017:0518-1: moderate: Security update for GraphicsMagick Message-ID: <20170220141058.69055FF7F@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0518-1 Rating: moderate References: #1017310 #1017311 #1017312 #1017313 #1017318 #1017321 #1017322 #1017324 #1017326 #1020443 #1020448 Cross-References: CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10059 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10070 CVE-2016-10146 CVE-2017-5511 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310). - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311). - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312). - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313). - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318). - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321). - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322). - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324). - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326). - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-12994=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-12994=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-12994=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.62.1 libGraphicsMagick2-1.2.5-4.62.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.62.1 libGraphicsMagick2-1.2.5-4.62.1 perl-GraphicsMagick-1.2.5-4.62.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.62.1 GraphicsMagick-debugsource-1.2.5-4.62.1 References: https://www.suse.com/security/cve/CVE-2016-10048.html https://www.suse.com/security/cve/CVE-2016-10049.html https://www.suse.com/security/cve/CVE-2016-10050.html https://www.suse.com/security/cve/CVE-2016-10051.html https://www.suse.com/security/cve/CVE-2016-10059.html https://www.suse.com/security/cve/CVE-2016-10064.html https://www.suse.com/security/cve/CVE-2016-10065.html https://www.suse.com/security/cve/CVE-2016-10068.html https://www.suse.com/security/cve/CVE-2016-10070.html https://www.suse.com/security/cve/CVE-2016-10146.html https://www.suse.com/security/cve/CVE-2017-5511.html https://bugzilla.suse.com/1017310 https://bugzilla.suse.com/1017311 https://bugzilla.suse.com/1017312 https://bugzilla.suse.com/1017313 https://bugzilla.suse.com/1017318 https://bugzilla.suse.com/1017321 https://bugzilla.suse.com/1017322 https://bugzilla.suse.com/1017324 https://bugzilla.suse.com/1017326 https://bugzilla.suse.com/1020443 https://bugzilla.suse.com/1020448 From sle-updates at lists.suse.com Mon Feb 20 07:13:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 15:13:04 +0100 (CET) Subject: SUSE-SU-2017:0519-1: moderate: Security update for tigervnc Message-ID: <20170220141304.74678FF7B@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0519-1 Rating: moderate References: #1019274 #1023012 Cross-References: CVE-2016-10207 CVE-2016-9941 CVE-2016-9942 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tigervnc provides the following fixes: - Prevent malicious server from crashing a server via a buffer overflow, a similar flaw as the LibVNCServer issues CVE-2016-9941 and CVE-2016-9942.. (bsc#1019274) - CVE-2016-10207: Prevent potential crash due to insufficient clean-up after failure to establish TLS connection. (bsc#1023012) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-263=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-263=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): tigervnc-1.4.3-19.1 tigervnc-debuginfo-1.4.3-19.1 tigervnc-debugsource-1.4.3-19.1 xorg-x11-Xvnc-1.4.3-19.1 xorg-x11-Xvnc-debuginfo-1.4.3-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): tigervnc-1.4.3-19.1 tigervnc-debuginfo-1.4.3-19.1 tigervnc-debugsource-1.4.3-19.1 xorg-x11-Xvnc-1.4.3-19.1 xorg-x11-Xvnc-debuginfo-1.4.3-19.1 References: https://www.suse.com/security/cve/CVE-2016-10207.html https://www.suse.com/security/cve/CVE-2016-9941.html https://www.suse.com/security/cve/CVE-2016-9942.html https://bugzilla.suse.com/1019274 https://bugzilla.suse.com/1023012 From sle-updates at lists.suse.com Mon Feb 20 07:13:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 15:13:44 +0100 (CET) Subject: SUSE-RU-2017:0520-1: Recommended update for dirmngr Message-ID: <20170220141344.99766FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for dirmngr ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0520-1 Rating: low References: #1019276 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dirmngr fixes the following issues: - Properly initialize the dirmngr tmpfilesd files right away and not just during reboot - Own the /usr/lib/tmpfiles.d/ folder as it is needed in older systemds wrt (bsc#1019276) - Proprely require logrotate as we need it for the dirmngr configs Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-261=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-261=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-261=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-261=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-261=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dirmngr-1.1.1-10.1 dirmngr-debuginfo-1.1.1-10.1 dirmngr-debugsource-1.1.1-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dirmngr-1.1.1-10.1 dirmngr-debuginfo-1.1.1-10.1 dirmngr-debugsource-1.1.1-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dirmngr-1.1.1-10.1 dirmngr-debuginfo-1.1.1-10.1 dirmngr-debugsource-1.1.1-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dirmngr-1.1.1-10.1 dirmngr-debuginfo-1.1.1-10.1 dirmngr-debugsource-1.1.1-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dirmngr-1.1.1-10.1 dirmngr-debuginfo-1.1.1-10.1 dirmngr-debugsource-1.1.1-10.1 References: https://bugzilla.suse.com/1019276 From sle-updates at lists.suse.com Mon Feb 20 07:14:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 15:14:09 +0100 (CET) Subject: SUSE-RU-2017:0521-1: Recommended update for release-notes-sles Message-ID: <20170220141409.32802FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0521-1 Rating: low References: #1017579 #1024372 #967407 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP1 have been updated to document: - Information about release notes of skipped product versions. - No Support for Samba as Active Directory-Style Domain Controller. (fate#320709, bsc#1017579) - Docker Compose Has Been Removed from the Containers Module. (fate#320740, bsc#967407) - Minor clarification about Docker Orchestration. (fate#321136) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-260=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): release-notes-sles-12.1.20170208-25.9.1 References: https://bugzilla.suse.com/1017579 https://bugzilla.suse.com/1024372 https://bugzilla.suse.com/967407 From sle-updates at lists.suse.com Mon Feb 20 10:08:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 18:08:36 +0100 (CET) Subject: SUSE-RU-2017:0522-1: Recommended update for google-compute-engine-init Message-ID: <20170220170836.9E788FF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0522-1 Rating: low References: #1015829 #1016372 #1017395 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for google-compute-engine-init fixes the following issues: - Scripts that are one-shot should not be marked as "stop_on_removal" as there is no process running. (bsc#1017395) - Add and improved support for alias IPs in the IP forwarding daemon. (bsc#1016372, bsc#1015829) - Fix startup script to run after network setup. - Provide a service to enable network interfaces on boot. For a detailed description of all changes and improvements, please refer to the changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-google-compute-engine-init-12995=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): google-compute-engine-init-20161212-5.1 References: https://bugzilla.suse.com/1015829 https://bugzilla.suse.com/1016372 https://bugzilla.suse.com/1017395 From sle-updates at lists.suse.com Mon Feb 20 10:09:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 18:09:24 +0100 (CET) Subject: SUSE-SU-2017:0523-1: important: Security update for flash-player Message-ID: <20170220170924.252ECFF7F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0523-1 Rating: important References: #1025258 Cross-References: CVE-2017-2982 CVE-2017-2985 CVE-2017-2986 CVE-2017-2987 CVE-2017-2988 CVE-2017-2990 CVE-2017-2991 CVE-2017-2992 CVE-2017-2993 CVE-2017-2994 CVE-2017-2995 CVE-2017-2996 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: The Adobe flash-player was updated to 24.0.0.221 to fix the following issues: Security update to 24.0.0.221 (bsc#1025258), fixing the following vulnerabilities advised under APSB17-04: * type confusion vulnerability that could lead to code execution (CVE-2017-2995). * integer overflow vulnerability that could lead to code execution (CVE-2017-2987). * use-after-free vulnerabilities that could lead to code execution (CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, CVE-2017-2994). * heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017- 2984, CVE-2017-2986, CVE-2017-2992). * memory corruption vulnerabilities that could lead to code execution (CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2996). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-268=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-268=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-24.0.0.221-158.1 flash-player-gnome-24.0.0.221-158.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-24.0.0.221-158.1 flash-player-gnome-24.0.0.221-158.1 References: https://www.suse.com/security/cve/CVE-2017-2982.html https://www.suse.com/security/cve/CVE-2017-2985.html https://www.suse.com/security/cve/CVE-2017-2986.html https://www.suse.com/security/cve/CVE-2017-2987.html https://www.suse.com/security/cve/CVE-2017-2988.html https://www.suse.com/security/cve/CVE-2017-2990.html https://www.suse.com/security/cve/CVE-2017-2991.html https://www.suse.com/security/cve/CVE-2017-2992.html https://www.suse.com/security/cve/CVE-2017-2993.html https://www.suse.com/security/cve/CVE-2017-2994.html https://www.suse.com/security/cve/CVE-2017-2995.html https://www.suse.com/security/cve/CVE-2017-2996.html https://bugzilla.suse.com/1025258 From sle-updates at lists.suse.com Mon Feb 20 13:07:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 21:07:35 +0100 (CET) Subject: SUSE-RU-2017:0524-1: Recommended update for yast2-registration Message-ID: <20170220200735.A05F8FF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0524-1 Rating: low References: #941427 #996891 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-registration fixes the following issues: - Better handle invalid credentials at start (bsc#941427) - Remember the beta filter value and set it when going back (bsc#996891) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-271=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-271=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-271=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-registration-3.1.190-24.3.9 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-registration-3.1.190-24.3.9 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): yast2-registration-3.1.190-24.3.9 References: https://bugzilla.suse.com/941427 https://bugzilla.suse.com/996891 From sle-updates at lists.suse.com Mon Feb 20 13:08:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 21:08:09 +0100 (CET) Subject: SUSE-RU-2017:0525-1: moderate: Recommended update for smt Message-ID: <20170220200809.03F16FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0525-1 Rating: moderate References: #1021405 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for smt fixes support for creating custom repositories. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-smt-12996=1 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): res-signingkeys-2.0.29-46.1 smt-2.0.29-46.1 smt-support-2.0.29-46.1 References: https://bugzilla.suse.com/1021405 From sle-updates at lists.suse.com Mon Feb 20 13:08:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Feb 2017 21:08:33 +0100 (CET) Subject: SUSE-RU-2017:0526-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20170220200833.AC538FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0526-1 Rating: moderate References: #1024794 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - If the base product registration failed with a given SMT server, the fallback code to try another server generated a traceback. This update fixes the list name for loops in the failover code path. (bsc#1024794) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-270=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-7.0.2-45.1 cloud-regionsrv-client-generic-config-1.0.0-45.1 cloud-regionsrv-client-plugin-gce-1.0.0-45.1 References: https://bugzilla.suse.com/1024794 From sle-updates at lists.suse.com Tue Feb 21 07:07:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2017 15:07:55 +0100 (CET) Subject: SUSE-SU-2017:0529-1: moderate: Security update for ImageMagick Message-ID: <20170221140755.317ABFF7B@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0529-1 Rating: moderate References: #1017308 #1017310 #1017311 #1017312 #1017313 #1017314 #1017318 #1017319 #1017320 #1017321 #1017322 #1017324 #1017325 #1017326 #1017421 #1020433 #1020435 #1020436 #1020439 #1020441 #1020443 #1020446 #1020448 Cross-References: CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061 CVE-2016-10062 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308) - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314) - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319) - CVE-2016-10061: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10062: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320) - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10069: Add check for invalid mat file (bsc#1017325). - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433) - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435) - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436) - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439) - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441) - CVE-2017-5510: Prevent out-of-bounds write when reading PSD files (bsc#1020446). