From sle-updates at lists.suse.com Thu Jun 1 10:09:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2017 18:09:40 +0200 (CEST) Subject: SUSE-SU-2017:1471-1: important: Security update for strongswan Message-ID: <20170601160940.C7605101C9@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1471-1 Rating: important References: #1039514 #1039515 Cross-References: CVE-2017-9022 CVE-2017-9023 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service (bsc#1039514) - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service (bsc#1039515) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-strongswan-13136=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-strongswan-13136=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.35.1 strongswan-doc-4.4.0-6.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-debuginfo-4.4.0-6.35.1 strongswan-debugsource-4.4.0-6.35.1 References: https://www.suse.com/security/cve/CVE-2017-9022.html https://www.suse.com/security/cve/CVE-2017-9023.html https://bugzilla.suse.com/1039514 https://bugzilla.suse.com/1039515 From sle-updates at lists.suse.com Thu Jun 1 10:10:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2017 18:10:19 +0200 (CEST) Subject: SUSE-RU-2017:1472-1: Recommended update for shadow Message-ID: <20170601161019.DC8D3101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for shadow ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1472-1 Rating: low References: #1003978 #1031643 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for shadow fixes the following issues: - Dynamically added users via pam_group are not listed in groups databases but are still valid. (bsc#1031643) - useradd(8) and groupadd(8) performance issue when using SSSD. Previously the entire possible UID/GID was iterated to find an available UID/GID. This could take long time over a network device. Instead, find available UID/GID locally, and then check only those values over network. (bsc#1003978) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-907=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-907=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-907=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-907=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): shadow-4.2.1-26.1 shadow-debuginfo-4.2.1-26.1 shadow-debugsource-4.2.1-26.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): shadow-4.2.1-26.1 shadow-debuginfo-4.2.1-26.1 shadow-debugsource-4.2.1-26.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): shadow-4.2.1-26.1 shadow-debuginfo-4.2.1-26.1 shadow-debugsource-4.2.1-26.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): shadow-4.2.1-26.1 shadow-debuginfo-4.2.1-26.1 shadow-debugsource-4.2.1-26.1 References: https://bugzilla.suse.com/1003978 https://bugzilla.suse.com/1031643 From sle-updates at lists.suse.com Thu Jun 1 10:11:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2017 18:11:14 +0200 (CEST) Subject: SUSE-SU-2017:1473-1: important: Security update for strongswan Message-ID: <20170601161114.9EE73101C9@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1473-1 Rating: important References: #1039514 #1039515 #985012 Cross-References: CVE-2017-9022 CVE-2017-9023 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service (bsc#1039514) - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service (bsc#1039515) - IKEv1 protocol is vulnerable to DoS amplification attack (bsc#985012) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-906=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-906=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-906=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): strongswan-5.1.3-25.1 strongswan-debugsource-5.1.3-25.1 strongswan-hmac-5.1.3-25.1 strongswan-ipsec-5.1.3-25.1 strongswan-ipsec-debuginfo-5.1.3-25.1 strongswan-libs0-5.1.3-25.1 strongswan-libs0-debuginfo-5.1.3-25.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): strongswan-doc-5.1.3-25.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): strongswan-5.1.3-25.1 strongswan-debugsource-5.1.3-25.1 strongswan-hmac-5.1.3-25.1 strongswan-ipsec-5.1.3-25.1 strongswan-ipsec-debuginfo-5.1.3-25.1 strongswan-libs0-5.1.3-25.1 strongswan-libs0-debuginfo-5.1.3-25.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): strongswan-doc-5.1.3-25.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): strongswan-5.1.3-25.1 strongswan-debugsource-5.1.3-25.1 strongswan-ipsec-5.1.3-25.1 strongswan-ipsec-debuginfo-5.1.3-25.1 strongswan-libs0-5.1.3-25.1 strongswan-libs0-debuginfo-5.1.3-25.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): strongswan-doc-5.1.3-25.1 References: https://www.suse.com/security/cve/CVE-2017-9022.html https://www.suse.com/security/cve/CVE-2017-9023.html https://bugzilla.suse.com/1039514 https://bugzilla.suse.com/1039515 https://bugzilla.suse.com/985012 From sle-updates at lists.suse.com Thu Jun 1 19:09:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2017 03:09:40 +0200 (CEST) Subject: SUSE-OU-2017:1463-2: Initial release of Google Cloud SDK dependencies Message-ID: <20170602010940.9E58C101C9@maintenance.suse.de> SUSE Optional Update: Initial release of Google Cloud SDK dependencies ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1463-2 Rating: low References: #1002895 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update contains a set of Python modules required by newer versions of the Google Cloud SDK. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-893=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (ppc64le): python-dulwich-0.16.3-3.1 python-ruamel.ordereddict-0.4.9-3.1 python-ruamel.yaml-0.12.14-3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Pygments-1.6-7.1 python-fasteners-0.14.1-3.1 python-monotonic-1.2-3.1 python-ruamel.base-1.0.0-3.1 python-wcwidth-0.1.4-3.1 References: https://bugzilla.suse.com/1002895 From sle-updates at lists.suse.com Fri Jun 2 07:09:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2017 15:09:58 +0200 (CEST) Subject: SUSE-RU-2017:1476-1: Recommended update for diamond and romana Message-ID: <20170602130958.92C37101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for diamond and romana ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1476-1 Rating: low References: #1037959 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for diamond and romana provides the following fixes: - ceph collector: allow dots in mon service IDs (bsc#1037959) - Fix missing summary graphs on standalone MON nodes (bsc#1037959) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-909=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): diamond-3.4-8.1 romana-1.3+git.1495075212.d2e51c89-4.5 References: https://bugzilla.suse.com/1037959 From sle-updates at lists.suse.com Fri Jun 2 07:10:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2017 15:10:34 +0200 (CEST) Subject: SUSE-RU-2017:1477-1: Recommended update for plymouth Message-ID: <20170602131034.BC107101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1477-1 Rating: low References: #1000597 #1031364 #1036172 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for plymouth provides the following fix: - Avoid an issue where the initramfs finishes (generating a coldplug event) before udev has informed plymouth of the DRM devices. (bsc#1000597, bsc#1036172, bsc#1031364) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-908=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-908=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-908=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-908=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): plymouth-debuginfo-0.9.2-34.2 plymouth-debugsource-0.9.2-34.2 plymouth-devel-0.9.2-34.2 plymouth-plugin-tribar-0.9.2-34.2 plymouth-plugin-tribar-debuginfo-0.9.2-34.2 plymouth-x11-renderer-0.9.2-34.2 plymouth-x11-renderer-debuginfo-0.9.2-34.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): plymouth-theme-tribar-0.9.2-34.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libply-boot-client4-0.9.2-34.2 libply-boot-client4-debuginfo-0.9.2-34.2 libply-splash-core4-0.9.2-34.2 libply-splash-core4-debuginfo-0.9.2-34.2 libply-splash-graphics4-0.9.2-34.2 libply-splash-graphics4-debuginfo-0.9.2-34.2 libply4-0.9.2-34.2 libply4-debuginfo-0.9.2-34.2 plymouth-0.9.2-34.2 plymouth-debuginfo-0.9.2-34.2 plymouth-debugsource-0.9.2-34.2 plymouth-dracut-0.9.2-34.2 plymouth-plugin-label-0.9.2-34.2 plymouth-plugin-label-debuginfo-0.9.2-34.2 plymouth-plugin-label-ft-0.9.2-34.2 plymouth-plugin-label-ft-debuginfo-0.9.2-34.2 plymouth-plugin-script-0.9.2-34.2 plymouth-plugin-script-debuginfo-0.9.2-34.2 plymouth-scripts-0.9.2-34.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libply-boot-client4-0.9.2-34.2 libply-boot-client4-debuginfo-0.9.2-34.2 libply-splash-core4-0.9.2-34.2 libply-splash-core4-debuginfo-0.9.2-34.2 libply-splash-graphics4-0.9.2-34.2 libply-splash-graphics4-debuginfo-0.9.2-34.2 libply4-0.9.2-34.2 libply4-debuginfo-0.9.2-34.2 plymouth-0.9.2-34.2 plymouth-debuginfo-0.9.2-34.2 plymouth-debugsource-0.9.2-34.2 plymouth-dracut-0.9.2-34.2 plymouth-plugin-label-0.9.2-34.2 plymouth-plugin-label-debuginfo-0.9.2-34.2 plymouth-plugin-label-ft-0.9.2-34.2 plymouth-plugin-label-ft-debuginfo-0.9.2-34.2 plymouth-plugin-script-0.9.2-34.2 plymouth-plugin-script-debuginfo-0.9.2-34.2 plymouth-scripts-0.9.2-34.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libply-boot-client4-0.9.2-34.2 libply-boot-client4-debuginfo-0.9.2-34.2 libply-splash-core4-0.9.2-34.2 libply-splash-core4-debuginfo-0.9.2-34.2 libply-splash-graphics4-0.9.2-34.2 libply-splash-graphics4-debuginfo-0.9.2-34.2 libply4-0.9.2-34.2 libply4-debuginfo-0.9.2-34.2 plymouth-0.9.2-34.2 plymouth-debuginfo-0.9.2-34.2 plymouth-debugsource-0.9.2-34.2 plymouth-dracut-0.9.2-34.2 plymouth-plugin-label-0.9.2-34.2 plymouth-plugin-label-debuginfo-0.9.2-34.2 plymouth-plugin-label-ft-0.9.2-34.2 plymouth-plugin-label-ft-debuginfo-0.9.2-34.2 plymouth-plugin-script-0.9.2-34.2 plymouth-plugin-script-debuginfo-0.9.2-34.2 plymouth-scripts-0.9.2-34.2 References: https://bugzilla.suse.com/1000597 https://bugzilla.suse.com/1031364 https://bugzilla.suse.com/1036172 From sle-updates at lists.suse.com Fri Jun 2 10:10:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2017 18:10:18 +0200 (CEST) Subject: SUSE-SU-2017:1479-1: moderate: Security update for ceph Message-ID: <20170602161018.C8C3D101C9@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1479-1 Rating: moderate References: #1003891 #1008435 #1008501 #1012100 #1014986 #1015748 #1029482 #970642 Cross-References: CVE-2016-9579 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update provides Ceph 10.2.6, which brings fixes and enhancements: This security issue was fixed: - CVE-2016-9579: Do not abort RGW server when accepting a CORS request with short origin. (bsc#1014986) These non-security issues were fixed: - common: Add rdbmap to ceph-common. (bsc#1029482) - tools/rados: Default to include clone objects when executing "cache-flush-evict-all". (bsc#1003891) - mon, ceph-disk: Add lockbox permissions to bootstrap-osd. (bsc#1008435) - ceph_volume_client: Fix _recover_auth_meta() method. (bsc#1008501) - systemd/ceph-disk: Reduce ceph-disk flock contention. (bsc#1012100) - doc: Add verbiage to rbdmap manpage. (bsc#1015748) - doc: Add Install section to systemd rbdmap.service file. (bsc#1015748) - doc: Remove references to mds destroy from ceph-deploy man page. (bsc#970642) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-911=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): ceph-10.2.6+git.1490339825.57146d8-11.7 ceph-base-10.2.6+git.1490339825.57146d8-11.7 ceph-base-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-common-10.2.6+git.1490339825.57146d8-11.7 ceph-common-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-debugsource-10.2.6+git.1490339825.57146d8-11.7 ceph-fuse-10.2.6+git.1490339825.57146d8-11.7 ceph-fuse-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-mds-10.2.6+git.1490339825.57146d8-11.7 ceph-mds-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-mon-10.2.6+git.1490339825.57146d8-11.7 ceph-mon-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-osd-10.2.6+git.1490339825.57146d8-11.7 ceph-osd-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-radosgw-10.2.6+git.1490339825.57146d8-11.7 ceph-radosgw-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-test-10.2.6+git.1490339825.57146d8-11.7 ceph-test-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-test-debugsource-10.2.6+git.1490339825.57146d8-11.7 libcephfs1-10.2.6+git.1490339825.57146d8-11.7 libcephfs1-debuginfo-10.2.6+git.1490339825.57146d8-11.7 librados2-10.2.6+git.1490339825.57146d8-11.7 librados2-debuginfo-10.2.6+git.1490339825.57146d8-11.7 libradosstriper1-10.2.6+git.1490339825.57146d8-11.7 libradosstriper1-debuginfo-10.2.6+git.1490339825.57146d8-11.7 librbd1-10.2.6+git.1490339825.57146d8-11.7 librbd1-debuginfo-10.2.6+git.1490339825.57146d8-11.7 librgw2-10.2.6+git.1490339825.57146d8-11.7 librgw2-debuginfo-10.2.6+git.1490339825.57146d8-11.7 python-ceph-compat-10.2.6+git.1490339825.57146d8-11.7 python-cephfs-10.2.6+git.1490339825.57146d8-11.7 python-cephfs-debuginfo-10.2.6+git.1490339825.57146d8-11.7 python-rados-10.2.6+git.1490339825.57146d8-11.7 python-rados-debuginfo-10.2.6+git.1490339825.57146d8-11.7 python-rbd-10.2.6+git.1490339825.57146d8-11.7 python-rbd-debuginfo-10.2.6+git.1490339825.57146d8-11.7 rbd-fuse-10.2.6+git.1490339825.57146d8-11.7 rbd-fuse-debuginfo-10.2.6+git.1490339825.57146d8-11.7 rbd-mirror-10.2.6+git.1490339825.57146d8-11.7 rbd-mirror-debuginfo-10.2.6+git.1490339825.57146d8-11.7 rbd-nbd-10.2.6+git.1490339825.57146d8-11.7 rbd-nbd-debuginfo-10.2.6+git.1490339825.57146d8-11.7 References: https://www.suse.com/security/cve/CVE-2016-9579.html https://bugzilla.suse.com/1003891 https://bugzilla.suse.com/1008435 https://bugzilla.suse.com/1008501 https://bugzilla.suse.com/1012100 https://bugzilla.suse.com/1014986 https://bugzilla.suse.com/1015748 https://bugzilla.suse.com/1029482 https://bugzilla.suse.com/970642 From sle-updates at lists.suse.com Fri Jun 2 10:12:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2017 18:12:55 +0200 (CEST) Subject: SUSE-SU-2017:1481-1: moderate: Security update for libnettle Message-ID: <20170602161255.EFFB1101C9@maintenance.suse.de> SUSE Security Update: Security update for libnettle ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1481-1 Rating: moderate References: #991464 Cross-References: CVE-2016-6489 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libnettle fixes the following issues: - CVE-2016-6489: * Reject invalid RSA keys with even modulo. * Check for invalid keys, with even p, in dsa_sign(). * Use function mpz_powm_sec() instead of mpz_powm() (bsc#991464). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-910=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-910=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-910=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-910=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libnettle-debugsource-2.7.1-12.1 libnettle-devel-2.7.1-12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libhogweed2-2.7.1-12.1 libhogweed2-debuginfo-2.7.1-12.1 libnettle-debugsource-2.7.1-12.1 libnettle4-2.7.1-12.1 libnettle4-debuginfo-2.7.1-12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libhogweed2-2.7.1-12.1 libhogweed2-debuginfo-2.7.1-12.1 libnettle-debugsource-2.7.1-12.1 libnettle4-2.7.1-12.1 libnettle4-debuginfo-2.7.1-12.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libhogweed2-32bit-2.7.1-12.1 libhogweed2-debuginfo-32bit-2.7.1-12.1 libnettle4-32bit-2.7.1-12.1 libnettle4-debuginfo-32bit-2.7.1-12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libhogweed2-2.7.1-12.1 libhogweed2-32bit-2.7.1-12.1 libhogweed2-debuginfo-2.7.1-12.1 libhogweed2-debuginfo-32bit-2.7.1-12.1 libnettle-debugsource-2.7.1-12.1 libnettle4-2.7.1-12.1 libnettle4-32bit-2.7.1-12.1 libnettle4-debuginfo-2.7.1-12.1 libnettle4-debuginfo-32bit-2.7.1-12.1 References: https://www.suse.com/security/cve/CVE-2016-6489.html https://bugzilla.suse.com/991464 From sle-updates at lists.suse.com Fri Jun 2 13:09:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2017 21:09:09 +0200 (CEST) Subject: SUSE-RU-2017:1484-1: Recommended update for dconf Message-ID: <20170602190909.11078101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for dconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1484-1 Rating: low References: #1025721 #971074 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dconf provides the following fix: - 'dconf update' should set permissions to 0644 on restored missing db files (bsc#1025721, bsc#971074) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-912=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-912=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-912=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-912=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): dconf-debuginfo-0.26.0-11.6 dconf-debugsource-0.26.0-11.6 dconf-devel-0.26.0-11.6 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dconf-0.26.0-11.6 dconf-debuginfo-0.26.0-11.6 dconf-debugsource-0.26.0-11.6 gsettings-backend-dconf-0.26.0-11.6 gsettings-backend-dconf-debuginfo-0.26.0-11.6 libdconf1-0.26.0-11.6 libdconf1-debuginfo-0.26.0-11.6 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dconf-0.26.0-11.6 dconf-debuginfo-0.26.0-11.6 dconf-debugsource-0.26.0-11.6 gsettings-backend-dconf-0.26.0-11.6 gsettings-backend-dconf-debuginfo-0.26.0-11.6 libdconf1-0.26.0-11.6 libdconf1-debuginfo-0.26.0-11.6 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dconf-0.26.0-11.6 dconf-debuginfo-0.26.0-11.6 dconf-debugsource-0.26.0-11.6 gsettings-backend-dconf-0.26.0-11.6 gsettings-backend-dconf-debuginfo-0.26.0-11.6 libdconf1-0.26.0-11.6 libdconf1-debuginfo-0.26.0-11.6 References: https://bugzilla.suse.com/1025721 https://bugzilla.suse.com/971074 From sle-updates at lists.suse.com Mon Jun 5 16:09:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2017 00:09:16 +0200 (CEST) Subject: SUSE-RU-2017:1486-1: Recommended update for vte Message-ID: <20170605220916.9671F101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for vte ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1486-1 Rating: low References: #1021684 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vte fixes the following issues: - Memory leaks in gnome-terminal-server (bsc#1021684) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-916=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-916=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-916=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-916=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): vte-debugsource-0.44.2-8.25 vte-devel-0.44.2-8.25 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvte-2_91-0-0.44.2-8.25 libvte-2_91-0-debuginfo-0.44.2-8.25 typelib-1_0-Vte-2.91-0.44.2-8.25 vte-debugsource-0.44.2-8.25 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): vte-lang-0.44.2-8.25 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libvte-2_91-0-0.44.2-8.25 libvte-2_91-0-debuginfo-0.44.2-8.25 typelib-1_0-Vte-2.91-0.44.2-8.25 vte-debugsource-0.44.2-8.25 - SUSE Linux Enterprise Server 12-SP2 (noarch): vte-lang-0.44.2-8.25 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): vte-lang-0.44.2-8.25 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvte-2_91-0-0.44.2-8.25 libvte-2_91-0-debuginfo-0.44.2-8.25 typelib-1_0-Vte-2.91-0.44.2-8.25 vte-debugsource-0.44.2-8.25 References: https://bugzilla.suse.com/1021684 From sle-updates at lists.suse.com Tue Jun 6 10:10:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2017 18:10:09 +0200 (CEST) Subject: SUSE-RU-2017:1488-1: moderate: Recommended update for libsemanage, selinux-policy Message-ID: <20170606161009.4ACA2101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsemanage, selinux-policy ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1488-1 Rating: moderate References: #1020143 #1032445 #1035818 #1038189 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for libsemanage, selinux-policy fixes the following issues: - Limit to policy version 29 by default. - Fix policy module build failures and wrong policy path on SLE 12 SP2 (bsc#1038189, bsc#1035818, bsc#1020143, bsc#1032445) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-918=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-918=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-918=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-918=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-918=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsemanage-debugsource-2.5-5.1 libsemanage-devel-2.5-5.1 libsemanage-devel-static-2.5-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): selinux-policy-devel-20140730-35.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsemanage-debugsource-2.5-5.1 libsemanage1-2.5-5.1 libsemanage1-debuginfo-2.5-5.1 python-semanage-2.5-5.1 python-semanage-debuginfo-2.5-5.1 python-semanage-debugsource-2.5-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): selinux-policy-20140730-35.1 selinux-policy-devel-20140730-35.1 selinux-policy-minimum-20140730-35.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsemanage-debugsource-2.5-5.1 libsemanage1-2.5-5.1 libsemanage1-debuginfo-2.5-5.1 python-semanage-2.5-5.1 python-semanage-debuginfo-2.5-5.1 python-semanage-debugsource-2.5-5.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): selinux-policy-20140730-35.1 selinux-policy-devel-20140730-35.1 selinux-policy-minimum-20140730-35.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsemanage1-32bit-2.5-5.1 libsemanage1-debuginfo-32bit-2.5-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsemanage-debugsource-2.5-5.1 libsemanage1-2.5-5.1 libsemanage1-32bit-2.5-5.1 libsemanage1-debuginfo-2.5-5.1 libsemanage1-debuginfo-32bit-2.5-5.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsemanage-debugsource-2.5-5.1 libsemanage1-2.5-5.1 libsemanage1-debuginfo-2.5-5.1 References: https://bugzilla.suse.com/1020143 https://bugzilla.suse.com/1032445 https://bugzilla.suse.com/1035818 https://bugzilla.suse.com/1038189 From sle-updates at lists.suse.com Tue Jun 6 10:11:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2017 18:11:04 +0200 (CEST) Subject: SUSE-SU-2017:1489-1: moderate: Security update for ImageMagick Message-ID: <20170606161104.AAA30101C9@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1489-1 Rating: moderate References: #1028075 #1033091 #1034870 #1034872 #1034876 #1036976 #1036977 #1036978 #1036980 #1036981 #1036982 #1036983 #1036984 #1036985 #1036986 #1036987 #1036988 #1036989 #1036990 #1036991 #1037527 #1038000 #1040025 #1040303 #1040304 #1040306 #1040332 Cross-References: CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-6502: Possible file-descriptor leak in libmagickcore that could be triggered via a specially crafted webp file (bsc#1028075). - CVE-2017-7943: The ReadSVGImage function in svg.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034870). Note that this only impacts the built-in SVG implementation. As we use the librsgv implementation, we are not affected. - CVE-2017-7942: The ReadAVSImage function in avs.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034872). - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8347: denial of service (memory leak) via a crafted file (ReadEXRImage func in exr.c) (bsc#1036982) - CVE-2017-8348: denial of service (memory leak) via a crafted file (ReadMATImage func in mat.c) (bsc#1036983) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8354: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c) (bsc#1036989) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8356: denial of service (memory leak) via a crafted file (ReadSUNImage function in sun.c) (bsc#1036991) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-8343: denial of service (memory leak) via a crafted file (ReadAAIImage func in aai.c) (bsc#1036977) - CVE-2017-8357: denial of service (memory leak) via a crafted file (ReadEPTImage func in ept.c) (bsc#1036976) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-917=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-917=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-917=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-917=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-917=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-70.1 ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 libMagick++-6_Q16-3-6.8.8.1-70.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-70.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-70.1 ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 ImageMagick-devel-6.8.8.1-70.1 libMagick++-6_Q16-3-6.8.8.1-70.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.1 libMagick++-devel-6.8.8.1-70.1 perl-PerlMagick-6.8.8.1-70.1 perl-PerlMagick-debuginfo-6.8.8.1-70.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 libMagickCore-6_Q16-1-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1 libMagickWand-6_Q16-1-6.8.8.1-70.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 libMagickCore-6_Q16-1-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1 libMagickWand-6_Q16-1-6.8.8.1-70.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-70.1 ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 libMagick++-6_Q16-3-6.8.8.1-70.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-70.1 libMagickCore-6_Q16-1-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1 libMagickWand-6_Q16-1-6.8.8.1-70.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1 References: https://www.suse.com/security/cve/CVE-2017-6502.html https://www.suse.com/security/cve/CVE-2017-7606.html https://www.suse.com/security/cve/CVE-2017-7941.html https://www.suse.com/security/cve/CVE-2017-7942.html https://www.suse.com/security/cve/CVE-2017-7943.html https://www.suse.com/security/cve/CVE-2017-8343.html https://www.suse.com/security/cve/CVE-2017-8344.html https://www.suse.com/security/cve/CVE-2017-8345.html https://www.suse.com/security/cve/CVE-2017-8346.html https://www.suse.com/security/cve/CVE-2017-8347.html https://www.suse.com/security/cve/CVE-2017-8348.html https://www.suse.com/security/cve/CVE-2017-8349.html https://www.suse.com/security/cve/CVE-2017-8350.html https://www.suse.com/security/cve/CVE-2017-8351.html https://www.suse.com/security/cve/CVE-2017-8352.html https://www.suse.com/security/cve/CVE-2017-8353.html https://www.suse.com/security/cve/CVE-2017-8354.html https://www.suse.com/security/cve/CVE-2017-8355.html https://www.suse.com/security/cve/CVE-2017-8356.html https://www.suse.com/security/cve/CVE-2017-8357.html https://www.suse.com/security/cve/CVE-2017-8765.html https://www.suse.com/security/cve/CVE-2017-8830.html https://www.suse.com/security/cve/CVE-2017-9098.html https://www.suse.com/security/cve/CVE-2017-9141.html https://www.suse.com/security/cve/CVE-2017-9142.html https://www.suse.com/security/cve/CVE-2017-9143.html https://www.suse.com/security/cve/CVE-2017-9144.html https://bugzilla.suse.com/1028075 https://bugzilla.suse.com/1033091 https://bugzilla.suse.com/1034870 https://bugzilla.suse.com/1034872 https://bugzilla.suse.com/1034876 https://bugzilla.suse.com/1036976 https://bugzilla.suse.com/1036977 https://bugzilla.suse.com/1036978 https://bugzilla.suse.com/1036980 https://bugzilla.suse.com/1036981 https://bugzilla.suse.com/1036982 https://bugzilla.suse.com/1036983 https://bugzilla.suse.com/1036984 https://bugzilla.suse.com/1036985 https://bugzilla.suse.com/1036986 https://bugzilla.suse.com/1036987 https://bugzilla.suse.com/1036988 https://bugzilla.suse.com/1036989 https://bugzilla.suse.com/1036990 https://bugzilla.suse.com/1036991 https://bugzilla.suse.com/1037527 https://bugzilla.suse.com/1038000 https://bugzilla.suse.com/1040025 https://bugzilla.suse.com/1040303 https://bugzilla.suse.com/1040304 https://bugzilla.suse.com/1040306 https://bugzilla.suse.com/1040332 From sle-updates at lists.suse.com Tue Jun 6 10:15:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2017 18:15:41 +0200 (CEST) Subject: SUSE-RU-2017:1492-1: Recommended update for ceph Message-ID: <20170606161541.EBF12101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1492-1 Rating: low References: #1008435 #1012100 #1015748 #1019616 #1032408 #970642 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update provides the Ceph client for SUSE Linux Enterprise Server 12 SP2 on the ppc64le and s390x architectures. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-919=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-919=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-919=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-919=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ceph-debugsource-10.2.5+git.1485186403.3a6a822-18.3.3 libcephfs-devel-10.2.5+git.1485186403.3a6a822-18.3.3 librados-devel-10.2.5+git.1485186403.3a6a822-18.3.3 librados-devel-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 libradosstriper-devel-10.2.5+git.1485186403.3a6a822-18.3.3 librbd-devel-10.2.5+git.1485186403.3a6a822-18.3.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ceph-common-10.2.5+git.1485186403.3a6a822-18.3.3 ceph-common-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 ceph-debugsource-10.2.5+git.1485186403.3a6a822-18.3.3 libcephfs1-10.2.5+git.1485186403.3a6a822-18.3.3 libcephfs1-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 librados2-10.2.5+git.1485186403.3a6a822-18.3.3 librados2-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 libradosstriper1-10.2.5+git.1485186403.3a6a822-18.3.3 libradosstriper1-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 librbd1-10.2.5+git.1485186403.3a6a822-18.3.3 librbd1-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 python-cephfs-10.2.5+git.1485186403.3a6a822-18.3.3 python-cephfs-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 python-rados-10.2.5+git.1485186403.3a6a822-18.3.3 python-rados-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 python-rbd-10.2.5+git.1485186403.3a6a822-18.3.3 python-rbd-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ceph-common-10.2.5+git.1485186403.3a6a822-18.3.3 ceph-common-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 ceph-debugsource-10.2.5+git.1485186403.3a6a822-18.3.3 libcephfs1-10.2.5+git.1485186403.3a6a822-18.3.3 libcephfs1-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 librados2-10.2.5+git.1485186403.3a6a822-18.3.3 librados2-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 libradosstriper1-10.2.5+git.1485186403.3a6a822-18.3.3 libradosstriper1-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 librbd1-10.2.5+git.1485186403.3a6a822-18.3.3 librbd1-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 python-cephfs-10.2.5+git.1485186403.3a6a822-18.3.3 python-cephfs-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 python-rados-10.2.5+git.1485186403.3a6a822-18.3.3 python-rados-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 python-rbd-10.2.5+git.1485186403.3a6a822-18.3.3 python-rbd-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ceph-common-10.2.5+git.1485186403.3a6a822-18.3.3 ceph-common-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 ceph-debugsource-10.2.5+git.1485186403.3a6a822-18.3.3 libcephfs1-10.2.5+git.1485186403.3a6a822-18.3.3 libcephfs1-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 librados2-10.2.5+git.1485186403.3a6a822-18.3.3 librados2-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 libradosstriper1-10.2.5+git.1485186403.3a6a822-18.3.3 libradosstriper1-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 librbd1-10.2.5+git.1485186403.3a6a822-18.3.3 librbd1-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 python-cephfs-10.2.5+git.1485186403.3a6a822-18.3.3 python-cephfs-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 python-rados-10.2.5+git.1485186403.3a6a822-18.3.3 python-rados-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 python-rbd-10.2.5+git.1485186403.3a6a822-18.3.3 python-rbd-debuginfo-10.2.5+git.1485186403.3a6a822-18.3.3 References: https://bugzilla.suse.com/1008435 https://bugzilla.suse.com/1012100 https://bugzilla.suse.com/1015748 https://bugzilla.suse.com/1019616 https://bugzilla.suse.com/1032408 https://bugzilla.suse.com/970642 From sle-updates at lists.suse.com Wed Jun 7 13:09:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Jun 2017 21:09:13 +0200 (CEST) Subject: SUSE-RU-2017:1500-1: Recommended update for tcpd Message-ID: <20170607190913.D4AF1101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1500-1 Rating: low References: #1019574 #899185 #914527 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for tcpd provides the following fixes: - Fixes for breakage of IPv6 address handling (bsc#914527, bsc#899185, bsc#1019574) - Use O_CLOEXEC whenever necessary, otherwise fd leaks will follow. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tcpd-13139=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tcpd-13139=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tcpd-13139=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcpd-devel-7.6-858.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): tcpd-devel-32bit-7.6-858.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcpd-7.6-858.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): tcpd-32bit-7.6-858.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): tcpd-x86-7.6-858.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcpd-debuginfo-7.6-858.1 tcpd-debugsource-7.6-858.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): tcpd-debuginfo-32bit-7.6-858.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): tcpd-debuginfo-x86-7.6-858.1 References: https://bugzilla.suse.com/1019574 https://bugzilla.suse.com/899185 https://bugzilla.suse.com/914527 From sle-updates at lists.suse.com Thu Jun 8 07:09:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jun 2017 15:09:38 +0200 (CEST) Subject: SUSE-RU-2017:1503-1: Recommended update for gnome-settings-daemon Message-ID: <20170608130938.8B96A101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-settings-daemon ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1503-1 Rating: low References: #1000599 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-settings-daemon provides the following fix: - Fix some keybindings become unavailable (bsc#1000599) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-923=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-923=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-923=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-923=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-settings-daemon-debuginfo-3.20.1-49.3 gnome-settings-daemon-debugsource-3.20.1-49.3 gnome-settings-daemon-devel-3.20.1-49.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-settings-daemon-3.20.1-49.3 gnome-settings-daemon-debuginfo-3.20.1-49.3 gnome-settings-daemon-debugsource-3.20.1-49.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-settings-daemon-lang-3.20.1-49.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gnome-settings-daemon-3.20.1-49.3 gnome-settings-daemon-debuginfo-3.20.1-49.3 gnome-settings-daemon-debugsource-3.20.1-49.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-settings-daemon-lang-3.20.1-49.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-settings-daemon-lang-3.20.1-49.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-settings-daemon-3.20.1-49.3 gnome-settings-daemon-debuginfo-3.20.1-49.3 gnome-settings-daemon-debugsource-3.20.1-49.3 References: https://bugzilla.suse.com/1000599 From sle-updates at lists.suse.com Thu Jun 8 07:10:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jun 2017 15:10:06 +0200 (CEST) Subject: SUSE-SU-2017:1504-1: moderate: Security update for yodl Message-ID: <20170608131006.78AC5101C9@maintenance.suse.de> SUSE Security Update: Security update for yodl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1504-1 Rating: moderate References: #1040917 Cross-References: CVE-2016-10375 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for yodl fixes the following issues: - CVE-2016-10375: invalid memory read in the function queue_push() could lead to Denial of service (bsc#1040917) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-922=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): yodl-3.03.0-3.1 yodl-debuginfo-3.03.0-3.1 yodl-debugsource-3.03.0-3.1 References: https://www.suse.com/security/cve/CVE-2016-10375.html https://bugzilla.suse.com/1040917 From sle-updates at lists.suse.com Thu Jun 8 10:10:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jun 2017 18:10:41 +0200 (CEST) Subject: SUSE-RU-2017:1508-1: Recommended update for release-notes-sles Message-ID: <20170608161041.EC1F4101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1508-1 Rating: low References: #1009293 #1040470 #1040554 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP2 have been updated to document: - Added Salt to listing for Advanced Systems Management module. (bsc#1040470) - Added URL detailing life cycle of packages in SLE modules. - Ceph Client Support on z Systems and POWER. (fate#321098) - Virtualization: Supported Disks Formats and Protocols. (fate#317891) - No Support for Samba as AD-Style Domain Controller. (fate#320709) - Network Interfaces Configured via linuxrc. (fate#321358) - KVM and Xen limits. (bsc#1009293) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-926=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-926=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): release-notes-sles-12.2.20170602-5.22.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): release-notes-sles-12.2.20170602-5.22.1 References: https://bugzilla.suse.com/1009293 https://bugzilla.suse.com/1040470 https://bugzilla.suse.com/1040554 From sle-updates at lists.suse.com Thu Jun 8 10:11:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jun 2017 18:11:27 +0200 (CEST) Subject: SUSE-RU-2017:1509-1: Recommended update for freetype2 Message-ID: <20170608161127.9258F101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1509-1 Rating: low References: #1038506 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for freetype2 fixes an issue within handling of very large fonts which could lead to corrupted characters in the boot splash screen of systems configured to use the Korean language. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-925=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-925=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-925=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-925=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.10.1 freetype2-devel-2.6.3-7.10.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): freetype2-debugsource-2.6.3-7.10.1 ft2demos-2.6.3-7.10.1 libfreetype6-2.6.3-7.10.1 libfreetype6-debuginfo-2.6.3-7.10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): freetype2-debugsource-2.6.3-7.10.1 ft2demos-2.6.3-7.10.1 libfreetype6-2.6.3-7.10.1 libfreetype6-debuginfo-2.6.3-7.10.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libfreetype6-32bit-2.6.3-7.10.1 libfreetype6-debuginfo-32bit-2.6.3-7.10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): freetype2-debugsource-2.6.3-7.10.1 ft2demos-2.6.3-7.10.1 libfreetype6-2.6.3-7.10.1 libfreetype6-32bit-2.6.3-7.10.1 libfreetype6-debuginfo-2.6.3-7.10.1 libfreetype6-debuginfo-32bit-2.6.3-7.10.1 References: https://bugzilla.suse.com/1038506 From sle-updates at lists.suse.com Thu Jun 8 10:13:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jun 2017 18:13:03 +0200 (CEST) Subject: SUSE-RU-2017:1512-1: Recommended update for shotwell Message-ID: <20170608161303.09799101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for shotwell ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1512-1 Rating: low References: #943556 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for shotwell fixes support for publishing images to Facebook. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-928=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-928=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): shotwell-lang-0.22.0+git.20160103-14.4 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): shotwell-0.22.0+git.20160103-14.4 shotwell-debuginfo-0.22.0+git.20160103-14.4 shotwell-debugsource-0.22.0+git.20160103-14.