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-273=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-273=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-273=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-273=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-273=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-273=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-273=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-273=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-273=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-59.1 ImageMagick-debuginfo-6.8.8.1-59.1 ImageMagick-debugsource-6.8.8.1-59.1 libMagick++-6_Q16-3-6.8.8.1-59.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-59.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-59.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-59.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ImageMagick-6.8.8.1-59.1 ImageMagick-debuginfo-6.8.8.1-59.1 ImageMagick-debugsource-6.8.8.1-59.1 libMagick++-6_Q16-3-6.8.8.1-59.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-59.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-59.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-59.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-59.1 ImageMagick-debuginfo-6.8.8.1-59.1 ImageMagick-debugsource-6.8.8.1-59.1 ImageMagick-devel-6.8.8.1-59.1 libMagick++-6_Q16-3-6.8.8.1-59.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-59.1 libMagick++-devel-6.8.8.1-59.1 perl-PerlMagick-6.8.8.1-59.1 perl-PerlMagick-debuginfo-6.8.8.1-59.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-59.1 ImageMagick-debuginfo-6.8.8.1-59.1 ImageMagick-debugsource-6.8.8.1-59.1 ImageMagick-devel-6.8.8.1-59.1 libMagick++-6_Q16-3-6.8.8.1-59.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-59.1 libMagick++-devel-6.8.8.1-59.1 perl-PerlMagick-6.8.8.1-59.1 perl-PerlMagick-debuginfo-6.8.8.1-59.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-59.1 ImageMagick-debugsource-6.8.8.1-59.1 libMagickCore-6_Q16-1-6.8.8.1-59.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-59.1 libMagickWand-6_Q16-1-6.8.8.1-59.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-59.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ImageMagick-debuginfo-6.8.8.1-59.1 ImageMagick-debugsource-6.8.8.1-59.1 libMagickCore-6_Q16-1-6.8.8.1-59.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-59.1 libMagickWand-6_Q16-1-6.8.8.1-59.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-59.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-59.1 ImageMagick-debugsource-6.8.8.1-59.1 libMagickCore-6_Q16-1-6.8.8.1-59.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-59.1 libMagickWand-6_Q16-1-6.8.8.1-59.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-59.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-59.1 ImageMagick-debuginfo-6.8.8.1-59.1 ImageMagick-debugsource-6.8.8.1-59.1 libMagick++-6_Q16-3-6.8.8.1-59.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-59.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-59.1 libMagickCore-6_Q16-1-6.8.8.1-59.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-59.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-59.1 libMagickWand-6_Q16-1-6.8.8.1-59.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-59.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ImageMagick-6.8.8.1-59.1 ImageMagick-debuginfo-6.8.8.1-59.1 ImageMagick-debugsource-6.8.8.1-59.1 libMagick++-6_Q16-3-6.8.8.1-59.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-59.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-59.1 libMagickCore-6_Q16-1-6.8.8.1-59.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-59.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-59.1 libMagickWand-6_Q16-1-6.8.8.1-59.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-59.1 References: https://www.suse.com/security/cve/CVE-2016-10046.html https://www.suse.com/security/cve/CVE-2016-10048.html https://www.suse.com/security/cve/CVE-2016-10049.html https://www.suse.com/security/cve/CVE-2016-10050.html https://www.suse.com/security/cve/CVE-2016-10051.html https://www.suse.com/security/cve/CVE-2016-10052.html https://www.suse.com/security/cve/CVE-2016-10059.html https://www.suse.com/security/cve/CVE-2016-10060.html https://www.suse.com/security/cve/CVE-2016-10061.html https://www.suse.com/security/cve/CVE-2016-10062.html https://www.suse.com/security/cve/CVE-2016-10063.html https://www.suse.com/security/cve/CVE-2016-10064.html https://www.suse.com/security/cve/CVE-2016-10065.html https://www.suse.com/security/cve/CVE-2016-10068.html https://www.suse.com/security/cve/CVE-2016-10069.html https://www.suse.com/security/cve/CVE-2016-10070.html https://www.suse.com/security/cve/CVE-2016-10071.html https://www.suse.com/security/cve/CVE-2016-10144.html https://www.suse.com/security/cve/CVE-2016-10145.html https://www.suse.com/security/cve/CVE-2016-10146.html https://www.suse.com/security/cve/CVE-2017-5506.html https://www.suse.com/security/cve/CVE-2017-5507.html https://www.suse.com/security/cve/CVE-2017-5508.html https://www.suse.com/security/cve/CVE-2017-5510.html https://www.suse.com/security/cve/CVE-2017-5511.html https://bugzilla.suse.com/1017308 https://bugzilla.suse.com/1017310 https://bugzilla.suse.com/1017311 https://bugzilla.suse.com/1017312 https://bugzilla.suse.com/1017313 https://bugzilla.suse.com/1017314 https://bugzilla.suse.com/1017318 https://bugzilla.suse.com/1017319 https://bugzilla.suse.com/1017320 https://bugzilla.suse.com/1017321 https://bugzilla.suse.com/1017322 https://bugzilla.suse.com/1017324 https://bugzilla.suse.com/1017325 https://bugzilla.suse.com/1017326 https://bugzilla.suse.com/1017421 https://bugzilla.suse.com/1020433 https://bugzilla.suse.com/1020435 https://bugzilla.suse.com/1020436 https://bugzilla.suse.com/1020439 https://bugzilla.suse.com/1020441 https://bugzilla.suse.com/1020443 https://bugzilla.suse.com/1020446 https://bugzilla.suse.com/1020448 From sle-updates at lists.suse.com Tue Feb 21 07:12:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2017 15:12:00 +0100 (CET) Subject: SUSE-RU-2017:0530-1: moderate: Recommended update for libvirt Message-ID: <20170221141200.B329BFF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0530-1 Rating: moderate References: #1003379 #1013991 #1016253 #1017086 #1017762 #1018189 #1019969 #1023436 #959297 #987002 #999070 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for libvirt provides the following fixes: - apparmor: Don't fail on non-apparmor seclabel (bsc#1023436) - libxl: Fix reporting of domain maximum memory (bsc#1017762) - libxl: Set disk format to raw if not specified and fix disk detach (bsc#1003379) - libxl: Fix timer configurations (bsc#1019969) - Fix loop on usb entries in libxl driver (bsc#1018189) - Always enable PAE for x86_64 HVM (bsc#987002) - Implement virDomainGetMaxVcpus in libxl (bsc#1017762) - Option --postcopy is mandatory with --postcopy-after-precopy in "virsh migrate" (bsc#1017086) - Ignore domain-0 in libvirt-guests service (bsc#1016253) - Avoid libvirtd crash when transient lxc domain fails to start (bsc#1013991) - Fix libvirtd crash when destroying lxc domains (bsc#1013991) - Explicitly set qemu-bridge-helper path to /usr/lib/ (bsc#999070) - Package org.libvirt.api.policy polkit file (bsc#959297) - Mark /etc/libvirt/nwfilter/*.xml files as config files. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-274=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-274=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-274=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-274=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-274=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libvirt-client-32bit-2.0.0-27.5.1 libvirt-client-debuginfo-32bit-2.0.0-27.5.1 libvirt-debugsource-2.0.0-27.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-2.0.0-27.5.1 libvirt-devel-2.0.0-27.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvirt-2.0.0-27.5.1 libvirt-client-2.0.0-27.5.1 libvirt-client-debuginfo-2.0.0-27.5.1 libvirt-daemon-2.0.0-27.5.1 libvirt-daemon-config-network-2.0.0-27.5.1 libvirt-daemon-config-nwfilter-2.0.0-27.5.1 libvirt-daemon-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-interface-2.0.0-27.5.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-lxc-2.0.0-27.5.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-network-2.0.0-27.5.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-nodedev-2.0.0-27.5.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-nwfilter-2.0.0-27.5.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-qemu-2.0.0-27.5.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-secret-2.0.0-27.5.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-storage-2.0.0-27.5.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.5.1 libvirt-daemon-lxc-2.0.0-27.5.1 libvirt-daemon-qemu-2.0.0-27.5.1 libvirt-debugsource-2.0.0-27.5.1 libvirt-doc-2.0.0-27.5.1 libvirt-lock-sanlock-2.0.0-27.5.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.5.1 libvirt-nss-2.0.0-27.5.1 libvirt-nss-debuginfo-2.0.0-27.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libvirt-2.0.0-27.5.1 libvirt-client-2.0.0-27.5.1 libvirt-client-debuginfo-2.0.0-27.5.1 libvirt-daemon-2.0.0-27.5.1 libvirt-daemon-config-network-2.0.0-27.5.1 libvirt-daemon-config-nwfilter-2.0.0-27.5.1 libvirt-daemon-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-interface-2.0.0-27.5.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-lxc-2.0.0-27.5.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-network-2.0.0-27.5.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-nodedev-2.0.0-27.5.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-nwfilter-2.0.0-27.5.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-qemu-2.0.0-27.5.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-secret-2.0.0-27.5.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-storage-2.0.0-27.5.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.5.1 libvirt-daemon-lxc-2.0.0-27.5.1 libvirt-daemon-qemu-2.0.0-27.5.1 libvirt-debugsource-2.0.0-27.5.1 libvirt-doc-2.0.0-27.5.1 libvirt-lock-sanlock-2.0.0-27.5.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.5.1 libvirt-nss-2.0.0-27.5.1 libvirt-nss-debuginfo-2.0.0-27.5.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.5.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.5.1 libvirt-daemon-xen-2.0.0-27.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvirt-2.0.0-27.5.1 libvirt-client-2.0.0-27.5.1 libvirt-client-32bit-2.0.0-27.5.1 libvirt-client-debuginfo-2.0.0-27.5.1 libvirt-client-debuginfo-32bit-2.0.0-27.5.1 libvirt-daemon-2.0.0-27.5.1 libvirt-daemon-config-network-2.0.0-27.5.1 libvirt-daemon-config-nwfilter-2.0.0-27.5.1 libvirt-daemon-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-interface-2.0.0-27.5.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-libxl-2.0.0-27.5.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-lxc-2.0.0-27.5.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-network-2.0.0-27.5.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-nodedev-2.0.0-27.5.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-nwfilter-2.0.0-27.5.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-qemu-2.0.0-27.5.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-secret-2.0.0-27.5.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.5.1 libvirt-daemon-driver-storage-2.0.0-27.5.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.5.1 libvirt-daemon-lxc-2.0.0-27.5.1 libvirt-daemon-qemu-2.0.0-27.5.1 libvirt-daemon-xen-2.0.0-27.5.1 libvirt-debugsource-2.0.0-27.5.1 libvirt-doc-2.0.0-27.5.1 References: https://bugzilla.suse.com/1003379 https://bugzilla.suse.com/1013991 https://bugzilla.suse.com/1016253 https://bugzilla.suse.com/1017086 https://bugzilla.suse.com/1017762 https://bugzilla.suse.com/1018189 https://bugzilla.suse.com/1019969 https://bugzilla.suse.com/1023436 https://bugzilla.suse.com/959297 https://bugzilla.suse.com/987002 https://bugzilla.suse.com/999070 From sle-updates at lists.suse.com Tue Feb 21 10:08:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2017 18:08:31 +0100 (CET) Subject: SUSE-RU-2017:0532-1: moderate: Recommended update for calamari-server Message-ID: <20170221170831.2E80FFF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for calamari-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0532-1 Rating: moderate References: #1014451 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for calamari-server fixes the following issue: - calamari-ctl: limit django secret key permissions (bsc#1014451) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-275=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): calamari-server-1.3+git.1481863578.54d2487-7.23 References: https://bugzilla.suse.com/1014451 From sle-updates at lists.suse.com Tue Feb 21 13:07:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Feb 2017 21:07:38 +0100 (CET) Subject: SUSE-RU-2017:0533-1: Recommended update for regionServiceClientConfigEC2 Message-ID: <20170221200738.B50C9FF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigEC2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0533-1 Rating: low References: #1025004 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for regionServiceClientConfigEC2 fixes the following issues: - Delete old certificate of server that's no longer active. - Add certificate for new server 34.197.223.242. - Add region server for China region. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-276=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): regionServiceClientConfigEC2-2.0.0-3.1 References: https://bugzilla.suse.com/1025004 From sle-updates at lists.suse.com Wed Feb 22 07:08:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 15:08:22 +0100 (CET) Subject: SUSE-SU-2017:0534-1: important: Security update for php7 Message-ID: <20170222140822.29A97FF7B@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0534-1 Rating: important References: #1008026 #1019547 #1019550 #1019568 #1019570 #1022219 #1022255 #1022257 #1022260 #1022262 #1022263 #1022264 #1022265 Cross-References: CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10162 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-7478 CVE-2016-7479 CVE-2016-7480 CVE-2016-9138 CVE-2017-5340 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for php7 fixes the following security issues: - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (bsc#1019568) - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled certain cases that require large array allocations, which allowed remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. (bsc#1019570) - CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may have lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. (bsc#1019547) - CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. (bsc#1019550) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10162: The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7 allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. (bsc#1022262) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) - CVE-2016-9138: PHP mishandled property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. (bsc#1008026) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-277=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-277=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-277=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-35.1 php7-debugsource-7.0.7-35.1 php7-devel-7.0.7-35.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php7-debuginfo-7.0.7-35.1 php7-debugsource-7.0.7-35.1 php7-devel-7.0.7-35.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-35.1 apache2-mod_php7-debuginfo-7.0.7-35.1 php7-7.0.7-35.1 php7-bcmath-7.0.7-35.1 php7-bcmath-debuginfo-7.0.7-35.1 php7-bz2-7.0.7-35.1 php7-bz2-debuginfo-7.0.7-35.1 php7-calendar-7.0.7-35.1 php7-calendar-debuginfo-7.0.7-35.1 php7-ctype-7.0.7-35.1 php7-ctype-debuginfo-7.0.7-35.1 php7-curl-7.0.7-35.1 php7-curl-debuginfo-7.0.7-35.1 php7-dba-7.0.7-35.1 php7-dba-debuginfo-7.0.7-35.1 php7-debuginfo-7.0.7-35.1 php7-debugsource-7.0.7-35.1 php7-dom-7.0.7-35.1 php7-dom-debuginfo-7.0.7-35.1 php7-enchant-7.0.7-35.1 php7-enchant-debuginfo-7.0.7-35.1 php7-exif-7.0.7-35.1 php7-exif-debuginfo-7.0.7-35.1 php7-fastcgi-7.0.7-35.1 php7-fastcgi-debuginfo-7.0.7-35.1 php7-fileinfo-7.0.7-35.1 php7-fileinfo-debuginfo-7.0.7-35.1 php7-fpm-7.0.7-35.1 php7-fpm-debuginfo-7.0.7-35.1 php7-ftp-7.0.7-35.1 php7-ftp-debuginfo-7.0.7-35.1 php7-gd-7.0.7-35.1 php7-gd-debuginfo-7.0.7-35.1 php7-gettext-7.0.7-35.1 php7-gettext-debuginfo-7.0.7-35.1 php7-gmp-7.0.7-35.1 php7-gmp-debuginfo-7.0.7-35.1 php7-iconv-7.0.7-35.1 php7-iconv-debuginfo-7.0.7-35.1 php7-imap-7.0.7-35.1 php7-imap-debuginfo-7.0.7-35.1 php7-intl-7.0.7-35.1 php7-intl-debuginfo-7.0.7-35.1 php7-json-7.0.7-35.1 php7-json-debuginfo-7.0.7-35.1 php7-ldap-7.0.7-35.1 php7-ldap-debuginfo-7.0.7-35.1 php7-mbstring-7.0.7-35.1 php7-mbstring-debuginfo-7.0.7-35.1 php7-mcrypt-7.0.7-35.1 php7-mcrypt-debuginfo-7.0.7-35.1 php7-mysql-7.0.7-35.1 php7-mysql-debuginfo-7.0.7-35.1 php7-odbc-7.0.7-35.1 php7-odbc-debuginfo-7.0.7-35.1 php7-opcache-7.0.7-35.1 php7-opcache-debuginfo-7.0.7-35.1 php7-openssl-7.0.7-35.1 php7-openssl-debuginfo-7.0.7-35.1 php7-pcntl-7.0.7-35.1 php7-pcntl-debuginfo-7.0.7-35.1 php7-pdo-7.0.7-35.1 php7-pdo-debuginfo-7.0.7-35.1 php7-pgsql-7.0.7-35.1 php7-pgsql-debuginfo-7.0.7-35.1 php7-phar-7.0.7-35.1 php7-phar-debuginfo-7.0.7-35.1 php7-posix-7.0.7-35.1 php7-posix-debuginfo-7.0.7-35.1 php7-pspell-7.0.7-35.1 php7-pspell-debuginfo-7.0.7-35.1 php7-shmop-7.0.7-35.1 php7-shmop-debuginfo-7.0.7-35.1 php7-snmp-7.0.7-35.1 php7-snmp-debuginfo-7.0.7-35.1 php7-soap-7.0.7-35.1 php7-soap-debuginfo-7.0.7-35.1 php7-sockets-7.0.7-35.1 php7-sockets-debuginfo-7.0.7-35.1 php7-sqlite-7.0.7-35.1 php7-sqlite-debuginfo-7.0.7-35.1 php7-sysvmsg-7.0.7-35.1 php7-sysvmsg-debuginfo-7.0.7-35.1 php7-sysvsem-7.0.7-35.1 php7-sysvsem-debuginfo-7.0.7-35.1 php7-sysvshm-7.0.7-35.1 php7-sysvshm-debuginfo-7.0.7-35.1 php7-tokenizer-7.0.7-35.1 php7-tokenizer-debuginfo-7.0.7-35.1 php7-wddx-7.0.7-35.1 php7-wddx-debuginfo-7.0.7-35.1 php7-xmlreader-7.0.7-35.1 php7-xmlreader-debuginfo-7.0.7-35.1 php7-xmlrpc-7.0.7-35.1 php7-xmlrpc-debuginfo-7.0.7-35.1 php7-xmlwriter-7.0.7-35.1 php7-xmlwriter-debuginfo-7.0.7-35.1 php7-xsl-7.0.7-35.1 php7-xsl-debuginfo-7.0.7-35.1 php7-zip-7.0.7-35.1 php7-zip-debuginfo-7.0.7-35.1 php7-zlib-7.0.7-35.1 php7-zlib-debuginfo-7.0.7-35.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-35.1 php7-pear-Archive_Tar-7.0.7-35.1 References: https://www.suse.com/security/cve/CVE-2016-10158.html https://www.suse.com/security/cve/CVE-2016-10159.html https://www.suse.com/security/cve/CVE-2016-10160.html https://www.suse.com/security/cve/CVE-2016-10161.html https://www.suse.com/security/cve/CVE-2016-10162.html https://www.suse.com/security/cve/CVE-2016-10166.html https://www.suse.com/security/cve/CVE-2016-10167.html https://www.suse.com/security/cve/CVE-2016-10168.html https://www.suse.com/security/cve/CVE-2016-7478.html https://www.suse.com/security/cve/CVE-2016-7479.html https://www.suse.com/security/cve/CVE-2016-7480.html https://www.suse.com/security/cve/CVE-2016-9138.html https://www.suse.com/security/cve/CVE-2017-5340.html https://bugzilla.suse.com/1008026 https://bugzilla.suse.com/1019547 https://bugzilla.suse.com/1019550 https://bugzilla.suse.com/1019568 https://bugzilla.suse.com/1019570 https://bugzilla.suse.com/1022219 https://bugzilla.suse.com/1022255 https://bugzilla.suse.com/1022257 https://bugzilla.suse.com/1022260 https://bugzilla.suse.com/1022262 https://bugzilla.suse.com/1022263 https://bugzilla.suse.com/1022264 https://bugzilla.suse.com/1022265 From sle-updates at lists.suse.com Wed Feb 22 10:08:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 18:08:32 +0100 (CET) Subject: SUSE-RU-2017:0535-1: important: Recommended update for Linux Kernel Live Patch 3 for SLE 12 SP1 Message-ID: <20170222170833.07A9AFF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 3 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0535-1 Rating: important References: #1023031 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Linux Kernel 3.12.53-60_30 fixes several issues. The following bugs were fixed: - bsc#1023031: Fixed the "symbol follow_trans_huge_pmd() not resolved" problem on XEN when loading kGraft patches Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-4111=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-8-2.1 kgraft-patch-3_12_53-60_30-xen-8-2.1 References: https://bugzilla.suse.com/1023031 From sle-updates at lists.suse.com Wed Feb 22 13:07:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:07:30 +0100 (CET) Subject: SUSE-RU-2017:0536-1: important: Recommended update for Linux Kernel Live Patch 12 for SLE 12 Message-ID: <20170222200730.90889FF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 12 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0536-1 Rating: important References: #1023031 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following bugs were fixed: - bsc#1023031: Fixed the "symbol follow_trans_huge_pmd() not resolved" problem on XEN when loading kGraft patches Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-280=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-280=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_42-default-6-2.2 kgraft-patch-3_12_55-52_42-xen-6-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_42-default-6-2.2 kgraft-patch-3_12_55-52_42-xen-6-2.2 References: https://bugzilla.suse.com/1023031 From sle-updates at lists.suse.com Wed Feb 22 13:07:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:07:52 +0100 (CET) Subject: SUSE-RU-2017:0537-1: important: Recommended update for Linux Kernel Live Patch 7 for SLE 12 SP1 Message-ID: <20170222200752.2E737FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 7 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0537-1 Rating: important References: #1021417 #1023031 #983348 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the Linux Kernel 3.12.62-60_62 fixes several issues. The following bugs were fixed: - bsc#1023031: Fixed the "symbol follow_trans_huge_pmd() not resolved" problem on XEN when loading kGraft patches - bsc#1021417: Prevent DomU from freezing when under heavy load Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-286=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-6-2.1 kgraft-patch-3_12_62-60_62-xen-6-2.1 References: https://bugzilla.suse.com/1021417 https://bugzilla.suse.com/1023031 https://bugzilla.suse.com/983348 From sle-updates at lists.suse.com Wed Feb 22 13:08:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:08:46 +0100 (CET) Subject: SUSE-RU-2017:0538-1: important: Recommended update for Linux Kernel Live Patch 6 for SLE 12 SP1 Message-ID: <20170222200846.68193FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0538-1 Rating: important References: #1021417 #1023031 #983348 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the Linux Kernel 3.12.59-60_45 fixes several issues. The following bugs were fixed: - bsc#1023031: Fixed the "symbol follow_trans_huge_pmd() not resolved" problem on XEN when loading kGraft patches - bsc#1021417: Prevent DomU from freezing when under heavy load Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-287=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-7-2.1 kgraft-patch-3_12_59-60_45-xen-7-2.1 References: https://bugzilla.suse.com/1021417 https://bugzilla.suse.com/1023031 https://bugzilla.suse.com/983348 From sle-updates at lists.suse.com Wed Feb 22 13:09:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:09:25 +0100 (CET) Subject: SUSE-RU-2017:0539-1: important: Recommended update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20170222200925.08681FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0539-1 Rating: important References: #1021417 #983348 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following bugs were fixed: - bsc#1021417: Prevent DomU from freezing when under heavy load Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-285=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_64_8-default-5-2.1 kgraft-patch-3_12_62-60_64_8-xen-5-2.1 References: https://bugzilla.suse.com/1021417 https://bugzilla.suse.com/983348 From sle-updates at lists.suse.com Wed Feb 22 13:09:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:09:54 +0100 (CET) Subject: SUSE-RU-2017:0540-1: important: Recommended update for Linux Kernel Live Patch 15 for SLE 12 Message-ID: <20170222200954.CD0B1FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0540-1 Rating: important References: #1023031 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following bugs were fixed: - bsc#1023031: Fixed the "symbol follow_trans_huge_pmd() not resolved" problem on XEN when loading kGraft patches Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-278=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-278=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-6-2.2 kgraft-patch-3_12_60-52_54-xen-6-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-6-2.2 kgraft-patch-3_12_60-52_54-xen-6-2.2 References: https://bugzilla.suse.com/1023031 From sle-updates at lists.suse.com Wed Feb 22 13:14:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:14:00 +0100 (CET) Subject: SUSE-RU-2017:0542-1: important: Recommended update for Linux Kernel Live Patch 11 for SLE 12 SP1 Message-ID: <20170222201400.67381FF7B@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 11 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0542-1 Rating: important References: #1021417 #983348 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following bugs were fixed: - bsc#1021417: Prevent DomU from freezing when under heavy load Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-282=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_24-default-2-2.2 kgraft-patch-3_12_67-60_64_24-xen-2-2.2 References: https://bugzilla.suse.com/1021417 https://bugzilla.suse.com/983348 From sle-updates at lists.suse.com Wed Feb 22 13:14:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:14:32 +0100 (CET) Subject: SUSE-RU-2017:0543-1: important: Recommended update for Linux Kernel Live Patch 4 for SLE 12 SP1 Message-ID: <20170222201432.02921FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0543-1 Rating: important References: #1023031 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Linux Kernel 3.12.57-60_35 fixes several issues. The following bugs were fixed: - bsc#1023031: Fixed the "symbol follow_trans_huge_pmd() not resolved" problem on XEN when loading kGraft patches Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-289=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-7-2.1 kgraft-patch-3_12_57-60_35-xen-7-2.1 References: https://bugzilla.suse.com/1023031 From sle-updates at lists.suse.com Wed Feb 22 13:14:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:14:53 +0100 (CET) Subject: SUSE-RU-2017:0544-1: important: Recommended update for Linux Kernel Live Patch 10 for SLE 12 SP1 Message-ID: <20170222201453.69197FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 10 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0544-1 Rating: important References: #1021417 #983348 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following bugs were fixed: - bsc#1021417: Prevent DomU from freezing when under heavy load Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-283=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_21-default-3-2.2 kgraft-patch-3_12_67-60_64_21-xen-3-2.2 References: https://bugzilla.suse.com/1021417 https://bugzilla.suse.com/983348 From sle-updates at lists.suse.com Wed Feb 22 13:15:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:15:24 +0100 (CET) Subject: SUSE-RU-2017:0545-1: important: Recommended update for Linux Kernel Live Patch 9 for SLE 12 SP1 Message-ID: <20170222201524.2247AFF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 9 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0545-1 Rating: important References: #1021417 #983348 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following bugs were fixed: - bsc#1021417: Prevent DomU from freezing when under heavy load Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-284=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_18-default-4-2.1 kgraft-patch-3_12_67-60_64_18-xen-4-2.1 References: https://bugzilla.suse.com/1021417 https://bugzilla.suse.com/983348 From sle-updates at lists.suse.com Wed Feb 22 13:32:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:32:57 +0100 (CET) Subject: SUSE-RU-2017:0549-1: important: Recommended update for Linux Kernel Live Patch 13 for SLE 12 Message-ID: <20170222203257.E1D39FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0549-1 Rating: important References: #1023031 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following bugs were fixed: - bsc#1023031: Fixed the "symbol follow_trans_huge_pmd() not resolved" problem on XEN when loading kGraft patches Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-281=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-281=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-6-2.2 kgraft-patch-3_12_55-52_45-xen-6-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-6-2.2 kgraft-patch-3_12_55-52_45-xen-6-2.2 References: https://bugzilla.suse.com/1023031 From sle-updates at lists.suse.com Wed Feb 22 13:33:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:33:20 +0100 (CET) Subject: SUSE-RU-2017:0550-1: important: Recommended update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20170222203320.01742FF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0550-1 Rating: important References: #1021417 #1023031 #983348 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following bugs were fixed: - bsc#1023031: Fixed the "symbol follow_trans_huge_pmd() not resolved" problem on XEN when loading kGraft patches - bsc#1021417: Prevent DomU from freezing when under heavy load Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-288=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-7-2.1 kgraft-patch-3_12_59-60_41-xen-7-2.1 References: https://bugzilla.suse.com/1021417 https://bugzilla.suse.com/1023031 https://bugzilla.suse.com/983348 From sle-updates at lists.suse.com Wed Feb 22 13:33:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Feb 2017 21:33:58 +0100 (CET) Subject: SUSE-RU-2017:0551-1: important: Recommended update for Linux Kernel Live Patch 14 for SLE 12 Message-ID: <20170222203358.CE0ECFF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0551-1 Rating: important References: #1023031 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following bugs were fixed: - bsc#1023031: Fixed the "symbol follow_trans_huge_pmd() not resolved" problem on XEN when loading kGraft patches Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-279=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-279=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-6-2.2 kgraft-patch-3_12_60-52_49-xen-6-2.