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): shotwell-0.22.0+git.20160103-14.4 shotwell-debuginfo-0.22.0+git.20160103-14.4 shotwell-debugsource-0.22.0+git.20160103-14.4 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): shotwell-lang-0.22.0+git.20160103-14.4 References: https://bugzilla.suse.com/943556 From sle-updates at lists.suse.com Thu Jun 8 10:25:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jun 2017 18:25:17 +0200 (CEST) Subject: SUSE-RU-2017:1514-1: Recommended update for file-roller Message-ID: <20170608162517.24189101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for file-roller ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1514-1 Rating: low References: #1022082 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for file-roller provides the following fixes: - Fix segmentation fault after extracting a file. (bsc#1022082) - Fix integer overflow when comparing large files/directories. - Show the 'open destination' dialog only when using --notify. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-929=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-929=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-929=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): file-roller-3.20.3-14.17 file-roller-debuginfo-3.20.3-14.17 file-roller-debugsource-3.20.3-14.17 nautilus-file-roller-3.20.3-14.17 nautilus-file-roller-debuginfo-3.20.3-14.17 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): file-roller-lang-3.20.3-14.17 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): file-roller-3.20.3-14.17 file-roller-debuginfo-3.20.3-14.17 file-roller-debugsource-3.20.3-14.17 nautilus-file-roller-3.20.3-14.17 nautilus-file-roller-debuginfo-3.20.3-14.17 - SUSE Linux Enterprise Server 12-SP2 (noarch): file-roller-lang-3.20.3-14.17 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): file-roller-3.20.3-14.17 file-roller-debuginfo-3.20.3-14.17 file-roller-debugsource-3.20.3-14.17 nautilus-file-roller-3.20.3-14.17 nautilus-file-roller-debuginfo-3.20.3-14.17 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): file-roller-lang-3.20.3-14.17 References: https://bugzilla.suse.com/1022082 From sle-updates at lists.suse.com Thu Jun 8 10:26:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jun 2017 18:26:14 +0200 (CEST) Subject: SUSE-RU-2017:1517-1: Recommended update for release-notes-sles Message-ID: <20170608162614.634F2101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1517-1 Rating: low References: #1042483 #1042484 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP1 have been updated to document: - Added URL detailing life cycle of packages in SLE modules. - The YaST Module for SSH Server Configuration Has Been Removed. (fate#323175) - Virtualization: Supported Disks Formats and Protocols. (fate#317891) - Docker Orchestration Is Not Supported. (fate#321136) - Software Requiring Specific Contracts. (fate#316990) - SELinux Enablement. (fate#317116) - Upgrading SMT Database Schema and Engine. (fate#319135) - No Support for Samba as Active Directory-Style Domain Controller. (fate#320709) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-924=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-924=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): release-notes-sles-12.1.20170602-25.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): release-notes-sles-12.1.20170602-25.15.1 References: https://bugzilla.suse.com/1042483 https://bugzilla.suse.com/1042484 From sle-updates at lists.suse.com Thu Jun 8 10:26:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Jun 2017 18:26:42 +0200 (CEST) Subject: SUSE-RU-2017:1518-1: Recommended update for release-notes-sled Message-ID: <20170608162642.38CE4101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1518-1 Rating: low References: #1042486 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE Linux Enterprise Desktop 12 SP2 have been updated to document: - Added Package Hub and SDK to related products list. - No Support for Samba as Active Directory-Style Domain Controller. (fate#320709) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-927=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-927=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): release-notes-sled-12.2.20170602-18.9.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): release-notes-sled-12.2.20170602-18.9.1 References: https://bugzilla.suse.com/1042486 From sle-updates at lists.suse.com Thu Jun 8 22:09:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2017 06:09:13 +0200 (CEST) Subject: SUSE-RU-2017:1519-1: Recommended update for yast2-packager Message-ID: <20170609040913.E649D101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1519-1 Rating: low References: #1014861 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-packager provides the following fix: - Fix SLES4SAP autoupgrade with SUSE Manager repositories (bsc#1014861) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-930=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-930=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-930=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-packager-3.1.122-30.14.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-packager-3.1.122-30.14.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-packager-3.1.122-30.14.2 References: https://bugzilla.suse.com/1014861 From sle-updates at lists.suse.com Fri Jun 9 07:09:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2017 15:09:17 +0200 (CEST) Subject: SUSE-RU-2017:1522-1: Recommended update for gnome-control-center Message-ID: <20170609130917.E63B7101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1522-1 Rating: low References: #1037234 #890385 #993381 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for gnome-control-center brings back the "shutdown" and "interactive" power key actions in "Power" panel. Additionally, the total disc size of btrfs sub-volumes is now displayed correctly in the information panel. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-932=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-932=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-932=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-932=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-932=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gnome-control-center-color-3.20.1-48.11 gnome-control-center-debuginfo-3.20.1-48.11 gnome-control-center-debugsource-3.20.1-48.11 gnome-control-center-goa-3.20.1-48.11 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-control-center-debuginfo-3.20.1-48.11 gnome-control-center-debugsource-3.20.1-48.11 gnome-control-center-devel-3.20.1-48.11 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-control-center-3.20.1-48.11 gnome-control-center-debuginfo-3.20.1-48.11 gnome-control-center-debugsource-3.20.1-48.11 gnome-control-center-user-faces-3.20.1-48.11 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-control-center-lang-3.20.1-48.11 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gnome-control-center-3.20.1-48.11 gnome-control-center-debuginfo-3.20.1-48.11 gnome-control-center-debugsource-3.20.1-48.11 gnome-control-center-user-faces-3.20.1-48.11 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-control-center-lang-3.20.1-48.11 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-control-center-3.20.1-48.11 gnome-control-center-color-3.20.1-48.11 gnome-control-center-debuginfo-3.20.1-48.11 gnome-control-center-debugsource-3.20.1-48.11 gnome-control-center-goa-3.20.1-48.11 gnome-control-center-user-faces-3.20.1-48.11 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-control-center-lang-3.20.1-48.11 References: https://bugzilla.suse.com/1037234 https://bugzilla.suse.com/890385 https://bugzilla.suse.com/993381 From sle-updates at lists.suse.com Fri Jun 9 07:10:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2017 15:10:04 +0200 (CEST) Subject: SUSE-RU-2017:1523-1: Recommended update for cups-pk-helper Message-ID: <20170609131004.6D092101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for cups-pk-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1523-1 Rating: low References: #1033742 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cups-pk-helper adds support for handling printers names containing UTF-8 characters. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-931=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-931=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-931=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): cups-pk-helper-0.2.5-5.1 cups-pk-helper-debuginfo-0.2.5-5.1 cups-pk-helper-debugsource-0.2.5-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): cups-pk-helper-lang-0.2.5-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): cups-pk-helper-0.2.5-5.1 cups-pk-helper-debuginfo-0.2.5-5.1 cups-pk-helper-debugsource-0.2.5-5.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): cups-pk-helper-lang-0.2.5-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): cups-pk-helper-lang-0.2.5-5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): cups-pk-helper-0.2.5-5.1 cups-pk-helper-debuginfo-0.2.5-5.1 cups-pk-helper-debugsource-0.2.5-5.1 References: https://bugzilla.suse.com/1033742 From sle-updates at lists.suse.com Fri Jun 9 10:09:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2017 18:09:48 +0200 (CEST) Subject: SUSE-RU-2017:1524-1: Recommended update for nss_ldap Message-ID: <20170609160948.0CBC2101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for nss_ldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1524-1 Rating: low References: #986858 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nss_ldap fixes a buffer management issue between glibc and LDAP. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-934=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-934=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-934=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): nss_ldap-265-35.12 nss_ldap-debuginfo-265-35.12 nss_ldap-debugsource-265-35.12 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): nss_ldap-265-35.12 nss_ldap-debuginfo-265-35.12 nss_ldap-debugsource-265-35.12 - SUSE Linux Enterprise Server 12-SP2 (x86_64): nss_ldap-32bit-265-35.12 nss_ldap-debuginfo-32bit-265-35.12 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): nss_ldap-265-35.12 nss_ldap-32bit-265-35.12 nss_ldap-debuginfo-265-35.12 nss_ldap-debuginfo-32bit-265-35.12 nss_ldap-debugsource-265-35.12 References: https://bugzilla.suse.com/986858 From sle-updates at lists.suse.com Fri Jun 9 10:10:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2017 18:10:20 +0200 (CEST) Subject: SUSE-RU-2017:1525-1: Recommended update for supportutils Message-ID: <20170609161020.B0AC9101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1525-1 Rating: low References: #1013119 #1026175 #1030448 #1035683 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for supportutils provides the following fixes: - Fixed IFS in iscsi_info. (bsc#1030448) - Added -T to dmesg for readability. (bsc#1013119) - Removed kpagecgroup in proc.txt. (bsc#1026175) - Fixed ocfs2 processing when not configured. (bsc#1035683) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-936=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-936=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-936=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-936=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-936=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-936=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-936=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): supportutils-3.0-94.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): supportutils-3.0-94.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): supportutils-3.0-94.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): supportutils-3.0-94.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): supportutils-3.0-94.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): supportutils-3.0-94.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): supportutils-3.0-94.1 References: https://bugzilla.suse.com/1013119 https://bugzilla.suse.com/1026175 https://bugzilla.suse.com/1030448 https://bugzilla.suse.com/1035683 From sle-updates at lists.suse.com Fri Jun 9 10:11:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2017 18:11:17 +0200 (CEST) Subject: SUSE-RU-2017:1526-1: Recommended update for gnome-system-monitor, libgtop Message-ID: <20170609161117.ABB98101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-system-monitor, libgtop ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1526-1 Rating: low References: #1020294 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-system-monitor and libgtop provides the following fixes: - Add a scrollbar to the resources tab. (bsc#1020294) - Dynamically allocate memory for buffer when reading /proc/cpuinfo. (bsc#1020294) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-933=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-933=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-933=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-933=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libgtop-debugsource-2.34.1-9.1 libgtop-devel-2.34.1-9.1 typelib-1_0-GTop-2_0-2.34.1-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-system-monitor-3.20.1-6.25 gnome-system-monitor-debuginfo-3.20.1-6.25 gnome-system-monitor-debugsource-3.20.1-6.25 libgtop-2_0-10-2.34.1-9.1 libgtop-2_0-10-debuginfo-2.34.1-9.1 libgtop-debugsource-2.34.1-9.1 libgtop-doc-2.34.1-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-system-monitor-lang-3.20.1-6.25 libgtop-lang-2.34.1-9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gnome-system-monitor-3.20.1-6.25 gnome-system-monitor-debuginfo-3.20.1-6.25 gnome-system-monitor-debugsource-3.20.1-6.25 libgtop-2_0-10-2.34.1-9.1 libgtop-2_0-10-debuginfo-2.34.1-9.1 libgtop-debugsource-2.34.1-9.1 libgtop-doc-2.34.1-9.