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-6-2.2 kgraft-patch-3_12_60-52_49-xen-6-2.2 References: https://bugzilla.suse.com/1023031 From sle-updates at lists.suse.com Thu Feb 23 04:09:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2017 12:09:01 +0100 (CET) Subject: SUSE-SU-2017:0553-1: important: Security update for util-linux Message-ID: <20170223110901.76670FF7B@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0553-1 Rating: important References: #1008965 #1012504 #1012632 #1019332 #1020077 #1023041 #947494 #966891 #978993 #982331 #983164 #987176 #988361 Cross-References: CVE-2016-5011 CVE-2017-2616 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has 11 fixes is now available. Description: This update for util-linux fixes a number of bugs and two security issues. The following security bugs were fixed: - CVE-2016-5011: Infinite loop DoS in libblkid while parsing DOS partition (bsc#988361) - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041). The following non-security bugs were fixed: - bsc#1008965: Ensure that the option "users,exec,dev,suid" work as expected on NFS mounts - bsc#1012504: Fix regressions in safe loop re-use patch set for libmount - bsc#1012632: Disable ro checks for mtab - bsc#1020077: fstrim: De-duplicate btrfs sub-volumes for "fstrim -a" and bind mounts - bsc#947494: mount -a would fail to recognize btrfs already mounted, address loop re-use in libmount - bsc#966891: Conflict in meaning of losetup -L. This switch in SLE12 SP1 and SP2 continues to carry the meaning of --logical-blocksize instead of upstream --nooverlap - bsc#978993: cfdisk would mangle some text output - bsc#982331: libmount: ignore redundant slashes - bsc#983164: mount uid= and gid= would reject valid non UID/GID values - bsc#987176: When mounting a subfolder of a CIFS share, mount -a would show the mount as busy - bsc#1019332: lscpu: Implement WSL detection and work around crash Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-290=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-290=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libblkid1-2.25-24.10.1 libblkid1-32bit-2.25-24.10.1 libblkid1-debuginfo-2.25-24.10.1 libblkid1-debuginfo-32bit-2.25-24.10.1 libmount1-2.25-24.10.1 libmount1-32bit-2.25-24.10.1 libmount1-debuginfo-2.25-24.10.1 libmount1-debuginfo-32bit-2.25-24.10.1 libsmartcols1-2.25-24.10.1 libsmartcols1-debuginfo-2.25-24.10.1 libuuid1-2.25-24.10.1 libuuid1-32bit-2.25-24.10.1 libuuid1-debuginfo-2.25-24.10.1 libuuid1-debuginfo-32bit-2.25-24.10.1 python-libmount-2.25-24.10.3 python-libmount-debuginfo-2.25-24.10.3 python-libmount-debugsource-2.25-24.10.3 util-linux-2.25-24.10.1 util-linux-debuginfo-2.25-24.10.1 util-linux-debugsource-2.25-24.10.1 util-linux-systemd-2.25-24.10.1 util-linux-systemd-debuginfo-2.25-24.10.1 util-linux-systemd-debugsource-2.25-24.10.1 uuidd-2.25-24.10.1 uuidd-debuginfo-2.25-24.10.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): util-linux-lang-2.25-24.10.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libblkid1-2.25-24.10.1 libblkid1-debuginfo-2.25-24.10.1 libmount1-2.25-24.10.1 libmount1-debuginfo-2.25-24.10.1 libsmartcols1-2.25-24.10.1 libsmartcols1-debuginfo-2.25-24.10.1 libuuid1-2.25-24.10.1 libuuid1-debuginfo-2.25-24.10.1 python-libmount-2.25-24.10.3 python-libmount-debuginfo-2.25-24.10.3 python-libmount-debugsource-2.25-24.10.3 util-linux-2.25-24.10.1 util-linux-debuginfo-2.25-24.10.1 util-linux-debugsource-2.25-24.10.1 util-linux-systemd-2.25-24.10.1 util-linux-systemd-debuginfo-2.25-24.10.1 util-linux-systemd-debugsource-2.25-24.10.1 uuidd-2.25-24.10.1 uuidd-debuginfo-2.25-24.10.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libblkid1-32bit-2.25-24.10.1 libblkid1-debuginfo-32bit-2.25-24.10.1 libmount1-32bit-2.25-24.10.1 libmount1-debuginfo-32bit-2.25-24.10.1 libuuid1-32bit-2.25-24.10.1 libuuid1-debuginfo-32bit-2.25-24.10.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): util-linux-lang-2.25-24.10.1 References: https://www.suse.com/security/cve/CVE-2016-5011.html https://www.suse.com/security/cve/CVE-2017-2616.html https://bugzilla.suse.com/1008965 https://bugzilla.suse.com/1012504 https://bugzilla.suse.com/1012632 https://bugzilla.suse.com/1019332 https://bugzilla.suse.com/1020077 https://bugzilla.suse.com/1023041 https://bugzilla.suse.com/947494 https://bugzilla.suse.com/966891 https://bugzilla.suse.com/978993 https://bugzilla.suse.com/982331 https://bugzilla.suse.com/983164 https://bugzilla.suse.com/987176 https://bugzilla.suse.com/988361 From sle-updates at lists.suse.com Thu Feb 23 04:12:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2017 12:12:14 +0100 (CET) Subject: SUSE-SU-2017:0554-1: important: Security update for util-linux Message-ID: <20170223111214.9C1F3FF7F@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0554-1 Rating: important References: #1008965 #1012504 #1012632 #1019332 #1020077 #1020985 #1023041 Cross-References: CVE-2017-2616 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041). This non-security issues were fixed: - lscpu: Implement WSL detection and work around crash (bsc#1019332) - fstrim: De-duplicate btrfs sub-volumes for "fstrim -a" and bind mounts (bsc#1020077) - Fix regressions in safe loop re-use patch set for libmount (bsc#1012504) - Disable ro checks for mtab (bsc#1012632) - Ensure that the option "users,exec,dev,suid" work as expected on NFS mounts (bsc#1008965) - Fix empty slave detection to prevent 100% CPU load in some cases (bsc#1020985) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-292=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-292=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-292=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-292=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-292=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libuuid-devel-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.28-44.3.1 libmount-devel-2.28-44.3.1 libsmartcols-devel-2.28-44.3.1 libuuid-devel-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libblkid1-2.28-44.3.1 libblkid1-debuginfo-2.28-44.3.1 libfdisk1-2.28-44.3.1 libfdisk1-debuginfo-2.28-44.3.1 libmount1-2.28-44.3.1 libmount1-debuginfo-2.28-44.3.1 libsmartcols1-2.28-44.3.1 libsmartcols1-debuginfo-2.28-44.3.1 libuuid1-2.28-44.3.1 libuuid1-debuginfo-2.28-44.3.1 python-libmount-2.28-44.3.3 python-libmount-debuginfo-2.28-44.3.3 python-libmount-debugsource-2.28-44.3.3 util-linux-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 util-linux-systemd-2.28-44.3.3 util-linux-systemd-debuginfo-2.28-44.3.3 util-linux-systemd-debugsource-2.28-44.3.3 uuidd-2.28-44.3.3 uuidd-debuginfo-2.28-44.3.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): util-linux-lang-2.28-44.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libblkid1-2.28-44.3.1 libblkid1-debuginfo-2.28-44.3.1 libfdisk1-2.28-44.3.1 libfdisk1-debuginfo-2.28-44.3.1 libmount1-2.28-44.3.1 libmount1-debuginfo-2.28-44.3.1 libsmartcols1-2.28-44.3.1 libsmartcols1-debuginfo-2.28-44.3.1 libuuid1-2.28-44.3.1 libuuid1-debuginfo-2.28-44.3.1 python-libmount-2.28-44.3.3 python-libmount-debuginfo-2.28-44.3.3 python-libmount-debugsource-2.28-44.3.3 util-linux-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 util-linux-systemd-2.28-44.3.3 util-linux-systemd-debuginfo-2.28-44.3.3 util-linux-systemd-debugsource-2.28-44.3.3 uuidd-2.28-44.3.3 uuidd-debuginfo-2.28-44.3.3 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libblkid1-32bit-2.28-44.3.1 libblkid1-debuginfo-32bit-2.28-44.3.1 libmount1-32bit-2.28-44.3.1 libmount1-debuginfo-32bit-2.28-44.3.1 libuuid1-32bit-2.28-44.3.1 libuuid1-debuginfo-32bit-2.28-44.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): util-linux-lang-2.28-44.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libblkid1-2.28-44.3.1 libblkid1-32bit-2.28-44.3.1 libblkid1-debuginfo-2.28-44.3.1 libblkid1-debuginfo-32bit-2.28-44.3.1 libfdisk1-2.28-44.3.1 libfdisk1-debuginfo-2.28-44.3.1 libmount1-2.28-44.3.1 libmount1-32bit-2.28-44.3.1 libmount1-debuginfo-2.28-44.3.1 libmount1-debuginfo-32bit-2.28-44.3.1 libsmartcols1-2.28-44.3.1 libsmartcols1-debuginfo-2.28-44.3.1 libuuid-devel-2.28-44.3.1 libuuid1-2.28-44.3.1 libuuid1-32bit-2.28-44.3.1 libuuid1-debuginfo-2.28-44.3.1 libuuid1-debuginfo-32bit-2.28-44.3.1 python-libmount-2.28-44.3.3 python-libmount-debuginfo-2.28-44.3.3 python-libmount-debugsource-2.28-44.3.3 util-linux-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 util-linux-systemd-2.28-44.3.3 util-linux-systemd-debuginfo-2.28-44.3.3 util-linux-systemd-debugsource-2.28-44.3.3 uuidd-2.28-44.3.3 uuidd-debuginfo-2.28-44.3.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): util-linux-lang-2.28-44.3.1 References: https://www.suse.com/security/cve/CVE-2017-2616.html https://bugzilla.suse.com/1008965 https://bugzilla.suse.com/1012504 https://bugzilla.suse.com/1012632 https://bugzilla.suse.com/1019332 https://bugzilla.suse.com/1020077 https://bugzilla.suse.com/1020985 https://bugzilla.suse.com/1023041 From sle-updates at lists.suse.com Thu Feb 23 04:13:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2017 12:13:41 +0100 (CET) Subject: SUSE-SU-2017:0555-1: important: Security update for util-linux Message-ID: <20170223111341.8BEF8FF7F@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0555-1 Rating: important References: #1008965 #1012504 #1012632 #1019332 #1020077 #1023041 Cross-References: CVE-2017-2616 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041). This non-security issues were fixed: - lscpu: Implement WSL detection and work around crash (bsc#1019332) - fstrim: De-duplicate btrfs sub-volumes for "fstrim -a" and bind mounts (bsc#1020077) - Fix regressions in safe loop re-use patch set for libmount (bsc#1012504) - Disable ro checks for mtab (bsc#1012632) - Ensure that the option "users,exec,dev,suid" work as expected on NFS mounts (bsc#1008965) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-291=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-291=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-291=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-291=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libuuid-devel-2.25-40.1 util-linux-debuginfo-2.25-40.1 util-linux-debugsource-2.25-40.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libblkid-devel-2.25-40.1 libmount-devel-2.25-40.1 libsmartcols-devel-2.25-40.1 libuuid-devel-2.25-40.1 util-linux-debuginfo-2.25-40.1 util-linux-debugsource-2.25-40.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libblkid1-2.25-40.1 libblkid1-debuginfo-2.25-40.1 libmount1-2.25-40.1 libmount1-debuginfo-2.25-40.1 libsmartcols1-2.25-40.1 libsmartcols1-debuginfo-2.25-40.1 libuuid1-2.25-40.1 libuuid1-debuginfo-2.25-40.1 python-libmount-2.25-40.2 python-libmount-debuginfo-2.25-40.2 python-libmount-debugsource-2.25-40.2 util-linux-2.25-40.1 util-linux-debuginfo-2.25-40.1 util-linux-debugsource-2.25-40.1 util-linux-systemd-2.25-40.1 util-linux-systemd-debuginfo-2.25-40.1 util-linux-systemd-debugsource-2.25-40.1 uuidd-2.25-40.1 uuidd-debuginfo-2.25-40.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libblkid1-32bit-2.25-40.1 libblkid1-debuginfo-32bit-2.25-40.1 libmount1-32bit-2.25-40.1 libmount1-debuginfo-32bit-2.25-40.1 libuuid1-32bit-2.25-40.1 libuuid1-debuginfo-32bit-2.25-40.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): util-linux-lang-2.25-40.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): util-linux-lang-2.25-40.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libblkid1-2.25-40.1 libblkid1-32bit-2.25-40.1 libblkid1-debuginfo-2.25-40.1 libblkid1-debuginfo-32bit-2.25-40.1 libmount1-2.25-40.1 libmount1-32bit-2.25-40.1 libmount1-debuginfo-2.25-40.1 libmount1-debuginfo-32bit-2.25-40.1 libsmartcols1-2.25-40.1 libsmartcols1-debuginfo-2.25-40.1 libuuid-devel-2.25-40.1 libuuid1-2.25-40.1 libuuid1-32bit-2.25-40.1 libuuid1-debuginfo-2.25-40.1 libuuid1-debuginfo-32bit-2.25-40.1 python-libmount-2.25-40.2 python-libmount-debuginfo-2.25-40.2 python-libmount-debugsource-2.25-40.2 util-linux-2.25-40.1 util-linux-debuginfo-2.25-40.1 util-linux-debugsource-2.25-40.1 util-linux-systemd-2.25-40.1 util-linux-systemd-debuginfo-2.25-40.1 util-linux-systemd-debugsource-2.25-40.1 uuidd-2.25-40.1 uuidd-debuginfo-2.25-40.1 References: https://www.suse.com/security/cve/CVE-2017-2616.html https://bugzilla.suse.com/1008965 https://bugzilla.suse.com/1012504 https://bugzilla.suse.com/1012632 https://bugzilla.suse.com/1019332 https://bugzilla.suse.com/1020077 https://bugzilla.suse.com/1023041 From sle-updates at lists.suse.com Thu Feb 23 07:08:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Feb 2017 15:08:15 +0100 (CET) Subject: SUSE-SU-2017:0556-1: important: Security update for php5 Message-ID: <20170223140815.87D5AFF7F@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0556-1 Rating: important References: #1019550 #1022219 #1022255 #1022257 #1022260 #1022263 #1022264 #1022265 Cross-References: CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-7478 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for php5 fixes the following issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-293=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-293=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-293=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-96.1 php5-debugsource-5.5.14-96.1 php5-devel-5.5.14-96.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-96.1 php5-debugsource-5.5.14-96.1 php5-devel-5.5.14-96.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-96.1 apache2-mod_php5-debuginfo-5.5.14-96.1 php5-5.5.14-96.1 php5-bcmath-5.5.14-96.1 php5-bcmath-debuginfo-5.5.14-96.1 php5-bz2-5.5.14-96.1 php5-bz2-debuginfo-5.5.14-96.1 php5-calendar-5.5.14-96.1 php5-calendar-debuginfo-5.5.14-96.1 php5-ctype-5.5.14-96.1 php5-ctype-debuginfo-5.5.14-96.1 php5-curl-5.5.14-96.1 php5-curl-debuginfo-5.5.14-96.1 php5-dba-5.5.14-96.1 php5-dba-debuginfo-5.5.14-96.1 php5-debuginfo-5.5.14-96.1 php5-debugsource-5.5.14-96.1 php5-dom-5.5.14-96.1 php5-dom-debuginfo-5.5.14-96.1 php5-enchant-5.5.14-96.1 php5-enchant-debuginfo-5.5.14-96.1 php5-exif-5.5.14-96.1 php5-exif-debuginfo-5.5.14-96.1 php5-fastcgi-5.5.14-96.1 php5-fastcgi-debuginfo-5.5.14-96.1 php5-fileinfo-5.5.14-96.1 php5-fileinfo-debuginfo-5.5.14-96.1 php5-fpm-5.5.14-96.1 php5-fpm-debuginfo-5.5.14-96.1 php5-ftp-5.5.14-96.1 php5-ftp-debuginfo-5.5.14-96.1 php5-gd-5.5.14-96.1 php5-gd-debuginfo-5.5.14-96.1 php5-gettext-5.5.14-96.1 php5-gettext-debuginfo-5.5.14-96.1 php5-gmp-5.5.14-96.1 php5-gmp-debuginfo-5.5.14-96.1 php5-iconv-5.5.14-96.1 php5-iconv-debuginfo-5.5.14-96.1 php5-imap-5.5.14-96.1 php5-imap-debuginfo-5.5.14-96.1 php5-intl-5.5.14-96.1 php5-intl-debuginfo-5.5.14-96.1 php5-json-5.5.14-96.1 php5-json-debuginfo-5.5.14-96.1 php5-ldap-5.5.14-96.1 php5-ldap-debuginfo-5.5.14-96.1 php5-mbstring-5.5.14-96.1 php5-mbstring-debuginfo-5.5.14-96.1 php5-mcrypt-5.5.14-96.1 php5-mcrypt-debuginfo-5.5.14-96.1 php5-mysql-5.5.14-96.1 php5-mysql-debuginfo-5.5.14-96.1 php5-odbc-5.5.14-96.1 php5-odbc-debuginfo-5.5.14-96.1 php5-opcache-5.5.14-96.1 php5-opcache-debuginfo-5.5.14-96.1 php5-openssl-5.5.14-96.1 php5-openssl-debuginfo-5.5.14-96.1 php5-pcntl-5.5.14-96.1 php5-pcntl-debuginfo-5.5.14-96.1 php5-pdo-5.5.14-96.1 php5-pdo-debuginfo-5.5.14-96.1 php5-pgsql-5.5.14-96.1 php5-pgsql-debuginfo-5.5.14-96.1 php5-phar-5.5.14-96.1 php5-phar-debuginfo-5.5.14-96.1 php5-posix-5.5.14-96.1 php5-posix-debuginfo-5.5.14-96.1 php5-pspell-5.5.14-96.1 php5-pspell-debuginfo-5.5.14-96.1 php5-shmop-5.5.14-96.1 php5-shmop-debuginfo-5.5.14-96.1 php5-snmp-5.5.14-96.1 php5-snmp-debuginfo-5.5.14-96.1 php5-soap-5.5.14-96.1 php5-soap-debuginfo-5.5.14-96.1 php5-sockets-5.5.14-96.1 php5-sockets-debuginfo-5.5.14-96.1 php5-sqlite-5.5.14-96.1 php5-sqlite-debuginfo-5.5.14-96.1 php5-suhosin-5.5.14-96.1 php5-suhosin-debuginfo-5.5.14-96.1 php5-sysvmsg-5.5.14-96.1 php5-sysvmsg-debuginfo-5.5.14-96.1 php5-sysvsem-5.5.14-96.1 php5-sysvsem-debuginfo-5.5.14-96.1 php5-sysvshm-5.5.14-96.1 php5-sysvshm-debuginfo-5.5.14-96.1 php5-tokenizer-5.5.14-96.1 php5-tokenizer-debuginfo-5.5.14-96.1 php5-wddx-5.5.14-96.1 php5-wddx-debuginfo-5.5.14-96.1 php5-xmlreader-5.5.14-96.1 php5-xmlreader-debuginfo-5.5.14-96.1 php5-xmlrpc-5.5.14-96.1 php5-xmlrpc-debuginfo-5.5.14-96.1 php5-xmlwriter-5.5.14-96.1 php5-xmlwriter-debuginfo-5.5.14-96.1 php5-xsl-5.5.14-96.1 php5-xsl-debuginfo-5.5.14-96.1 php5-zip-5.5.14-96.1 php5-zip-debuginfo-5.5.14-96.1 php5-zlib-5.5.14-96.1 php5-zlib-debuginfo-5.5.14-96.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-96.1 References: https://www.suse.com/security/cve/CVE-2016-10158.html https://www.suse.com/security/cve/CVE-2016-10159.html https://www.suse.com/security/cve/CVE-2016-10160.html https://www.suse.com/security/cve/CVE-2016-10161.html https://www.suse.com/security/cve/CVE-2016-10166.html https://www.suse.com/security/cve/CVE-2016-10167.html https://www.suse.com/security/cve/CVE-2016-10168.html https://www.suse.com/security/cve/CVE-2016-7478.html https://bugzilla.suse.com/1019550 https://bugzilla.suse.com/1022219 https://bugzilla.suse.com/1022255 https://bugzilla.suse.com/1022257 https://bugzilla.suse.com/1022260 https://bugzilla.suse.com/1022263 https://bugzilla.suse.com/1022264 https://bugzilla.suse.com/1022265 From sle-updates at lists.suse.com Mon Feb 27 10:08:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2017 18:08:41 +0100 (CET) Subject: SUSE-SU-2017:0568-1: important: Security update for php53 Message-ID: <20170227170841.B7D26FF7F@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0568-1 Rating: important References: #1019550 #1022219 #1022255 #1022257 #1022260 #1022263 #1022264 #1022265 Cross-References: CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-7478 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-php53-12997=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-php53-12997=1 - SUSE Manager 2.1: zypper in -t patch sleman21-php53-12997=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12997=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12997=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-php53-12997=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-php53-12997=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12997=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-php53-12997=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): apache2-mod_php53-5.3.17-101.1 php53-5.3.17-101.1 php53-bcmath-5.3.17-101.1 php53-bz2-5.3.17-101.1 php53-calendar-5.3.17-101.1 php53-ctype-5.3.17-101.1 php53-curl-5.3.17-101.1 php53-dba-5.3.17-101.1 php53-dom-5.3.17-101.1 php53-exif-5.3.17-101.1 php53-fastcgi-5.3.17-101.1 php53-fileinfo-5.3.17-101.1 php53-ftp-5.3.17-101.1 php53-gd-5.3.17-101.1 php53-gettext-5.3.17-101.1 php53-gmp-5.3.17-101.1 php53-iconv-5.3.17-101.1 php53-intl-5.3.17-101.1 php53-json-5.3.17-101.1 php53-ldap-5.3.17-101.1 php53-mbstring-5.3.17-101.1 php53-mcrypt-5.3.17-101.1 php53-mysql-5.3.17-101.1 php53-odbc-5.3.17-101.1 php53-openssl-5.3.17-101.1 php53-pcntl-5.3.17-101.1 php53-pdo-5.3.17-101.1 php53-pear-5.3.17-101.1 php53-pgsql-5.3.17-101.1 php53-pspell-5.3.17-101.1 php53-shmop-5.3.17-101.1 php53-snmp-5.3.17-101.1 php53-soap-5.3.17-101.1 php53-suhosin-5.3.17-101.1 php53-sysvmsg-5.3.17-101.1 php53-sysvsem-5.3.17-101.1 php53-sysvshm-5.3.17-101.1 php53-tokenizer-5.3.17-101.1 php53-wddx-5.3.17-101.1 php53-xmlreader-5.3.17-101.1 php53-xmlrpc-5.3.17-101.1 php53-xmlwriter-5.3.17-101.1 php53-xsl-5.3.17-101.1 php53-zip-5.3.17-101.1 php53-zlib-5.3.17-101.1 - SUSE Manager Proxy 2.1 (x86_64): apache2-mod_php53-5.3.17-101.1 php53-5.3.17-101.1 php53-bcmath-5.3.17-101.1 php53-bz2-5.3.17-101.1 php53-calendar-5.3.17-101.1 php53-ctype-5.3.17-101.1 php53-curl-5.3.17-101.1 php53-dba-5.3.17-101.1 php53-dom-5.3.17-101.1 php53-exif-5.3.17-101.1 php53-fastcgi-5.3.17-101.1 php53-fileinfo-5.3.17-101.1 php53-ftp-5.3.17-101.1 php53-gd-5.3.17-101.1 php53-gettext-5.3.17-101.1 php53-gmp-5.3.17-101.1 php53-iconv-5.3.17-101.1 php53-intl-5.3.17-101.1 php53-json-5.3.17-101.1 php53-ldap-5.3.17-101.1 php53-mbstring-5.3.17-101.1 php53-mcrypt-5.3.17-101.1 php53-mysql-5.3.17-101.1 php53-odbc-5.3.17-101.1 php53-openssl-5.3.17-101.1 php53-pcntl-5.3.17-101.1 php53-pdo-5.3.17-101.1 php53-pear-5.3.17-101.1 php53-pgsql-5.3.17-101.1 php53-pspell-5.3.17-101.1 php53-shmop-5.3.17-101.1 php53-snmp-5.3.17-101.1 php53-soap-5.3.17-101.1 php53-suhosin-5.3.17-101.1 php53-sysvmsg-5.3.17-101.1 php53-sysvsem-5.3.17-101.1 php53-sysvshm-5.3.17-101.1 php53-tokenizer-5.3.17-101.1 php53-wddx-5.3.17-101.1 php53-xmlreader-5.3.17-101.1 php53-xmlrpc-5.3.17-101.1 php53-xmlwriter-5.3.17-101.1 php53-xsl-5.3.17-101.1 php53-zip-5.3.17-101.1 php53-zlib-5.3.17-101.1 - SUSE Manager 2.1 (s390x x86_64): apache2-mod_php53-5.3.17-101.1 php53-5.3.17-101.1 php53-bcmath-5.3.17-101.1 php53-bz2-5.3.17-101.1 php53-calendar-5.3.17-101.1 php53-ctype-5.3.17-101.1 php53-curl-5.3.17-101.1 php53-dba-5.3.17-101.1 php53-dom-5.3.17-101.1 php53-exif-5.3.17-101.1 php53-fastcgi-5.3.17-101.1 php53-fileinfo-5.3.17-101.1 php53-ftp-5.3.17-101.1 php53-gd-5.3.17-101.1 php53-gettext-5.3.17-101.1 php53-gmp-5.3.17-101.1 php53-iconv-5.3.17-101.1 php53-intl-5.3.17-101.1 php53-json-5.3.17-101.1 php53-ldap-5.3.17-101.1 php53-mbstring-5.3.17-101.1 php53-mcrypt-5.3.17-101.1 php53-mysql-5.3.17-101.1 php53-odbc-5.3.17-101.1 php53-openssl-5.3.17-101.1 php53-pcntl-5.3.17-101.1 php53-pdo-5.3.17-101.1 php53-pear-5.3.17-101.1 php53-pgsql-5.3.17-101.1 php53-pspell-5.3.17-101.1 php53-shmop-5.3.17-101.1 php53-snmp-5.3.17-101.1 php53-soap-5.3.17-101.1 php53-suhosin-5.3.17-101.1 php53-sysvmsg-5.3.17-101.1 php53-sysvsem-5.3.17-101.1 php53-sysvshm-5.3.17-101.1 php53-tokenizer-5.3.17-101.1 php53-wddx-5.3.17-101.1 php53-xmlreader-5.3.17-101.1 php53-xmlrpc-5.3.17-101.1 php53-xmlwriter-5.3.17-101.1 php53-xsl-5.3.17-101.1 php53-zip-5.3.17-101.1 php53-zlib-5.3.17-101.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-101.1 php53-imap-5.3.17-101.1 php53-posix-5.3.17-101.1 php53-readline-5.3.17-101.1 php53-sockets-5.3.17-101.1 php53-sqlite-5.3.17-101.1 php53-tidy-5.3.17-101.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-101.1 php53-5.3.17-101.1 php53-bcmath-5.3.17-101.1 php53-bz2-5.3.17-101.1 php53-calendar-5.3.17-101.1 php53-ctype-5.3.17-101.1 php53-curl-5.3.17-101.1 php53-dba-5.3.17-101.1 php53-dom-5.3.17-101.1 php53-exif-5.3.17-101.1 php53-fastcgi-5.3.17-101.1 php53-fileinfo-5.3.17-101.1 php53-ftp-5.3.17-101.1 php53-gd-5.3.17-101.1 php53-gettext-5.3.17-101.1 php53-gmp-5.3.17-101.1 php53-iconv-5.3.17-101.1 php53-intl-5.3.17-101.1 php53-json-5.3.17-101.1 php53-ldap-5.3.17-101.1 php53-mbstring-5.3.17-101.1 php53-mcrypt-5.3.17-101.1 php53-mysql-5.3.17-101.1 php53-odbc-5.3.17-101.1 php53-openssl-5.3.17-101.1 php53-pcntl-5.3.17-101.1 php53-pdo-5.3.17-101.1 php53-pear-5.3.17-101.1 php53-pgsql-5.3.17-101.1 php53-pspell-5.3.17-101.1 php53-shmop-5.3.17-101.1 php53-snmp-5.3.17-101.1 php53-soap-5.3.17-101.1 php53-suhosin-5.3.17-101.1 php53-sysvmsg-5.3.17-101.1 php53-sysvsem-5.3.17-101.1 php53-sysvshm-5.3.17-101.1 php53-tokenizer-5.3.17-101.1 php53-wddx-5.3.17-101.1 php53-xmlreader-5.3.17-101.1 php53-xmlrpc-5.3.17-101.1 php53-xmlwriter-5.3.17-101.1 php53-xsl-5.3.17-101.1 php53-zip-5.3.17-101.1 php53-zlib-5.3.17-101.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): apache2-mod_php53-5.3.17-101.1 php53-5.3.17-101.1 php53-bcmath-5.3.17-101.1 php53-bz2-5.3.17-101.1 php53-calendar-5.3.17-101.1 php53-ctype-5.3.17-101.1 php53-curl-5.3.17-101.1 php53-dba-5.3.17-101.1 php53-dom-5.3.17-101.1 php53-exif-5.3.17-101.1 php53-fastcgi-5.3.17-101.1 php53-fileinfo-5.3.17-101.1 php53-ftp-5.3.17-101.1 php53-gd-5.3.17-101.1 php53-gettext-5.3.17-101.1 php53-gmp-5.3.17-101.1 php53-iconv-5.3.17-101.1 php53-intl-5.3.17-101.1 php53-json-5.3.17-101.1 php53-ldap-5.3.17-101.1 php53-mbstring-5.3.17-101.1 php53-mcrypt-5.3.17-101.1 php53-mysql-5.3.17-101.1 php53-odbc-5.3.17-101.1 php53-openssl-5.3.17-101.1 php53-pcntl-5.3.17-101.1 php53-pdo-5.3.17-101.1 php53-pear-5.3.17-101.1 php53-pgsql-5.3.17-101.1 php53-pspell-5.3.17-101.1 php53-shmop-5.3.17-101.1 php53-snmp-5.3.17-101.1 php53-soap-5.3.17-101.1 php53-suhosin-5.3.17-101.1 php53-sysvmsg-5.3.17-101.1 php53-sysvsem-5.3.17-101.1 php53-sysvshm-5.3.17-101.1 php53-tokenizer-5.3.17-101.1 php53-wddx-5.3.17-101.1 php53-xmlreader-5.3.17-101.1 php53-xmlrpc-5.3.17-101.1 php53-xmlwriter-5.3.17-101.1 php53-xsl-5.3.17-101.1 php53-zip-5.3.17-101.1 php53-zlib-5.3.17-101.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-mod_php53-5.3.17-101.1 php53-5.3.17-101.1 php53-bcmath-5.3.17-101.1 php53-bz2-5.3.17-101.1 php53-calendar-5.3.17-101.1 php53-ctype-5.3.17-101.1 php53-curl-5.3.17-101.1 php53-dba-5.3.17-101.1 php53-dom-5.3.17-101.1 php53-exif-5.3.17-101.1 php53-fastcgi-5.3.17-101.1 php53-fileinfo-5.3.17-101.1 php53-ftp-5.3.17-101.1 php53-gd-5.3.17-101.1 php53-gettext-5.3.17-101.1 php53-gmp-5.3.17-101.1 php53-iconv-5.3.17-101.1 php53-intl-5.3.17-101.1 php53-json-5.3.17-101.1 php53-ldap-5.3.17-101.1 php53-mbstring-5.3.17-101.1 php53-mcrypt-5.3.17-101.1 php53-mysql-5.3.17-101.1 php53-odbc-5.3.17-101.1 php53-openssl-5.3.17-101.1 php53-pcntl-5.3.17-101.1 php53-pdo-5.3.17-101.1 php53-pear-5.3.17-101.1 php53-pgsql-5.3.17-101.1 php53-pspell-5.3.17-101.1 php53-shmop-5.3.17-101.1 php53-snmp-5.3.17-101.1 php53-soap-5.3.17-101.1 php53-suhosin-5.3.17-101.1 php53-sysvmsg-5.3.17-101.1 php53-sysvsem-5.3.17-101.1 php53-sysvshm-5.3.17-101.1 php53-tokenizer-5.3.17-101.1 php53-wddx-5.3.17-101.1 php53-xmlreader-5.3.17-101.1 php53-xmlrpc-5.3.17-101.1 php53-xmlwriter-5.3.17-101.1 php53-xsl-5.3.17-101.1 php53-zip-5.3.17-101.1 php53-zlib-5.3.17-101.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-101.1 php53-debugsource-5.3.17-101.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): php53-debuginfo-5.3.17-101.1 php53-debugsource-5.3.17-101.1 References: https://www.suse.com/security/cve/CVE-2016-10158.html https://www.suse.com/security/cve/CVE-2016-10159.html https://www.suse.com/security/cve/CVE-2016-10160.html https://www.suse.com/security/cve/CVE-2016-10161.html https://www.suse.com/security/cve/CVE-2016-10166.html https://www.suse.com/security/cve/CVE-2016-10167.html https://www.suse.com/security/cve/CVE-2016-10168.html https://www.suse.com/security/cve/CVE-2016-7478.html https://bugzilla.suse.com/1019550 https://bugzilla.suse.com/1022219 https://bugzilla.suse.com/1022255 https://bugzilla.suse.com/1022257 https://bugzilla.suse.com/1022260 https://bugzilla.suse.com/1022263 https://bugzilla.suse.com/1022264 https://bugzilla.suse.com/1022265 From sle-updates at lists.suse.com Mon Feb 27 10:10:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2017 18:10:20 +0100 (CET) Subject: SUSE-SU-2017:0569-1: moderate: Security update for python-pysaml2 Message-ID: <20170227171020.5295AFF82@maintenance.suse.de> SUSE Security Update: Security update for python-pysaml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0569-1 Rating: moderate References: #1019074 Cross-References: CVE-2016-10127 CVE-2016-10149 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-pysaml2 fixes the following issues: - CVE-2016-10127 and CVE-2016-10149: XXE (XML external entity) issues were fixed in python-pysaml2, where external requests to other XML content could be made by parsing XML files using this SAML2 library. (bsc#1019074) To fix this bug, the new dependency python-defusedxml was added and is used for sanitizing XML content. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-298=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): python-defusedxml-0.4.1-2.1 python-pysaml2-2.4.0-3.1 References: https://www.suse.com/security/cve/CVE-2016-10127.html https://www.suse.com/security/cve/CVE-2016-10149.html https://bugzilla.suse.com/1019074 From sle-updates at lists.suse.com Mon Feb 27 10:10:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2017 18:10:45 +0100 (CET) Subject: SUSE-SU-2017:0570-1: important: Security update for xen Message-ID: <20170227171045.4F596FF82@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0570-1 Rating: important References: #1000195 #1002496 #1013657 #1013668 #1014490 #1014507 #1015169 #1016340 #1022627 #1022871 #1023004 #1024183 #1024186 #1024307 #1024834 #1025188 Cross-References: CVE-2016-10155 CVE-2016-9101 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5579 CVE-2017-5856 CVE-2017-5898 CVE-2017-5973 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has three fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025188). - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183). - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1024186). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307). - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1022627). - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014490) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668). - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) These non-security issues were fixed: - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3 - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-297=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-297=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-297=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.5_06-22.11.2 xen-devel-4.5.5_06-22.11.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.5_06-22.11.2 xen-debugsource-4.5.5_06-22.11.2 xen-doc-html-4.5.5_06-22.11.2 xen-kmp-default-4.5.5_06_k3.12.69_60.64.32-22.11.2 xen-kmp-default-debuginfo-4.5.5_06_k3.12.69_60.64.32-22.11.2 xen-libs-32bit-4.5.5_06-22.11.2 xen-libs-4.5.5_06-22.11.2 xen-libs-debuginfo-32bit-4.5.5_06-22.11.2 xen-libs-debuginfo-4.5.5_06-22.11.2 xen-tools-4.5.5_06-22.11.2 xen-tools-debuginfo-4.5.5_06-22.11.2 xen-tools-domU-4.5.5_06-22.11.2 xen-tools-domU-debuginfo-4.5.5_06-22.11.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.5_06-22.11.2 xen-debugsource-4.5.5_06-22.11.2 xen-kmp-default-4.5.5_06_k3.12.69_60.64.32-22.11.2 xen-kmp-default-debuginfo-4.5.5_06_k3.12.69_60.64.32-22.11.2 xen-libs-32bit-4.5.5_06-22.11.2 xen-libs-4.5.5_06-22.11.2 xen-libs-debuginfo-32bit-4.5.5_06-22.11.2 xen-libs-debuginfo-4.5.5_06-22.11.2 References: https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5579.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://www.suse.com/security/cve/CVE-2017-5973.html https://bugzilla.suse.com/1000195 https://bugzilla.suse.com/1002496 https://bugzilla.suse.com/1013657 https://bugzilla.suse.com/1013668 https://bugzilla.suse.com/1014490 https://bugzilla.suse.com/1014507 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016340 https://bugzilla.suse.com/1022627 https://bugzilla.suse.com/1022871 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1024183 https://bugzilla.suse.com/1024186 https://bugzilla.suse.com/1024307 https://bugzilla.suse.com/1024834 https://bugzilla.suse.com/1025188 From sle-updates at lists.suse.com Mon Feb 27 10:13:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Feb 2017 18:13:46 +0100 (CET) Subject: SUSE-SU-2017:0571-1: important: Security update for xen Message-ID: <20170227171346.A6E3FFF7F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0571-1 Rating: important References: #1000195 #1002496 #1005028 #1012651 #1014298 #1014300 #1015169 #1016340 #1022871 #1023004 #1024834 Cross-References: CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 7 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834). - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004). - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169 These non-security issues were fixed: - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3 - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd - bsc#1005028: Fixed building Xen RPMs from Sources Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-296=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-296=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-296=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.1_06-31.1 xen-devel-4.7.1_06-31.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.1_06-31.1 xen-debugsource-4.7.1_06-31.1 xen-doc-html-4.7.1_06-31.1 xen-libs-32bit-4.7.1_06-31.1 xen-libs-4.7.1_06-31.1 xen-libs-debuginfo-32bit-4.7.1_06-31.1 xen-libs-debuginfo-4.7.1_06-31.1 xen-tools-4.7.1_06-31.1 xen-tools-debuginfo-4.7.1_06-31.1 xen-tools-domU-4.7.1_06-31.1 xen-tools-domU-debuginfo-4.7.1_06-31.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.1_06-31.1 xen-debugsource-4.7.1_06-31.1 xen-libs-32bit-4.7.1_06-31.1 xen-libs-4.7.1_06-31.1 xen-libs-debuginfo-32bit-4.7.1_06-31.1 xen-libs-debuginfo-4.7.1_06-31.1 References: https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://bugzilla.suse.com/1000195 https://bugzilla.suse.com/1002496 https://bugzilla.suse.com/1005028 https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1014300 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016340 https://bugzilla.suse.com/1022871 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1024834 From sle-updates at lists.suse.com Tue Feb 28 16:09:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2017 00:09:01 +0100 (CET) Subject: SUSE-SU-2017:0575-1: important: Security update for the Linux Kernel Message-ID: <20170228230901.09174FF82@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0575-1 Rating: important References: #1000092 #1000619 #1003077 #1005918 #1006469 #1006472 #1007729 #1008742 #1009546 #1009674 #1009718 #1009911 #1010612 #1010690 #1010933 #1011176 #1011602 #1011660 #1011913 #1012382 #1012422 #1012829 #1012910 #1013000 #1013001 #1013273 #1013540 #1013792 #1013994 #1014120 #1014410 #1015038 #1015367 #1015840 #1016250 #1016403 #1016517 #1016884 #1016979 #1017164 #1017170 #1017410 #1018100 #1018316 #1018358 #1018446 #1018813 #1018913 #1019061 #1019148 #1019168 #1019260 #1019351 #1019594 #1019630 #1019631 #1019784 #1019851 #1020048 #1020214 #1020488 #1020602 #1020685 #1020817 #1020945 #1020975 #1021082 #1021248 #1021251 #1021258 #1021260 #1021294 #1021455 #1021474 #1022304 #1022429 #1022476 #1022547 #1022559 #1022971 #1023101 #1023175 #1023762 #1023884 #1023888 #1024081 #1024234 #1024508 #1024938 #1025235 #921494 #959709 #964944 #969476 #969477 #969479 #971975 #974215 #981709 #982783 #985561 #987192 #987576 #989056 #991273 #998106 Cross-References: CVE-2015-8709 CVE-2016-7117 CVE-2016-9806 CVE-2017-2583 CVE-2017-2584 CVE-2017-5551 CVE-2017-5576 CVE-2017-5577 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 95 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that was mishandled during error processing (bnc#1003077). - CVE-2017-5576: Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call (bnc#1021294). - CVE-2017-5577: The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel did not set an errno value upon certain overflow detections, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call (bnc#1021294). - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (bnc#1021258). - CVE-2017-2583: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel improperly emulated a "MOV SS, NULL selector" instruction, which allowed guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application (bnc#1020602). - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851). - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here" (bnc#1010933). - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540). - CVE-2017-5897: fixed a bug in the Linux kernel IPv6 implementation which allowed remote attackers to trigger an out-of-bounds access, leading to a denial-of-service attack (bnc#1023762). - CVE-2017-5970: Fixed a possible denial-of-service that could have been triggered by sending bad IP options on a socket (bsc#1024938). - CVE-2017-5986: an application could have triggered a BUG_ON() in sctp_wait_for_sndbuf() if the socket TX buffer was full, a thread was waiting on it to queue more data, and meanwhile another thread peeled off the association being used by the first thread (bsc#1025235). The following non-security bugs were fixed: - 8250: fintek: rename IRQ_MODE macro (boo#1009546). - acpi: nfit, libnvdimm: fix / harden ars_status output length handling (bsc#1023175). - acpi: nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175). - acpi: nfit: validate ars_status output buffer size (bsc#1023175). - arm64: numa: fix incorrect log for memory-less node (bsc#1019631). - asoc: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690). - asoc: rt5670: add HS ground control (bsc#1016250). - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260). - bcache: partition support: add 16 minors per bcacheN device (bsc#1019784). - blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817). - blk-mq: Always schedule hctx->next_cpu (bsc#1020817). - blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817). - blk-mq: Fix failed allocation path when mapping queues (bsc#1020817). - blk-mq: do not overwrite rq->mq_ctx (bsc#1020817). - blk-mq: improve warning for running a queue on the wrong CPU (bsc#1020817). - block: Change extern inline to static inline (bsc#1023175). - bluetooth: btmrvl: fix hung task warning dump (bsc#1018813). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - brcmfmac: Change error print on wlan0 existence (bsc#1000092). - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975). - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100). - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100). - btrfs: fix inode leak on failure to setup whiteout inode in rename (bsc#1020975). - btrfs: fix lockdep warning about log_mutex (bsc#1021455). - btrfs: fix lockdep warning on deadlock against an inode's log mutex (bsc#1021455). - btrfs: fix number of transaction units for renames with whiteout (bsc#1020975). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: incremental send, fix invalid paths for rename operations (bsc#1018316). - btrfs: incremental send, fix premature rmdir operations (bsc#1018316). - btrfs: pin log earlier when renaming (bsc#1020975). - btrfs: pin logs earlier when doing a rename exchange operation (bsc#1020975). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - btrfs: send, add missing error check for calls to path_loop() (bsc#1018316). - btrfs: send, avoid incorrect leaf accesses when sending utimes operations (bsc#1018316). - btrfs: send, fix failure to move directories with the same name around (bsc#1018316). - btrfs: send, fix invalid leaf accesses due to incorrect utimes operations (bsc#1018316). - btrfs: send, fix warning due to late freeing of orphan_dir_info structures (bsc#1018316). - btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192). - btrfs: unpin log if rename operation fails (bsc#1020975). - btrfs: unpin logs if rename exchange operation fails (bsc#1020975). - ceph: fix bad endianness handling in parse_reply_info_extra (bsc#1020488). - clk: xgene: Add PMD clock (bsc#1019351). - clk: xgene: Do not call __pa on ioremaped address (bsc#1019351). - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351). - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038) - config: enable Ceph kernel client modules for ppc64le - config: enable Ceph kernel client modules for s390x - crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913). - crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913). - crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913). - crypto: qat - fix bar discovery for c62x (bsc#1021251). - crypto: qat - zero esram only for DH85x devices (bsc#1021248). - crypto: rsa - allow keys >= 2048 bits in FIPS mode (bsc#1018913). - crypto: xts - consolidate sanity check for keys (bsc#1018913). - crypto: xts - fix compile errors (bsc#1018913). - cxl: fix potential NULL dereference in free_adapter() (bsc#1016517). - dax: fix deadlock with DAX 4k holes (bsc#1012829). - dax: fix device-dax region base (bsc#1023175). - device-dax: check devm_nsio_enable() return value (bsc#1023175). - device-dax: fail all private mapping attempts (bsc#1023175). - device-dax: fix percpu_ref_exit ordering (bsc#1023175). - driver core: fix race between creating/querying glue dir and its cleanup (bnc#1008742). - drivers: hv: Introduce a policy for controlling channel affinity. - drivers: hv: balloon: Add logging for dynamic memory operations. - drivers: hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not set. - drivers: hv: balloon: Fix info request to show max page count. - drivers: hv: balloon: Use available memory value in pressure report. - drivers: hv: balloon: account for gaps in hot add regions. - drivers: hv: balloon: keep track of where ha_region starts. - drivers: hv: balloon: replace ha_region_mutex with spinlock. - drivers: hv: cleanup vmbus_open() for wrap around mappings. - drivers: hv: do not leak memory in vmbus_establish_gpadl(). - drivers: hv: get rid of id in struct vmbus_channel. - drivers: hv: get rid of redundant messagecount in create_gpadl_header(). - drivers: hv: get rid of timeout in vmbus_open(). - drivers: hv: make VMBus bus ids persistent. - drivers: hv: ring_buffer: count on wrap around mappings in get_next_pkt_raw() (v2). - drivers: hv: ring_buffer: use wrap around mappings in hv_copy{from, to}_ringbuffer(). - drivers: hv: ring_buffer: wrap around mappings for ring buffers. - drivers: hv: utils: Check VSS daemon is listening before a hot backup. - drivers: hv: utils: Continue to poll VSS channel after handling requests. - drivers: hv: utils: Fix the mapping between host version and protocol to use. - drivers: hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout. - drivers: hv: vmbus: Base host signaling strictly on the ring state. - drivers: hv: vmbus: Enable explicit signaling policy for NIC channels. - drivers: hv: vmbus: Implement a mechanism to tag the channel for low latency. - drivers: hv: vmbus: Make mmio resource local. - drivers: hv: vmbus: On the read path cleanup the logic to interrupt the host. - drivers: hv: vmbus: On write cleanup the logic to interrupt the host. - drivers: hv: vmbus: Reduce the delay between retries in vmbus_post_msg(). - drivers: hv: vmbus: finally fix hv_need_to_signal_on_read(). - drivers: hv: vmbus: fix the race when querying and updating the percpu list. - drivers: hv: vmbus: suppress some "hv_vmbus: Unknown GUID" warnings. - drivers: hv: vss: Improve log messages. - drivers: hv: vss: Operation timeouts should match host expectation. - drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351). - drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351). - drivers: net: xgene: Add change_mtu function (bsc#1019351). - drivers: net: xgene: Add flow control configuration (bsc#1019351). - drivers: net: xgene: Add flow control initialization (bsc#1019351). - drivers: net: xgene: Add helper function (bsc#1019351). - drivers: net: xgene: Add support for Jumbo frame (bsc#1019351). - drivers: net: xgene: Configure classifier with pagepool (bsc#1019351). - drivers: net: xgene: Fix MSS programming (bsc#1019351). - drivers: net: xgene: fix build after change_mtu function change (bsc#1019351). - drivers: net: xgene: fix: Coalescing values for v2 hardware (bsc#1019351). - drivers: net: xgene: fix: Disable coalescing on v1 hardware (bsc#1019351). - drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351). - drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351). - drivers: net: xgene: uninitialized variable in xgene_enet_free_pagepool() (bsc#1019351). - drm: Delete previous two fixes for i915 (bsc#1019061). These upstream fixes brought some regressions, so better to revert for now. - drm: Disable patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The patch seems leading to the instability on Wyse box (bsc#1015367). - drm: Fix broken VT switch with video=1366x768 option (bsc#1018358). - drm: Use u64 for intermediate dotclock calculations (bnc#1006472). - drm: i915: Do not init hpd polling for vlv and chv from runtime_suspend() (bsc#1014120). - drm: i915: Fix PCODE polling during CDCLK change notification (bsc#1015367). - drm: i915: Fix watermarks for VLV/CHV (bsc#1011176). - drm: i915: Force VDD off on the new power seqeuencer before starting to use it (bsc#1009674). - drm: i915: Mark CPU cache as dirty when used for rendering (bsc#1015367). - drm: i915: Mark i915_hpd_poll_init_work as static (bsc#1014120). - drm: i915: Prevent PPS stealing from a normal DP port on VLV/CHV (bsc#1019061). - drm: i915: Prevent enabling hpd polling in late suspend (bsc#1014120). - drm: i915: Restore PPS HW state from the encoder resume hook (bsc#1019061). - drm: i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061). - drm: vc4: Fix an integer overflow in temporary allocation layout (bsc#1021294). - drm: vc4: Return -EINVAL on the overflow checks failing (bsc#1021294). - drm: virtio-gpu: get the fb from the plane state for atomic updates (bsc#1023101). - edac: xgene: Fix spelling mistake in error messages (bsc#1019351). - efi: libstub: Move Graphics Output Protocol handling to generic code (bnc#974215). - fbcon: Fix vc attr at deinit (bsc#1000619). - fs: nfs: avoid including "mountproto=" with no protocol in /proc/mounts (bsc#1019260). - gpio: xgene: make explicitly non-modular (bsc#1019351). - hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels(). - hv: change clockevents unbind tactics. - hv: do not reset hv_context.tsc_page on crash. - hv_netvsc: Add handler for physical link speed change. - hv_netvsc: Add query for initial physical link speed. - hv_netvsc: Implement batching of receive completions. - hv_netvsc: Revert "make inline functions static". - hv_netvsc: Revert "report vmbus name in ethtool". - hv_netvsc: add ethtool statistics for tx packet issues. - hv_netvsc: count multicast packets received. - hv_netvsc: dev hold/put reference to VF. - hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf(). - hv_netvsc: fix comments. - hv_netvsc: fix rtnl locking in callback. - hv_netvsc: improve VF device matching. - hv_netvsc: init completion during alloc. - hv_netvsc: make RSS hash key static. - hv_netvsc: make device_remove void. - hv_netvsc: make inline functions static. - hv_netvsc: make netvsc_destroy_buf void. - hv_netvsc: make variable local. - hv_netvsc: rearrange start_xmit. - hv_netvsc: refactor completion function. - hv_netvsc: remove VF in flight counters. - hv_netvsc: remove excessive logging on MTU change. - hv_netvsc: report vmbus name in ethtool. - hv_netvsc: simplify callback event code. - hv_netvsc: style cleanups. - hv_netvsc: use ARRAY_SIZE() for NDIS versions. - hv_netvsc: use RCU to protect vf_netdev. - hv_netvsc: use consume_skb. - hv_netvsc: use kcalloc. - hyperv: Fix spelling of HV_UNKOWN. - i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while holding the punit semaphore (bsc#1011913). - i2c: designware: Implement support for SMBus block read and write (bsc#1019351). - i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351). - i2c: xgene: Fix missing code of DTB support (bsc#1019351). - i40e: Be much more verbose about what we can and cannot offload (bsc#985561). - ibmveth: calculate gso_segs for large packets (bsc#1019148). - ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148). - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148). - ibmveth: set correct gso_size and gso_type (bsc#1019148). - igb: Workaround for igb i210 firmware issue (bsc#1009911). - igb: add i211 to i210 PHY workaround (bsc#1009911). - input: i8042: Trust firmware a bit more when probing on X86 (bsc#1011660). - intel_idle: Add KBL support (bsc#1016884). - ip6_gre: fix ip6gre_err() invalid reads (CVE-2017-5897, bsc#1023762). - ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918). - iwlwifi: Expose the default fallback ucode API to module info (boo#1021082, boo#1023884). - kgraft: iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612). - kgraft: xen: Do not block kGraft in xenbus kthread (bsc#1017410). - libnvdimm: pfn: fix align attribute (bsc#1023175). - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - md-cluster: convert the completion to wait queue. - md-cluster: protect md_find_rdev_nr_rcu with rcu lock. - md: ensure md devices are freed before module is unloaded (bsc#1022304). - md: fix refcount problem on mddev when stopping array (bsc#1022304). - misc: genwqe: ensure zero initialization. - mm: do not loop on GFP_REPEAT high order requests if there is no reclaim progress (bnc#1013000). - mm: memcg: do not retry precharge charges (bnc#1022559). - mm: page_alloc: fix check for NULL preferred_zone (bnc#971975 VM performance -- page allocator). - mm: page_alloc: fix fast-path race with cpuset update or removal (bnc#971975 VM performance -- page allocator). - mm: page_alloc: fix premature OOM when racing with cpuset mems update (bnc#971975 VM performance -- page allocator). - mm: page_alloc: keep pcp count and list contents in sync if struct page is corrupted (bnc#971975 VM performance -- page allocator). - mm: page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM performance -- page allocator). - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for sdhci-arasan4.9a (bsc#1019351). - mwifiex: add missing check for PCIe8997 chipset (bsc#1018813). - mwifiex: fix IBSS data path issue (bsc#1018813). - mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813). - net: af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945, LTC#150566). - net: ethernet: apm: xgene: use phydev from struct net_device (bsc#1019351). - net: ethtool: Initialize buffer when querying device channel settings (bsc#969479). - net: hyperv: avoid uninitialized variable. - net: implement netif_cond_dbg macro (bsc#1019168). - net: remove useless memset's in drivers get_stats64 (bsc#1019351). - net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351). - net: xgene: fix backward compatibility fix (bsc#1019351). - net: xgene: fix error handling during reset (bsc#1019351). - net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351). - netvsc: Remove mistaken udp.h inclusion. - netvsc: add rcu_read locking to netvsc callback. - netvsc: fix checksum on UDP IPV6. - netvsc: reduce maximum GSO size. - nfit: fail DSMs that return non-zero status by default (bsc#1023175). - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175). - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685). - ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock() (bnc#921494). - pci: Add devm_request_pci_bus_resources() (bsc#1019351). - pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630). - pci: hv: Allocate physically contiguous hypercall params buffer. - pci: hv: Fix hv_pci_remove() for hot-remove. - pci: hv: Handle hv_pci_generic_compl() error case. - pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg(). - pci: hv: Make unnecessarily global IRQ masking functions static. - pci: hv: Remove the unused 'wrk' in struct hv_pcibus_device. - pci: hv: Use list_move_tail() instead of list_del() + list_add_tail(). - pci: hv: Use pci_function_description in struct definitions. - pci: hv: Use the correct buffer size in new_pcichild_device(). - pci: hv: Use zero-length array in struct pci_packet. - pci: include header file (bsc#964944). - pci: xgene: Add local struct device pointers (bsc#1019351). - pci: xgene: Add register accessors (bsc#1019351). - pci: xgene: Free bridge resource list on failure (bsc#1019351). - pci: xgene: Make explicitly non-modular (bsc#1019351). - pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351). - pci: xgene: Remove unused platform data (bsc#1019351). - pci: xgene: Request host bridge window resources (bsc#1019351). - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351). - phy: xgene: rename "enum phy_mode" to "enum xgene_phy_mode" (bsc#1019351). - power: reset: xgene-reboot: Unmap region obtained by of_iomap (bsc#1019351). - powerpc: fadump: Fix the race in crash_fadump() (bsc#1022971). - qeth: check not more than 16 SBALEs on the completion queue (bnc#1009718, LTC#148203). - raid1: Fix a regression observed during the rebuilding of degraded MDRAID VDs (bsc#1020048). - raid1: ignore discard error (bsc#1017164). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm: kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm: kernel-binary.spec.in: Fix installation of /etc/uefi/certs (bsc#1019594) - rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429). - rtc: cmos: Do not enable interrupts in the middle of the interrupt handler (bsc#1022429). - rtc: cmos: Restore alarm after resume (bsc#1022429). - rtc: cmos: avoid unused function warning (bsc#1022429). - s390: Fix invalid domain response handling (bnc#1009718). - s390: cpuinfo: show maximum thread id (bnc#1009718, LTC#148580). - s390: sysinfo: show partition extended name and UUID if available (bnc#1009718, LTC#150160). - s390: time: LPAR offset handling (bnc#1009718, LTC#146920). - s390: time: move PTFF definitions (bnc#1009718, LTC#146920). - sched: Allow hotplug notifiers to be setup early (bnc#1022476). - sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476). - sched: core, x86/topology: Fix NUMA in package topology bug (bnc#1022476). - sched: core: Fix incorrect utilization accounting when switching to fair class (bnc#1022476). - sched: core: Fix set_user_nice() (bnc#1022476). - sched: cputime: Add steal time support to full dynticks CPU time accounting (bnc#1022476). - sched: cputime: Fix prev steal time accouting during CPU hotplug (bnc#1022476). - sched: deadline: Always calculate end of period on sched_yield() (bnc#1022476). - sched: deadline: Fix a bug in dl_overflow() (bnc#1022476). - sched: deadline: Fix lock pinning warning during CPU hotplug (bnc#1022476). - sched: deadline: Fix wrap-around in DL heap (bnc#1022476). - sched: fair: Avoid using decay_load_missed() with a negative value (bnc#1022476). - sched: fair: Fix fixed point arithmetic width for shares and effective load (bnc#1022476). - sched: fair: Fix load_above_capacity fixed point arithmetic width (bnc#1022476). - sched: fair: Fix min_vruntime tracking (bnc#1022476). - sched: fair: Fix the wrong throttled clock time for cfs_rq_clock_task() (bnc#1022476). - sched: fair: Improve PELT stuff some more (bnc#1022476). - sched: rt, sched/dl: Do not push if task's scheduling class was changed (bnc#1022476). - sched: rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476). - sched: rt: Kick RT bandwidth timer immediately on start up (bnc#1022476). - scsi: Add 'AIX VDASD' to blacklist (bsc#1006469). - scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469). - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273). - scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels. - scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910). - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986, bsc#1025235). - sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792). - serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly, too. Also, the corresponding entry got removed from supported.conf. - serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546). - serial: Update metadata for serial fixes (bsc#1013001) - ses: Fix SAS device detection in enclosure (bsc#1016403). - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - sfc: refactor debug-or-warnings printks (bsc#1019168). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail (bsc#1018813) - supported.conf: delete xilinx/ll_temac (bsc#1011602) - target: add XCOPY target/segment desc sense codes (bsc#991273). - target: bounds check XCOPY segment descriptor list (bsc#991273). - target: bounds check XCOPY total descriptor list length (bsc#991273). - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170). - target: check for XCOPY parameter truncation (bsc#991273). - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273). - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273). - target: support XCOPY requests without parameters (bsc#991273). - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273). - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170). - tools: hv: Enable network manager for bonding scripts on RHEL. - tools: hv: fix a compile warning in snprintf. - tools: hv: kvp: configurable external scripts path. - tools: hv: kvp: ensure kvp device fd is closed on exec. - tools: hv: remove unnecessary header files and netlink related code. - tools: hv: remove unnecessary link flag. - tty: n_hdlc, fix lockdep false positive (bnc#1015840). - uvcvideo: uvc_scan_fallback() for webcams with broken chain (bsc#1021474). - vmbus: make sysfs names consistent with PCI. - x86: MCE: Dump MCE to dmesg if no consumers (bsc#1013994). - x86: hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic. - xfs: don't allow di_size with high bit set (bsc#1024234). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix broken multi-fsb buffer logging (bsc#1024081). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). - xfs: track and serialize in-flight async buffers against unmount - kABI (bsc#1024508). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-300=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-300=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-300=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-300=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-300=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-300=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-300=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-300=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.49-92.11.1 kernel-default-debugsource-4.4.49-92.11.1 kernel-default-extra-4.4.49-92.11.1 kernel-default-extra-debuginfo-4.4.49-92.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.49-92.11.1 kernel-obs-build-debugsource-4.4.49-92.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.49-92.11.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.49-92.11.1 kernel-default-base-4.4.49-92.11.1 kernel-default-base-debuginfo-4.4.49-92.11.1 kernel-default-debuginfo-4.4.49-92.11.1 kernel-default-debugsource-4.4.49-92.11.1 kernel-default-devel-4.4.49-92.11.1 kernel-syms-4.4.49-92.11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.49-92.11.1 kernel-macros-4.4.49-92.11.1 kernel-source-4.4.49-92.11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.49-92.11.1 kernel-default-base-4.4.49-92.11.1 kernel-default-base-debuginfo-4.4.49-92.11.1 kernel-default-debuginfo-4.4.49-92.11.1 kernel-default-debugsource-4.4.49-92.11.1 kernel-default-devel-4.4.49-92.11.1 kernel-syms-4.4.49-92.11.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.49-92.11.1 kernel-macros-4.4.49-92.11.1 kernel-source-4.4.49-92.11.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_11-default-1-6.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.49-92.11.1 cluster-md-kmp-default-debuginfo-4.4.49-92.11.1 cluster-network-kmp-default-4.4.49-92.11.1 cluster-network-kmp-default-debuginfo-4.4.49-92.11.1 dlm-kmp-default-4.4.49-92.11.1 dlm-kmp-default-debuginfo-4.4.49-92.11.1 gfs2-kmp-default-4.4.49-92.11.1 gfs2-kmp-default-debuginfo-4.4.49-92.11.1 kernel-default-debuginfo-4.4.49-92.11.1 kernel-default-debugsource-4.4.49-92.11.1 ocfs2-kmp-default-4.4.49-92.11.1 ocfs2-kmp-default-debuginfo-4.4.49-92.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.49-92.11.1 kernel-default-debuginfo-4.4.49-92.11.1 kernel-default-debugsource-4.4.49-92.11.1 kernel-default-devel-4.4.49-92.11.1 kernel-default-extra-4.4.49-92.11.1 kernel-default-extra-debuginfo-4.4.49-92.11.1 kernel-syms-4.4.49-92.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.49-92.11.1 kernel-macros-4.4.49-92.11.1 kernel-source-4.4.49-92.11.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.49-92.11.1 kernel-default-debuginfo-4.4.49-92.11.1 kernel-default-debugsource-4.4.49-92.11.1 References: https://www.suse.com/security/cve/CVE-2015-8709.html https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-9806.html https://www.suse.com/security/cve/CVE-2017-2583.html https://www.suse.com/security/cve/CVE-2017-2584.html https://www.suse.com/security/cve/CVE-2017-5551.html https://www.suse.com/security/cve/CVE-2017-5576.html https://www.suse.com/security/cve/CVE-2017-5577.html https://www.suse.com/security/cve/CVE-2017-5897.html https://www.suse.com/security/cve/CVE-2017-5970.html https://www.suse.com/security/cve/CVE-2017-5986.html https://bugzilla.suse.com/1000092 https://bugzilla.suse.com/1000619 https://bugzilla.suse.com/1003077 https://bugzilla.suse.com/1005918 https://bugzilla.suse.com/1006469 https://bugzilla.suse.com/1006472 https://bugzilla.suse.com/1007729 https://bugzilla.suse.com/1008742 https://bugzilla.suse.com/1009546 https://bugzilla.suse.com/1009674 https://bugzilla.suse.com/1009718 https://bugzilla.suse.com/1009911 https://bugzilla.suse.com/1010612 https://bugzilla.suse.com/1010690 https://bugzilla.suse.com/1010933 https://bugzilla.suse.com/1011176 https://bugzilla.suse.com/1011602 https://bugzilla.suse.com/1011660 https://bugzilla.suse.com/1011913 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1012910 https://bugzilla.suse.com/1013000 https://bugzilla.suse.com/1013001 https://bugzilla.suse.com/1013273 https://bugzilla.suse.com/1013540 https://bugzilla.suse.com/1013792 https://bugzilla.suse.com/1013994 https://bugzilla.suse.com/1014120 https://bugzilla.suse.com/1014410 https://bugzilla.suse.com/1015038 https://bugzilla.suse.com/1015367 https://bugzilla.suse.com/1015840 https://bugzilla.suse.com/1016250 https://bugzilla.suse.com/1016403 https://bugzilla.suse.com/1016517 https://bugzilla.suse.com/1016884 https://bugzilla.suse.com/1016979 https://bugzilla.suse.com/1017164 https://bugzilla.suse.com/1017170 https://bugzilla.suse.com/1017410 https://bugzilla.suse.com/1018100 https://bugzilla.suse.com/1018316 https://bugzilla.suse.com/1018358 https://bugzilla.suse.com/1018446 https://bugzilla.suse.com/1018813 https://bugzilla.suse.com/1018913 https://bugzilla.suse.com/1019061 https://bugzilla.suse.com/1019148 https://bugzilla.suse.com/1019168 https://bugzilla.suse.com/1019260 https://bugzilla.suse.com/1019351 https://bugzilla.suse.com/1019594 https://bugzilla.suse.com/1019630 https://bugzilla.suse.com/1019631 https://bugzilla.suse.com/1019784 https://bugzilla.suse.com/1019851 https://bugzilla.suse.com/1020048 https://bugzilla.suse.com/1020214 https://bugzilla.suse.com/1020488 https://bugzilla.suse.com/1020602 https://bugzilla.suse.com/1020685 https://bugzilla.suse.com/1020817 https://bugzilla.suse.com/1020945 https://bugzilla.suse.com/1020975 https://bugzilla.suse.com/1021082 https://bugzilla.suse.com/1021248 https://bugzilla.suse.com/1021251 https://bugzilla.suse.com/1021258 https://bugzilla.suse.com/1021260 https://bugzilla.suse.com/1021294 https://bugzilla.suse.com/1021455 https://bugzilla.suse.com/1021474 https://bugzilla.suse.com/1022304 https://bugzilla.suse.com/1022429 https://bugzilla.suse.com/1022476 https://bugzilla.suse.com/1022547 https://bugzilla.suse.com/1022559 https://bugzilla.suse.com/1022971 https://bugzilla.suse.com/1023101 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1023762 https://bugzilla.suse.com/1023884 https://bugzilla.suse.com/1023888 https://bugzilla.suse.com/1024081 https://bugzilla.suse.com/1024234 https://bugzilla.suse.com/1024508 https://bugzilla.suse.com/1024938 https://bugzilla.suse.com/1025235 https://bugzilla.suse.com/921494 https://bugzilla.suse.com/959709 https://bugzilla.suse.com/964944 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/969479 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/974215 https://bugzilla.suse.com/981709 https://bugzilla.suse.com/982783 https://bugzilla.suse.com/985561 https://bugzilla.suse.com/987192 https://bugzilla.suse.com/987576 https://bugzilla.suse.com/989056 https://bugzilla.suse.com/991273 https://bugzilla.suse.com/998106 From sle-updates at lists.suse.com Tue Feb 28 16:31:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2017 00:31:00 +0100 (CET) Subject: SUSE-RU-2017:0577-1: moderate: Recommended update for crowbar-core Message-ID: <20170228233100.43D8FFF7F@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0577-1 Rating: moderate References: #1010211 #1012173 #1012177 #1013556 #1014154 #1014835 #1016724 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for crowbar, crowbar-core and rubygem-chef-solr fixes the following issues: - gems: Allow rubygem-puma version to be greater than 2.11 (bsc#1016724) - barclamp: Fix potential infinite loop in Nic.dependent (bsc#1014154) - proposal: Fix wrong return on proposal reset (bsc#1014835) - provisioner: Use chef_client_runs from node (bsc#1013556) - batch: Add an import subcommand (bsc#1012173) - chef-solr: Make solr heap and tmpfs configurable (bsc#1010211) - chef-client: Make chef_client runs configurable (bsc#1010211) - webserver: enable crowbar to change workers/threads itself (bsc#1010211) - puma: Reduce puma worker and use more threads (bsc#1010211) - Replace deep_clone with deep_dup (bsc#1010211) - upgrade: make a backup of the important database state (bsc#1012177) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-301=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-chef-solr-10.32.2-3.1 rubygem-chef-solr-10.32.2-3.1 - SUSE OpenStack Cloud 6 (noarch): crowbar-3.0+git.1480527085.c620110-20.1 crowbar-core-3.0+git.1482483492.27eed1c-17.2 crowbar-core-branding-upstream-3.0+git.1482483492.27eed1c-17.2 crowbar-devel-3.0+git.1480527085.c620110-20.1 References: https://bugzilla.suse.com/1010211 https://bugzilla.suse.com/1012173 https://bugzilla.suse.com/1012177 https://bugzilla.suse.com/1013556 https://bugzilla.suse.com/1014154 https://bugzilla.suse.com/1014835 https://bugzilla.suse.com/1016724 From sle-updates at lists.suse.com Tue Feb 28 16:32:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2017 00:32:19 +0100 (CET) Subject: SUSE-RU-2017:0578-1: moderate: Recommended update for rubygem-puma Message-ID: <20170228233219.A0A1CFF82@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0578-1 Rating: moderate References: #1016724 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-puma is a version update to 2.16.0 and fixes an issue where empty HTTP responses from the crowbar API were handled incorrectly and therefore errors appeared in the user interface during an upgrade (bsc#1016724). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-303=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-puma-2.16.0-3.2 ruby2.1-rubygem-puma-debuginfo-2.16.0-3.2 rubygem-puma-debugsource-2.16.0-3.2 References: https://bugzilla.suse.com/1016724 From sle-updates at lists.suse.com Tue Feb 28 16:33:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2017 00:33:33 +0100 (CET) Subject: SUSE-RU-2017:0581-1: Recommended update for crowbar-core Message-ID: <20170228233333.EA001FF82@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0581-1 Rating: low References: #1016724 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-core fixes the following issues: - gems: Allow rubygem-puma version to be greater than 2.11 (bsc#1016724) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-302=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): crowbar-4.0+git.1478269929.fcc6f8a-2.1 crowbar-core-4.0+git.1479389772.5817a48-3.1 References: https://bugzilla.suse.com/1016724 From sle-updates at lists.suse.com Tue Feb 28 16:33:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Mar 2017 00:33:55 +0100 (CET) Subject: SUSE-SU-2017:0582-1: important: Security update for xen Message-ID: <20170228233355.8012DFF82@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0582-1 Rating: important References: #1000195 #1002496 #1013657 #1013668 #1014490 #1014507 #1015169 #1016340 #1022627 #1022871 #1023004 #1024183 #1024186 #1024307 #1024834 #1025188 #907805 Cross-References: CVE-2014-8106 CVE-2016-10155 CVE-2016-9101 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5579 CVE-2017-5856 CVE-2017-5898 CVE-2017-5973 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 14 vulnerabilities and has three fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025188) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1024186) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805). - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1022627) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014490) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) These non-security issues were fixed: - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3 - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-299=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-299=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): xen-4.4.4_14-22.33.1 xen-debugsource-4.4.4_14-22.33.1 xen-doc-html-4.4.4_14-22.33.1 xen-kmp-default-4.4.4_14_k3.12.61_52.66-22.33.1 xen-kmp-default-debuginfo-4.4.4_14_k3.12.61_52.66-22.33.1 xen-libs-32bit-4.4.4_14-22.33.1 xen-libs-4.4.4_14-22.33.1 xen-libs-debuginfo-32bit-4.4.4_14-22.33.1 xen-libs-debuginfo-4.4.4_14-22.33.1 xen-tools-4.4.4_14-22.33.1 xen-tools-debuginfo-4.4.4_14-22.33.1 xen-tools-domU-4.4.4_14-22.33.1 xen-tools-domU-debuginfo-4.4.4_14-22.33.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_14-22.33.1 xen-debugsource-4.4.4_14-22.33.1 xen-doc-html-4.4.4_14-22.33.1 xen-kmp-default-4.4.4_14_k3.12.61_52.66-22.33.1 xen-kmp-default-debuginfo-4.4.4_14_k3.12.61_52.66-22.33.1 xen-libs-32bit-4.4.4_14-22.33.1 xen-libs-4.4.4_14-22.33.1 xen-libs-debuginfo-32bit-4.4.4_14-22.33.1 xen-libs-debuginfo-4.4.4_14-22.33.1 xen-tools-4.4.4_14-22.33.1 xen-tools-debuginfo-4.4.4_14-22.33.1 xen-tools-domU-4.4.4_14-22.33.1 xen-tools-domU-debuginfo-4.4.4_14-22.33.1 References: https://www.suse.com/security/cve/CVE-2014-8106.html https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5579.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://www.suse.com/security/cve/CVE-2017-5973.html https://bugzilla.suse.com/1000195 https://bugzilla.suse.com/1002496 https://bugzilla.suse.com/1013657 https://bugzilla.suse.com/1013668 https://bugzilla.suse.com/1014490 https://bugzilla.suse.com/1014507 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016340 https://bugzilla.suse.com/1022627 https://bugzilla.suse.com/1022871 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1024183 https://bugzilla.suse.com/1024186 https://bugzilla.suse.com/1024307 https://bugzilla.suse.com/1024834 https://bugzilla.suse.com/1025188 https://bugzilla.suse.com/907805