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-system-monitor-lang-3.20.1-6.25 libgtop-lang-2.34.1-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-system-monitor-3.20.1-6.25 gnome-system-monitor-debuginfo-3.20.1-6.25 gnome-system-monitor-debugsource-3.20.1-6.25 libgtop-2_0-10-2.34.1-9.1 libgtop-2_0-10-debuginfo-2.34.1-9.1 libgtop-debugsource-2.34.1-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-system-monitor-lang-3.20.1-6.25 libgtop-lang-2.34.1-9.1 References: https://bugzilla.suse.com/1020294 From sle-updates at lists.suse.com Fri Jun 9 10:11:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2017 18:11:49 +0200 (CEST) Subject: SUSE-RU-2017:1527-1: Recommended update for libqca2 Message-ID: <20170609161149.BA48B101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqca2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1527-1 Rating: low References: #995723 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libqca2 provides the following fix: - Allow md5 in FIPS mode (bsc#995723) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-935=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-935=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-935=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-935=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libqca2-debuginfo-2.0.3-16.1 libqca2-debugsource-2.0.3-16.1 libqca2-devel-2.0.3-16.1 libqca2-devel-debuginfo-2.0.3-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libqca2-2.0.3-16.1 libqca2-debuginfo-2.0.3-16.1 libqca2-debugsource-2.0.3-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libqca2-2.0.3-16.1 libqca2-debuginfo-2.0.3-16.1 libqca2-debugsource-2.0.3-16.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libqca2-32bit-2.0.3-16.1 libqca2-debuginfo-32bit-2.0.3-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libqca2-2.0.3-16.1 libqca2-32bit-2.0.3-16.1 libqca2-debuginfo-2.0.3-16.1 libqca2-debuginfo-32bit-2.0.3-16.1 libqca2-debugsource-2.0.3-16.1 References: https://bugzilla.suse.com/995723 From sle-updates at lists.suse.com Fri Jun 9 13:09:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2017 21:09:01 +0200 (CEST) Subject: SUSE-RU-2017:1528-1: Recommended update for vncmanager Message-ID: <20170609190901.1D548101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for vncmanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1528-1 Rating: low References: #1037192 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vncmanager provides the following fix: - Prevent an exception from single client terminating the whole server (bsc#1037192) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-937=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-937=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-937=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): vncmanager-1.0.0-4.3 vncmanager-debuginfo-1.0.0-4.3 vncmanager-debugsource-1.0.0-4.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): vncmanager-1.0.0-4.3 vncmanager-debuginfo-1.0.0-4.3 vncmanager-debugsource-1.0.0-4.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): vncmanager-1.0.0-4.3 vncmanager-debuginfo-1.0.0-4.3 vncmanager-debugsource-1.0.0-4.3 References: https://bugzilla.suse.com/1037192 From sle-updates at lists.suse.com Fri Jun 9 19:09:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Jun 2017 03:09:16 +0200 (CEST) Subject: SUSE-RU-2017:1529-1: Recommended update for susestudio Message-ID: <20170610010916.6DCC6101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for susestudio ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1529-1 Rating: low References: #1002715 #983999 #987081 #993792 #994647 #995517 Affected Products: SUSE Studio Onsite Runner 1.3 SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: SUSE Studio was updated to version 1.3.15. This provides templates for SLE12 SP2 for x86_64 and includes bug fixes for: - After update to external SLMS server appliances cannot register. (bsc#987081) - SLE 12 Appliance build does not include GPG keys from base product. (bsc#983999) - Unable to build appliance when LVM volumes include "/". (bsc#994647) - SLES 12-SP1 Studio guest image for XEN fails to load. (bsc#1002715) - UEFI boot looses failsafe option after first boot. (bsc#993792) - Building Amazon EC2 image fails. (bsc#995517) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite Runner 1.3: zypper in -t patch slestso13-susestudio-13140=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-13140=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite Runner 1.3 (s390x): susestudio-bundled-packages-1.3.15-55.3 susestudio-common-1.3.15-55.3 susestudio-runner-1.3.15-55.3 susestudio-ui-server-1.3.15-55.3 - SUSE Studio Onsite 1.3 (x86_64): Containment-Studio-SLE11_SP3-5.05.90-20170518111530 Containment-Studio-SLE11_SP4-5.05.90-20170518111747 Containment-Studio-SLE12_SP2-7.03.107-20170518124751 susestudio-1.3.15-55.3 susestudio-bundled-packages-1.3.15-55.3 susestudio-common-1.3.15-55.3 susestudio-runner-1.3.15-55.3 susestudio-sid-1.3.15-55.3 susestudio-ui-server-1.3.15-55.3 References: https://bugzilla.suse.com/1002715 https://bugzilla.suse.com/983999 https://bugzilla.suse.com/987081 https://bugzilla.suse.com/993792 https://bugzilla.suse.com/994647 https://bugzilla.suse.com/995517 From sle-updates at lists.suse.com Mon Jun 12 07:10:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2017 15:10:07 +0200 (CEST) Subject: SUSE-SU-2017:1538-1: moderate: Security update for libxml2 Message-ID: <20170612131007.D881C101C9@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1538-1 Rating: moderate References: #1039063 #1039064 #1039066 #1039069 #1039661 Cross-References: CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for libxml2 fixes the following security issues: * CVE-2017-9050: A heap-based buffer over-read in xmlDictAddString (bsc#1039069, bsc#1039661) * CVE-2017-9049: A heap-based buffer overflow in xmlDictComputeFastKey (bsc#1039066) * CVE-2017-9048: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039063) * CVE-2017-9047: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039064) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-939=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-939=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-939=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-939=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-939=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-39.2 libxml2-devel-2.9.4-39.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxml2-2-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 libxml2-tools-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 python-libxml2-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libxml2-doc-2.9.4-39.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libxml2-2-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 libxml2-tools-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 python-libxml2-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): libxml2-doc-2.9.4-39.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libxml2-2-32bit-2.9.4-39.2 libxml2-2-debuginfo-32bit-2.9.4-39.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libxml2-2-2.9.4-39.2 libxml2-2-32bit-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-2-debuginfo-32bit-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 libxml2-tools-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 python-libxml2-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libxml2-2-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 References: https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://bugzilla.suse.com/1039063 https://bugzilla.suse.com/1039064 https://bugzilla.suse.com/1039066 https://bugzilla.suse.com/1039069 https://bugzilla.suse.com/1039661 From sle-updates at lists.suse.com Mon Jun 12 10:10:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2017 18:10:20 +0200 (CEST) Subject: SUSE-RU-2017:1544-1: Recommended update for vpnc Message-ID: <20170612161020.BF25EF7A2@maintenance.suse.de> SUSE Recommended Update: Recommended update for vpnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1544-1 Rating: low References: #882789 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vpnc provides the following fixes: - Return the correct exit code on authentication fail. (bsc#882789) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-940=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-940=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): vpnc-0.5.3r517-9.1 vpnc-debuginfo-0.5.3r517-9.1 vpnc-debugsource-0.5.3r517-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): vpnc-0.5.3r517-9.1 vpnc-debuginfo-0.5.3r517-9.1 vpnc-debugsource-0.5.3r517-9.1 References: https://bugzilla.suse.com/882789 From sle-updates at lists.suse.com Mon Jun 12 10:10:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2017 18:10:52 +0200 (CEST) Subject: SUSE-RU-2017:1545-1: Recommended update for openstack-neutron Message-ID: <20170612161052.C4E15101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1545-1 Rating: low References: #1038011 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-neutron, -neutron-fwaas, -neutron-lbaas and -neutron-vpnaas provides the latest code from OpenStack Newton. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-941=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-neutron-9.3.2~a0~dev20-6.1 openstack-neutron-dhcp-agent-9.3.2~a0~dev20-6.1 openstack-neutron-doc-9.3.2~a0~dev20-6.2 openstack-neutron-fwaas-9.0.2~a0~dev3-3.1 openstack-neutron-fwaas-doc-9.0.2~a0~dev3-3.2 openstack-neutron-ha-tool-9.3.2~a0~dev20-6.1 openstack-neutron-l3-agent-9.3.2~a0~dev20-6.1 openstack-neutron-lbaas-9.2.1~a0~dev11-3.1 openstack-neutron-lbaas-agent-9.2.1~a0~dev11-3.1 openstack-neutron-lbaas-doc-9.2.1~a0~dev11-3.1 openstack-neutron-linuxbridge-agent-9.3.2~a0~dev20-6.1 openstack-neutron-macvtap-agent-9.3.2~a0~dev20-6.1 openstack-neutron-metadata-agent-9.3.2~a0~dev20-6.1 openstack-neutron-metering-agent-9.3.2~a0~dev20-6.1 openstack-neutron-openvswitch-agent-9.3.2~a0~dev20-6.1 openstack-neutron-server-9.3.2~a0~dev20-6.1 openstack-neutron-vpn-agent-9.0.1~a0~dev2-4.1 openstack-neutron-vpnaas-9.0.1~a0~dev2-4.1 openstack-neutron-vpnaas-doc-9.0.1~a0~dev2-4.1 openstack-neutron-vyatta-agent-9.0.1~a0~dev2-4.1 python-neutron-9.3.2~a0~dev20-6.1 python-neutron-fwaas-9.0.2~a0~dev3-3.1 python-neutron-lbaas-9.2.1~a0~dev11-3.1 python-neutron-vpnaas-9.0.1~a0~dev2-4.1 References: https://bugzilla.suse.com/1038011 From sle-updates at lists.suse.com Mon Jun 12 13:09:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2017 21:09:16 +0200 (CEST) Subject: SUSE-RU-2017:1547-1: Recommended update for cups Message-ID: <20170612190916.40100101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for cups ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1547-1 Rating: low References: #1021133 #955432 #990045 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cups fixes the following issues: - Avahi sends an ALL_FOR_NOW event when it finishes sending its cache contents. This patch makes cupsEnumDests finish when the signal is received so it doesn't block the caller until the timeout finishes. (bsc#955432, fate#322052) - The scheduler didn't log messages for jobs at LogLevel "info". (bsc#1021133, bsc#990045) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-943=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-943=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-943=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-943=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): cups-ddk-1.7.5-19.1 cups-ddk-debuginfo-1.7.5-19.1 cups-debuginfo-1.7.5-19.1 cups-debugsource-1.7.5-19.1 cups-devel-1.7.5-19.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): cups-1.7.5-19.1 cups-client-1.7.5-19.1 cups-client-debuginfo-1.7.5-19.1 cups-debuginfo-1.7.5-19.1 cups-debugsource-1.7.5-19.1 cups-libs-1.7.5-19.1 cups-libs-debuginfo-1.7.5-19.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): cups-1.7.5-19.1 cups-client-1.7.5-19.1 cups-client-debuginfo-1.7.5-19.1 cups-debuginfo-1.7.5-19.1 cups-debugsource-1.7.5-19.1 cups-libs-1.7.5-19.1 cups-libs-debuginfo-1.7.5-19.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): cups-libs-32bit-1.7.5-19.1 cups-libs-debuginfo-32bit-1.7.5-19.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): cups-1.7.5-19.1 cups-client-1.7.5-19.1 cups-client-debuginfo-1.7.5-19.1 cups-debuginfo-1.7.5-19.1 cups-debugsource-1.7.5-19.1 cups-libs-1.7.5-19.1 cups-libs-32bit-1.7.5-19.1 cups-libs-debuginfo-1.7.5-19.1 cups-libs-debuginfo-32bit-1.7.5-19.1 References: https://bugzilla.suse.com/1021133 https://bugzilla.suse.com/955432 https://bugzilla.suse.com/990045 From sle-updates at lists.suse.com Tue Jun 13 07:09:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 15:09:36 +0200 (CEST) Subject: SUSE-RU-2017:1548-1: Recommended update for python-keystonemiddleware Message-ID: <20170613130936.B1454101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-keystonemiddleware ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1548-1 Rating: low References: #1029939 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-keystonemiddleware fixes the following issues: - Create signing_dir upon first usage. (bsc#1029939) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-946=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): python-keystonemiddleware-2.3.1-3.1 References: https://bugzilla.suse.com/1029939 From sle-updates at lists.suse.com Tue Jun 13 07:10:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 15:10:00 +0200 (CEST) Subject: SUSE-RU-2017:1549-1: Recommended update for openstack-nova Message-ID: <20170613131000.6BD3B101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1549-1 Rating: low References: #1038010 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-nova provides the latest code from OpenStack Liberty. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-947=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-nova-12.0.6~a0~dev2-14.1 openstack-nova-api-12.0.6~a0~dev2-14.1 openstack-nova-cells-12.0.6~a0~dev2-14.1 openstack-nova-cert-12.0.6~a0~dev2-14.1 openstack-nova-compute-12.0.6~a0~dev2-14.1 openstack-nova-conductor-12.0.6~a0~dev2-14.1 openstack-nova-console-12.0.6~a0~dev2-14.1 openstack-nova-consoleauth-12.0.6~a0~dev2-14.1 openstack-nova-doc-12.0.6~a0~dev2-14.1 openstack-nova-novncproxy-12.0.6~a0~dev2-14.1 openstack-nova-objectstore-12.0.6~a0~dev2-14.1 openstack-nova-scheduler-12.0.6~a0~dev2-14.1 openstack-nova-serialproxy-12.0.6~a0~dev2-14.1 openstack-nova-vncproxy-12.0.6~a0~dev2-14.1 python-nova-12.0.6~a0~dev2-14.1 References: https://bugzilla.suse.com/1038010 From sle-updates at lists.suse.com Tue Jun 13 07:10:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 15:10:21 +0200 (CEST) Subject: SUSE-RU-2017:1550-1: Recommended update for rubygem-rest-client Message-ID: <20170613131021.0E0D5101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-rest-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1550-1 Rating: low References: #1038010 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-rest-client fixes the following issues: - Refresh digest-auth path to support insecure SSL. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-948=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-rest-client-2.0.0-5.1 References: https://bugzilla.suse.com/1038010 From sle-updates at lists.suse.com Tue Jun 13 07:10:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 15:10:56 +0200 (CEST) Subject: SUSE-RU-2017:1552-1: Recommended update for python-openstackclient Message-ID: <20170613131056.CF728101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-openstackclient ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1552-1 Rating: low References: #1034062 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-openstackclient fixes the following issues: - Fix reversed block/shared migration options. (bsc#1034062) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-945=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): python-openstackclient-1.7.2-7.1 References: https://bugzilla.suse.com/1034062 From sle-updates at lists.suse.com Tue Jun 13 10:09:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 18:09:51 +0200 (CEST) Subject: SUSE-RU-2017:1553-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20170613160951.924A4101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1553-1 Rating: moderate References: #1013876 #1038483 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: osad: - Require rhnlib version with i18n module. (bsc#1038483) - Fix TypeError: descriptor 'with_traceback'. - Remove running rhn_check on osad start. - Require spacewalk-usix instead of spacewalk-backend-usix. - Fix osa_dispatcher so it can successfully register with jabberd. - Align with upstream versioning. rhn-custom-info: - Updated links to github in spec files. rhn-virtualization: - Require spacewalk-usix instead of spacewalk-backend-usix. rhncfg: - Add password configuration option to rhncfg-manager. - Require rhnlib version with i18n module. (bsc#1038483) - Fix missing import in rhncfg. - Symlink target overwritten when the symlink is replaced by a file managed by rhncfg-client. - Require spacewalk-usix instead of spacewalk-backend-usix. rhnlib: - Updated links to github in spec files. rhnpush: - Pylint fixes in rhnpush. - Require spacewalk-usix instead of spacewalk-backend-usix. spacecmd: - Remove get_certificateexpiration support in spacecmd. (bsc#1013876) - Adding softwarechannel_listmanageablechannels. - Fix syntax error. - Make sure to know if we get into default function and exit accordingly. - Exit with 1 with incorrect command, wrong server, etc. - Print also systemdid with system name. - Print profile_name instead of string we're searching for. - Fix interactive mode. - Add a type parameter to repo_create. spacewalk-backend-libs: - Updating help and man page. - Python3 compatibility changes. - Require spacewalk-usix instead of spacewalk-backend-usix. spacewalk-client-tools: - Enable detection of Oracle Linux during registration. - Fix UnicodeDecodeError when running rhnreg_ks with a different locale than en_US. - Fix rhn_register crashing on startup on Python < 2.5. spacewalk-koan: - Updated links to github in spec files. spacewalk-oscap: - Require openscap-utils on rhel for backward compatibility. spacewalk-remote-utils: - Update spacewalk-remote-utils with RHEL 6.9 channel definitions. spacewalksd: - Updated links to github in spec files. supportutils-plugin-susemanager-client: - Updated links to github in spec files. suseRegisterInfo: - Updated links to github in spec files. supportutils-plugin-salt: - Add logs and extra info, code refactorings. spacewalk-usix: - New library for writing code that runs on Python 2 and 3. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201705-13142=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201705-13142=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): rhnlib-2.7.2.1-11.2 spacecmd-2.7.8.3-17.2 spacewalk-backend-libs-2.7.73.3-27.2 spacewalk-usix-2.7.5.2-2.2 spacewalksd-5.0.26.2-8.2 suseRegisterInfo-3.1.1-5.2 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): osa-common-5.11.80.2-8.2 osad-5.11.80.2-8.2 rhn-custom-info-5.4.33.2-5.8 rhn-virtualization-common-5.4.57.1-5.9 rhn-virtualization-host-5.4.57.1-5.9 rhncfg-5.10.103.2-5.6 rhncfg-actions-5.10.103.2-5.6 rhncfg-client-5.10.103.2-5.6 rhncfg-management-5.10.103.2-5.6 rhnpush-5.5.104.1-5.8 spacewalk-check-2.7.6.2-26.2 spacewalk-client-setup-2.7.6.2-26.2 spacewalk-client-tools-2.7.6.2-26.2 spacewalk-koan-2.7.0.2-8.3 spacewalk-oscap-2.7.0.3-5.3 spacewalk-remote-utils-2.7.4.1-5.2 supportutils-plugin-salt-1.1.1-5.2 supportutils-plugin-susemanager-client-3.1.1-8.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): rhnlib-2.7.2.1-11.2 spacecmd-2.7.8.3-17.2 spacewalk-backend-libs-2.7.73.3-27.2 spacewalk-usix-2.7.5.2-2.2 spacewalksd-5.0.26.2-8.2 suseRegisterInfo-3.1.1-5.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): osa-common-5.11.80.2-8.2 osad-5.11.80.2-8.2 rhn-custom-info-5.4.33.2-5.8 rhn-virtualization-common-5.4.57.1-5.9 rhn-virtualization-host-5.4.57.1-5.9 rhncfg-5.10.103.2-5.6 rhncfg-actions-5.10.103.2-5.6 rhncfg-client-5.10.103.2-5.6 rhncfg-management-5.10.103.2-5.6 rhnpush-5.5.104.1-5.8 spacewalk-check-2.7.6.2-26.2 spacewalk-client-setup-2.7.6.2-26.2 spacewalk-client-tools-2.7.6.2-26.2 spacewalk-koan-2.7.0.2-8.3 spacewalk-oscap-2.7.0.3-5.3 spacewalk-remote-utils-2.7.4.1-5.2 supportutils-plugin-salt-1.1.1-5.2 supportutils-plugin-susemanager-client-3.1.1-8.2 References: https://bugzilla.suse.com/1013876 https://bugzilla.suse.com/1038483 From sle-updates at lists.suse.com Tue Jun 13 10:10:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 18:10:28 +0200 (CEST) Subject: SUSE-RU-2017:1554-1: Recommended update for libosinfo, virt-manager Message-ID: <20170613161028.45442101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libosinfo, virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1554-1 Rating: low References: #1036935 #976796 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libosinfo, virt-manager fixes the following issues: - virt-install(1) extra-args don't work because --location cannot validate install directory. (bsc#1036935) - virt-manager(1) does not show up in applications menu. (bsc#976796) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-950=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-950=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-950=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-950=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libosinfo-debuginfo-0.3.0-15.3.7 libosinfo-debugsource-0.3.0-15.3.7 libosinfo-devel-0.3.0-15.3.7 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libosinfo-0.3.0-15.3.7 libosinfo-1_0-0-0.3.0-15.3.7 libosinfo-1_0-0-debuginfo-0.3.0-15.3.7 libosinfo-debuginfo-0.3.0-15.3.7 libosinfo-debugsource-0.3.0-15.3.7 typelib-1_0-Libosinfo-1_0-0.3.0-15.3.7 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libosinfo-lang-0.3.0-15.3.7 virt-install-1.4.0-21.3.6 virt-manager-1.4.0-21.3.6 virt-manager-common-1.4.0-21.3.6 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libosinfo-0.3.0-15.3.7 libosinfo-1_0-0-0.3.0-15.3.7 libosinfo-1_0-0-debuginfo-0.3.0-15.3.7 libosinfo-debuginfo-0.3.0-15.3.7 libosinfo-debugsource-0.3.0-15.3.7 typelib-1_0-Libosinfo-1_0-0.3.0-15.3.7 - SUSE Linux Enterprise Server 12-SP2 (noarch): libosinfo-lang-0.3.0-15.3.7 virt-install-1.4.0-21.3.6 virt-manager-1.4.0-21.3.6 virt-manager-common-1.4.0-21.3.6 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libosinfo-0.3.0-15.3.7 libosinfo-1_0-0-0.3.0-15.3.7 libosinfo-1_0-0-debuginfo-0.3.0-15.3.7 libosinfo-debuginfo-0.3.0-15.3.7 libosinfo-debugsource-0.3.0-15.3.7 typelib-1_0-Libosinfo-1_0-0.3.0-15.3.7 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libosinfo-lang-0.3.0-15.3.7 virt-install-1.4.0-21.3.6 virt-manager-1.4.0-21.3.6 virt-manager-common-1.4.0-21.3.6 References: https://bugzilla.suse.com/1036935 https://bugzilla.suse.com/976796 From sle-updates at lists.suse.com Tue Jun 13 10:11:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 18:11:07 +0200 (CEST) Subject: SUSE-RU-2017:1555-1: Recommended update for suse-xsl-stylesheets Message-ID: <20170613161107.5D240101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-xsl-stylesheets ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1555-1 Rating: low References: #1032909 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides suse-xsl-stylesheets 2.0.7.2, which brings fixes and enhancements: SUSE Word List for aspell: - Removed duplicate and invalid words - Added more words from the SUSE Enterprise Storage and SUSE OpenStack Cloud documentation. Stylesheets (common): - Add a compact style for admonitions, enabled by role="compact" attribute - Fix zh_TW of "Procedure" in certain circumstances - Remove empty paras - Translation fixes for zh_CN, zh_TW - Support of performance="optional" in step - Do not output empty paras - Make links and xrefs within remarks readable. Stylesheets (HTML): - Fix superscript/subscript styles. Stylesheets (XHTML): - Old "suse" stylesheets: fix breadcrumbs - Add a caution icon to HTML Stylesheets (PDF): - Make sure procedures appear in qandasets - Color commands in screens green for consistency with HTML version - Remove hyphenations from ToC and titles - Use text scaling capabilities for all text - Use sans font for intra-xrefs Packaging: - On non-SLE platforms, require liberation2-fonts instead of liberation-fonts - Fixed post/postun segments of spec file. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-949=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): suse-xsl-stylesheets-2.0.7.2-13.1 References: https://bugzilla.suse.com/1032909 From sle-updates at lists.suse.com Tue Jun 13 10:11:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 18:11:33 +0200 (CEST) Subject: SUSE-RU-2017:1556-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20170613161133.71DA6101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1556-1 Rating: moderate References: #1013876 #1038483 #1038809 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: hwdata: - Update to version 0.300. (bsc#1038809) - Update project and download urls. - Cleanup spec file with spec-cleaner. osad: - Require rhnlib version with i18n module. (bsc#1038483) - Fix TypeError: descriptor 'with_traceback'. - Remove running rhn_check on osad start. - Require spacewalk-usix instead of spacewalk-backend-usix. - Fix osa_dispatcher so it can successfully register with jabberd. - Align with upstream versioning. python-hwdata: - Implement PNP interface. - Errors in usb.ids should not be fatal. rhn-custom-info: - Updated links to github in spec files. rhn-virtualization: - Require spacewalk-usix instead of spacewalk-backend-usix. rhncfg: - Add password config option to rhncfg-manager. - Require rhnlib version with i18n module. (bsc#1038483) - Fix missing import in rhncfg. - Symlink target overwritten when the symlink is replaced by a file managed by rhncfg-client. - Require spacewalk-usix instead of spacewalk-backend-usix. rhnlib: - Updated links to github in spec files. rhnpush: - Pylint fixes in rhnpush. - Require spacewalk-usix instead of spacewalk-backend-usix. spacecmd: - Remove get_certificateexpiration support in spacecmd. (bsc#1013876) - Adding softwarechannel_listmanageablechannels. - Make sure to know if we get into default function and exit accordingly. - Exit with 1 with incorrect command, wrong server, etc. - Print also systemdid with system name. - Print profile_name instead of string we're searching for. - Fix interactive mode. - Add a type parameter to repo_create. spacewalk-backend-libs: - Updating help and man page. - Python3 compatibility changes. - Require spacewalk-usix instead of spacewalk-backend-usix. spacewalk-client-tools: - Enable detection of Oracle Linux during registration. - Fix UnicodeDecodeError when running rhnreg_ks with a different locale than en_US. - Fix rhn_register crashing on startup on Python < 2.5. spacewalk-koan: - Updated links to github in spec files spacewalk-oscap: - Require openscap-utils on rhel for backward compatibility. spacewalk-remote-utils: - Update spacewalk-remote-utils with RHEL 6.9 channel definitions. spacewalksd: - Updated links to github in spec files. suseRegisterInfo: - Updated links to github in spec files. supportutils-plugin-salt: - Add logs and extra info, code refactorings. spacewalk-usix: - New library for writing code that runs on Python 2 and 3. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-953=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): spacewalksd-5.0.26.2-23.2 spacewalksd-debuginfo-5.0.26.2-23.2 spacewalksd-debugsource-5.0.26.2-23.2 suseRegisterInfo-3.1.1-24.2 - SUSE Manager Tools 12 (noarch): hwdata-0.300-9.2 osa-common-5.11.80.2-30.2 osad-5.11.80.2-30.2 python-hwdata-2.3.4-11.2 rhn-custom-info-5.4.33.2-14.3 rhn-virtualization-common-5.4.57.1-17.2 rhn-virtualization-host-5.4.57.1-17.2 rhncfg-5.10.103.2-23.2 rhncfg-actions-5.10.103.2-23.2 rhncfg-client-5.10.103.2-23.2 rhncfg-management-5.10.103.2-23.2 rhnlib-2.7.2.1-20.2 rhnpush-5.5.104.1-17.2 spacecmd-2.7.8.3-37.2 spacewalk-backend-libs-2.7.73.3-54.2 spacewalk-check-2.7.6.2-51.2 spacewalk-client-setup-2.7.6.2-51.2 spacewalk-client-tools-2.7.6.2-51.2 spacewalk-koan-2.7.0.2-23.2 spacewalk-oscap-2.7.0.3-18.2 spacewalk-remote-utils-2.7.4.1-23.2 spacewalk-usix-2.7.5.2-2.2 supportutils-plugin-salt-1.1.1-5.2 References: https://bugzilla.suse.com/1013876 https://bugzilla.suse.com/1038483 https://bugzilla.suse.com/1038809 From sle-updates at lists.suse.com Tue Jun 13 13:09:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 21:09:23 +0200 (CEST) Subject: SUSE-SU-2017:1557-1: moderate: Security update for libxml2 Message-ID: <20170613190923.D01AC101C9@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1557-1 Rating: moderate References: #1010675 #1013930 #1039063 #1039064 #1039066 #1039069 #1039661 Cross-References: CVE-2016-9318 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-13143=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-13143=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-libxml2-13143=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libxml2-13143=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-13143=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libxml2-13143=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.69.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.69.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.69.1 libxml2-doc-2.7.6-0.69.1 libxml2-python-2.7.6-0.69.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.69.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.69.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libxml2-2.7.6-0.69.1 libxml2-doc-2.7.6-0.69.1 libxml2-python-2.7.6-0.69.3 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libxml2-32bit-2.7.6-0.69.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libxml2-2.7.6-0.69.1 libxml2-doc-2.7.6-0.69.1 libxml2-python-2.7.6-0.69.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.69.1 libxml2-debugsource-2.7.6-0.69.1 libxml2-python-debuginfo-2.7.6-0.69.3 libxml2-python-debugsource-2.7.6-0.69.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libxml2-debuginfo-2.7.6-0.69.1 libxml2-debugsource-2.7.6-0.69.1 libxml2-python-debuginfo-2.7.6-0.69.3 libxml2-python-debugsource-2.7.6-0.69.3 References: https://www.suse.com/security/cve/CVE-2016-9318.html https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://bugzilla.suse.com/1010675 https://bugzilla.suse.com/1013930 https://bugzilla.suse.com/1039063 https://bugzilla.suse.com/1039064 https://bugzilla.suse.com/1039066 https://bugzilla.suse.com/1039069 https://bugzilla.suse.com/1039661 From sle-updates at lists.suse.com Tue Jun 13 13:10:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2017 21:10:53 +0200 (CEST) Subject: SUSE-SU-2017:1558-1: important: Security update for mercurial Message-ID: <20170613191053.45804101C9@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1558-1 Rating: important References: #1043063 #1043502 Cross-References: CVE-2017-9462 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mercurial fixes the following issues: - CVE-2017-9462: Arbitrary code execution was possible by remote users via "hg serve --stdio" (bsc#1043063): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mercurial-13144=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mercurial-13144=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-2.3.2-0.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-debuginfo-2.3.2-0.17.1 mercurial-debugsource-2.3.2-0.17.1 References: https://www.suse.com/security/cve/CVE-2017-9462.html https://bugzilla.suse.com/1043063 https://bugzilla.suse.com/1043502 From sle-updates at lists.suse.com Wed Jun 14 07:15:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2017 15:15:05 +0200 (CEST) Subject: SUSE-RU-2017:1561-1: Recommended update for openstack-resource-agents Message-ID: <20170614131505.A8B88101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1561-1 Rating: low References: #1038010 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-resource-agents fixes the following issues: - Allow nova rootwrap daemon mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-956=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-resource-agents-1.0+git.1485796352.fe84d75-13.1 References: https://bugzilla.suse.com/1038010 From sle-updates at lists.suse.com Wed Jun 14 10:10:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2017 18:10:00 +0200 (CEST) Subject: SUSE-RU-2017:1563-1: Recommended update for colord Message-ID: <20170614161000.8CE0A101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for colord ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1563-1 Rating: low References: #1024933 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for colord fixes its Apparmor profile (usr.lib.colord) to allow reading from and writing to /var/lib/colord/.cache. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-961=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-961=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-961=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-961=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-961=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): colord-lang-1.3.3-12.13 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): colord-1.3.3-12.13 colord-debuginfo-1.3.3-12.13 colord-debugsource-1.3.3-12.13 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): colord-debuginfo-1.3.3-12.13 colord-debugsource-1.3.3-12.13 libcolord-devel-1.3.3-12.13 typelib-1_0-ColorHug-1_0-1.3.3-12.13 typelib-1_0-Colord-1_0-1.3.3-12.13 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): colord-debuginfo-1.3.3-12.13 colord-debugsource-1.3.3-12.13 libcolord2-1.3.3-12.13 libcolord2-debuginfo-1.3.3-12.13 libcolorhug2-1.3.3-12.13 libcolorhug2-debuginfo-1.3.3-12.13 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): colord-debuginfo-1.3.3-12.13 colord-debugsource-1.3.3-12.13 libcolord2-1.3.3-12.13 libcolord2-debuginfo-1.3.3-12.13 libcolorhug2-1.3.3-12.13 libcolorhug2-debuginfo-1.3.3-12.13 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libcolord2-32bit-1.3.3-12.13 libcolord2-debuginfo-32bit-1.3.3-12.13 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): colord-1.3.3-12.13 colord-debuginfo-1.3.3-12.13 colord-debugsource-1.3.3-12.13 libcolord2-1.3.3-12.13 libcolord2-32bit-1.3.3-12.13 libcolord2-debuginfo-1.3.3-12.13 libcolord2-debuginfo-32bit-1.3.3-12.13 libcolorhug2-1.3.3-12.13 libcolorhug2-debuginfo-1.3.3-12.13 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): colord-lang-1.3.3-12.13 References: https://bugzilla.suse.com/1024933 From sle-updates at lists.suse.com Wed Jun 14 10:10:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2017 18:10:33 +0200 (CEST) Subject: SUSE-RU-2017:1564-1: Recommended update for upower Message-ID: <20170614161033.9E132101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for upower ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1564-1 Rating: low References: #985741 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for upower provides the following fixes: - Set the system per default to hibernate, not hybridsleep. If the battery is going to be empty soon, there is no reason any longer to attempt to HybridSleep, which quite some hardware seems to get wrong. Simply hibernate, get the data on the disk and switch off. (bsc#985741) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-957=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-957=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-957=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-957=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libupower-glib-devel-0.99.4-7.10 upower-debuginfo-0.99.4-7.10 upower-debugsource-0.99.4-7.10 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libupower-glib3-0.99.4-7.10 libupower-glib3-debuginfo-0.99.4-7.10 typelib-1_0-UpowerGlib-1_0-0.99.4-7.10 upower-0.99.4-7.10 upower-debuginfo-0.99.4-7.10 upower-debugsource-0.99.4-7.10 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): upower-lang-0.99.4-7.10 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libupower-glib3-0.99.4-7.10 libupower-glib3-debuginfo-0.99.4-7.10 typelib-1_0-UpowerGlib-1_0-0.99.4-7.10 upower-0.99.4-7.10 upower-debuginfo-0.99.4-7.10 upower-debugsource-0.99.4-7.10 - SUSE Linux Enterprise Server 12-SP2 (noarch): upower-lang-0.99.4-7.10 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libupower-glib3-0.99.4-7.10 libupower-glib3-debuginfo-0.99.4-7.10 typelib-1_0-UpowerGlib-1_0-0.99.4-7.10 upower-0.99.4-7.10 upower-debuginfo-0.99.4-7.10 upower-debugsource-0.99.4-7.10 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): upower-lang-0.99.4-7.10 References: https://bugzilla.suse.com/985741 From sle-updates at lists.suse.com Wed Jun 14 10:11:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2017 18:11:05 +0200 (CEST) Subject: SUSE-RU-2017:1565-1: Recommended update for gcc5 Message-ID: <20170614161105.3D7FD101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1565-1 Rating: low References: #1043580 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc5 fixes the version of libffi in its pkg-config configuration file. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gcc5-13145=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gcc5-13145=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gcc5-13145=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libstdc++6-devel-gcc5-5.3.1+r233831-14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): libitm1-5.3.1+r233831-14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): cpp5-5.3.1+r233831-14.1 gcc5-32bit-5.3.1+r233831-14.1 gcc5-5.3.1+r233831-14.1 gcc5-c++-32bit-5.3.1+r233831-14.1 gcc5-c++-5.3.1+r233831-14.1 gcc5-fortran-32bit-5.3.1+r233831-14.1 gcc5-fortran-5.3.1+r233831-14.1 gcc5-info-5.3.1+r233831-14.1 gcc5-locale-5.3.1+r233831-14.1 libffi-devel-gcc5-32bit-5.3.1+r233831-14.1 libffi-devel-gcc5-5.3.1+r233831-14.1 libitm1-32bit-5.3.1+r233831-14.1 libstdc++6-devel-gcc5-32bit-5.3.1+r233831-14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 x86_64): libasan2-5.3.1+r233831-14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 x86_64): libasan2-32bit-5.3.1+r233831-14.1 libubsan0-32bit-5.3.1+r233831-14.1 libubsan0-5.3.1+r233831-14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libcilkrts5-5.3.1+r233831-14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64): libatomic1-5.3.1+r233831-14.1 libgfortran3-5.3.1+r233831-14.1 libquadmath0-5.3.1+r233831-14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libcilkrts5-32bit-5.3.1+r233831-14.1 liblsan0-5.3.1+r233831-14.1 libtsan0-5.3.1+r233831-14.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgcc_s1-5.3.1+r233831-14.1 libgfortran3-5.3.1+r233831-14.1 libgomp1-5.3.1+r233831-14.1 libstdc++6-5.3.1+r233831-14.1 libstdc++6-locale-5.3.1+r233831-14.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libatomic1-32bit-5.3.1+r233831-14.1 libatomic1-5.3.1+r233831-14.1 libffi4-32bit-5.3.1+r233831-14.1 libffi4-5.3.1+r233831-14.1 libgcc_s1-32bit-5.3.1+r233831-14.1 libgfortran3-32bit-5.3.1+r233831-14.1 libgomp1-32bit-5.3.1+r233831-14.1 libstdc++6-32bit-5.3.1+r233831-14.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 x86_64): libquadmath0-5.3.1+r233831-14.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): libquadmath0-32bit-5.3.1+r233831-14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gcc5-debuginfo-5.3.1+r233831-14.1 libffi-gcc5-debuginfo-5.3.1+r233831-14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gcc5-debugsource-5.3.1+r233831-14.1 References: https://bugzilla.suse.com/1043580 From sle-updates at lists.suse.com Wed Jun 14 10:11:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2017 18:11:38 +0200 (CEST) Subject: SUSE-RU-2017:1566-1: Recommended update for gcc5 Message-ID: <20170614161138.F2A38101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1566-1 Rating: low References: #1043580 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc5 fixes the version of libffi in its pkg-config configuration file. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-959=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-959=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-959=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-959=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-959=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-959=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-959=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2017-959=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-959=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-959=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): gcc5-debuginfo-5.3.1+r233831-12.1 gcc5-debugsource-5.3.1+r233831-12.1 libasan2-32bit-5.3.1+r233831-12.1 libasan2-5.3.1+r233831-12.1 libasan2-debuginfo-5.3.1+r233831-12.1 libffi-gcc5-debugsource-5.3.1+r233831-12.1 libffi4-32bit-5.3.1+r233831-12.1 libffi4-5.3.1+r233831-12.1 libffi4-debuginfo-5.3.1+r233831-12.1 libmpx0-32bit-5.3.1+r233831-12.1 libmpx0-5.3.1+r233831-12.1 libmpx0-debuginfo-5.3.1+r233831-12.1 libmpxwrappers0-32bit-5.3.1+r233831-12.1 libmpxwrappers0-5.3.1+r233831-12.1 libmpxwrappers0-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): gcc5-debuginfo-5.3.1+r233831-12.1 gcc5-debugsource-5.3.1+r233831-12.1 libasan2-5.3.1+r233831-12.1 libasan2-debuginfo-5.3.1+r233831-12.1 libffi-gcc5-debugsource-5.3.1+r233831-12.1 libffi4-5.3.1+r233831-12.1 libffi4-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libasan2-32bit-5.3.1+r233831-12.1 libffi4-32bit-5.3.1+r233831-12.1 libmpx0-32bit-5.3.1+r233831-12.1 libmpx0-5.3.1+r233831-12.1 libmpx0-debuginfo-5.3.1+r233831-12.1 libmpxwrappers0-32bit-5.3.1+r233831-12.1 libmpxwrappers0-5.3.1+r233831-12.1 libmpxwrappers0-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): gcc5-debugsource-5.3.1+r233831-12.1 libasan2-32bit-5.3.1+r233831-12.1 libasan2-32bit-debuginfo-5.3.1+r233831-12.1 libasan2-5.3.1+r233831-12.1 libasan2-debuginfo-5.3.1+r233831-12.1 libffi-gcc5-debugsource-5.3.1+r233831-12.1 libffi4-32bit-5.3.1+r233831-12.1 libffi4-5.3.1+r233831-12.1 libffi4-debuginfo-5.3.1+r233831-12.1 libmpx0-32bit-5.3.1+r233831-12.1 libmpx0-32bit-debuginfo-5.3.1+r233831-12.1 libmpx0-5.3.1+r233831-12.1 libmpx0-debuginfo-5.3.1+r233831-12.1 libmpxwrappers0-32bit-5.3.1+r233831-12.1 libmpxwrappers0-32bit-debuginfo-5.3.1+r233831-12.1 libmpxwrappers0-5.3.1+r233831-12.1 libmpxwrappers0-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gcc5-debuginfo-5.3.1+r233831-12.1 gcc5-debugsource-5.3.1+r233831-12.1 libasan2-5.3.1+r233831-12.1 libasan2-debuginfo-5.3.1+r233831-12.1 libffi-gcc5-debugsource-5.3.1+r233831-12.1 libffi4-5.3.1+r233831-12.1 libffi4-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gcc5-debuginfo-5.3.1+r233831-12.1 gcc5-debugsource-5.3.1+r233831-12.1 libasan2-5.3.1+r233831-12.1 libasan2-debuginfo-5.3.1+r233831-12.1 libffi-gcc5-debugsource-5.3.1+r233831-12.1 libffi4-5.3.1+r233831-12.1 libffi4-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libasan2-32bit-5.3.1+r233831-12.1 libffi4-32bit-5.3.1+r233831-12.1 libmpx0-32bit-5.3.1+r233831-12.1 libmpx0-5.3.1+r233831-12.1 libmpx0-debuginfo-5.3.1+r233831-12.1 libmpxwrappers0-32bit-5.3.1+r233831-12.1 libmpxwrappers0-5.3.1+r233831-12.1 libmpxwrappers0-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libffi-gcc5-debugsource-5.3.1+r233831-12.1 libffi4-5.3.1+r233831-12.1 libffi4-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le x86_64): gcc5-debuginfo-5.3.1+r233831-12.1 gcc5-debugsource-5.3.1+r233831-12.1 libasan2-5.3.1+r233831-12.1 libasan2-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libffi4-32bit-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libasan2-32bit-5.3.1+r233831-12.1 libmpx0-32bit-5.3.1+r233831-12.1 libmpx0-5.3.1+r233831-12.1 libmpx0-debuginfo-5.3.1+r233831-12.1 libmpxwrappers0-32bit-5.3.1+r233831-12.1 libmpxwrappers0-5.3.1+r233831-12.1 libmpxwrappers0-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gcc5-debugsource-5.3.1+r233831-12.1 libffi-gcc5-debugsource-5.3.1+r233831-12.1 libffi4-5.3.1+r233831-12.1 libffi4-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le x86_64): libasan2-5.3.1+r233831-12.1 libasan2-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libffi4-32bit-5.3.1+r233831-12.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libasan2-32bit-5.3.1+r233831-12.1 libasan2-32bit-debuginfo-5.3.1+r233831-12.1 libmpx0-32bit-5.3.1+r233831-12.1 libmpx0-32bit-debuginfo-5.3.1+r233831-12.1 libmpx0-5.3.1+r233831-12.1 libmpx0-debuginfo-5.3.1+r233831-12.1 libmpxwrappers0-32bit-5.3.1+r233831-12.1 libmpxwrappers0-32bit-debuginfo-5.3.1+r233831-12.1 libmpxwrappers0-5.3.1+r233831-12.1 libmpxwrappers0-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Module for Toolchain 12 (ppc64le s390x x86_64): cpp5-5.3.1+r233831-12.1 cpp5-debuginfo-5.3.1+r233831-12.1 gcc5-5.3.1+r233831-12.1 gcc5-c++-5.3.1+r233831-12.1 gcc5-c++-debuginfo-5.3.1+r233831-12.1 gcc5-debuginfo-5.3.1+r233831-12.1 gcc5-debugsource-5.3.1+r233831-12.1 gcc5-fortran-5.3.1+r233831-12.1 gcc5-fortran-debuginfo-5.3.1+r233831-12.1 gcc5-locale-5.3.1+r233831-12.1 libffi-devel-gcc5-5.3.1+r233831-12.1 libffi-gcc5-debugsource-5.3.1+r233831-12.1 libstdc++6-devel-gcc5-5.3.1+r233831-12.1 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc5-32bit-5.3.1+r233831-12.1 gcc5-32bit-debuginfo-5.3.1+r233831-12.1 gcc5-c++-32bit-5.3.1+r233831-12.1 gcc5-fortran-32bit-5.3.1+r233831-12.1 libffi-devel-gcc5-32bit-5.3.1+r233831-12.1 libstdc++6-devel-gcc5-32bit-5.3.1+r233831-12.1 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): gcc5-ada-32bit-5.3.1+r233831-12.1 gcc5-ada-5.3.1+r233831-12.1 gcc5-ada-debuginfo-5.3.1+r233831-12.1 libada5-32bit-5.3.1+r233831-12.1 libada5-32bit-debuginfo-5.3.1+r233831-12.1 libada5-5.3.1+r233831-12.1 libada5-debuginfo-5.3.1+r233831-12.1 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc5-info-5.3.1+r233831-12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gcc5-debuginfo-5.3.1+r233831-12.1 gcc5-debugsource-5.3.1+r233831-12.1 libasan2-32bit-5.3.1+r233831-12.1 libasan2-5.3.1+r233831-12.1 libasan2-debuginfo-5.3.1+r233831-12.1 libffi-gcc5-debugsource-5.3.1+r233831-12.1 libffi4-32bit-5.3.1+r233831-12.1 libffi4-5.3.1+r233831-12.1 libffi4-debuginfo-5.3.1+r233831-12.1 libmpx0-32bit-5.3.1+r233831-12.1 libmpx0-5.3.1+r233831-12.1 libmpx0-debuginfo-5.3.1+r233831-12.1 libmpxwrappers0-32bit-5.3.1+r233831-12.1 libmpxwrappers0-5.3.1+r233831-12.1 libmpxwrappers0-debuginfo-5.3.1+r233831-12.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libffi-gcc5-debugsource-5.3.1+r233831-12.1 libffi4-5.3.1+r233831-12.1 libffi4-debuginfo-5.3.1+r233831-12.1 References: https://bugzilla.suse.com/1043580 From sle-updates at lists.suse.com Wed Jun 14 13:09:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2017 21:09:27 +0200 (CEST) Subject: SUSE-SU-2017:1567-1: moderate: Security update for openldap2 Message-ID: <20170614190927.74A3E101C9@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1567-1 Rating: moderate References: #1009470 #1037396 #1041764 #972331 Cross-References: CVE-2017-9287 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764) Non security bugs fixed: - Let OpenLDAP read system-wide certificates by default and don't hide the error if the user-specified CA location cannot be read. (bsc#1009470) - Fix an uninitialised variable that causes startup failure (bsc#1037396) - Fix an issue with transaction management that can cause server crash (bsc#972331) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-962=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-962=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-962=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-962=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-962=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.29.1 openldap2-back-perl-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 openldap2-devel-2.4.41-18.29.1 openldap2-devel-static-2.4.41-18.29.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libldap-2_4-2-2.4.41-18.29.1 libldap-2_4-2-debuginfo-2.4.41-18.29.1 openldap2-2.4.41-18.29.1 openldap2-back-meta-2.4.41-18.29.1 openldap2-back-meta-debuginfo-2.4.41-18.29.1 openldap2-client-2.4.41-18.29.1 openldap2-client-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libldap-2_4-2-2.4.41-18.29.1 libldap-2_4-2-debuginfo-2.4.41-18.29.1 openldap2-2.4.41-18.29.1 openldap2-back-meta-2.4.41-18.29.1 openldap2-back-meta-debuginfo-2.4.41-18.29.1 openldap2-client-2.4.41-18.29.1 openldap2-client-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libldap-2_4-2-32bit-2.4.41-18.29.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.29.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libldap-2_4-2-2.4.41-18.29.1 libldap-2_4-2-32bit-2.4.41-18.29.1 libldap-2_4-2-debuginfo-2.4.41-18.29.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.29.1 openldap2-client-2.4.41-18.29.1 openldap2-client-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libldap-2_4-2-2.4.41-18.29.1 libldap-2_4-2-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 References: https://www.suse.com/security/cve/CVE-2017-9287.html https://bugzilla.suse.com/1009470 https://bugzilla.suse.com/1037396 https://bugzilla.suse.com/1041764 https://bugzilla.suse.com/972331 From sle-updates at lists.suse.com Wed Jun 14 16:09:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2017 00:09:02 +0200 (CEST) Subject: SUSE-SU-2017:1568-1: important: Security update for jakarta-taglibs-standard Message-ID: <20170614220902.60105101C9@maintenance.suse.de> SUSE Security Update: Security update for jakarta-taglibs-standard ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1568-1 Rating: important References: #920813 Cross-References: CVE-2015-0254 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-963=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-963=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): jakarta-taglibs-standard-1.1.1-255.2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): jakarta-taglibs-standard-1.1.1-255.2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 References: https://www.suse.com/security/cve/CVE-2015-0254.html https://bugzilla.suse.com/920813 From sle-updates at lists.suse.com Thu Jun 15 10:10:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2017 18:10:30 +0200 (CEST) Subject: SUSE-RU-2017:1570-1: Recommended update for dump Message-ID: <20170615161030.37E37101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for dump ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1570-1 Rating: low References: #1034032 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dump fixes handling of files with leading zeros. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-964=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-964=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dump-0.4b43-18.1 dump-debuginfo-0.4b43-18.1 dump-debugsource-0.4b43-18.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dump-0.4b43-18.1 dump-debuginfo-0.4b43-18.1 dump-debugsource-0.4b43-18.1 References: https://bugzilla.suse.com/1034032 From sle-updates at lists.suse.com Thu Jun 15 19:09:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2017 03:09:38 +0200 (CEST) Subject: SUSE-SU-2017:1575-1: moderate: Security update for netpbm Message-ID: <20170616010938.8093FFEB7@maintenance.suse.de> SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1575-1 Rating: moderate References: #1024287 Cross-References: CVE-2017-2581 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netpbm fixes the following security issues: - CVE-2017-2581: An out-of-bounds write in writeRasterPbm() could lead to memory corruption and potential code execution. (bsc#1024287) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-netpbm-13146=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-netpbm-13146=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-netpbm-13146=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libnetpbm-devel-10.26.44-101.14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libnetpbm-devel-32bit-10.26.44-101.14.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libnetpbm10-10.26.44-101.14.1 netpbm-10.26.44-101.14.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libnetpbm10-32bit-10.26.44-101.14.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libnetpbm10-x86-10.26.44-101.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): netpbm-debuginfo-10.26.44-101.14.1 netpbm-debugsource-10.26.44-101.14.1 References: https://www.suse.com/security/cve/CVE-2017-2581.html https://bugzilla.suse.com/1024287 From sle-updates at lists.suse.com Fri Jun 16 04:10:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2017 12:10:42 +0200 (CEST) Subject: SUSE-SU-2017:1576-1: moderate: Security update for libmicrohttpd Message-ID: <20170616101042.A0D51101C9@maintenance.suse.de> SUSE Security Update: Security update for libmicrohttpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1576-1 Rating: moderate References: #1041216 #854443 Cross-References: CVE-2013-7038 CVE-2013-7039 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libmicrohttpd fixes the following issues: - CVE-2013-7038: The MHD_http_unescape function in libmicrohttpd might have allowed remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. (bsc#854443) - CVE-2013-7039: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. (bsc#854443) - Fixed various bugs found during a 2017 audit, which are more hardening measures and not security issues. (bsc#1041216) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-966=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-966=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-966=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmicrohttpd-debugsource-0.9.30-5.1 libmicrohttpd-devel-0.9.30-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmicrohttpd-debugsource-0.9.30-5.1 libmicrohttpd10-0.9.30-5.1 libmicrohttpd10-debuginfo-0.9.30-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libmicrohttpd-debugsource-0.9.30-5.1 libmicrohttpd10-0.9.30-5.1 libmicrohttpd10-debuginfo-0.9.30-5.1 References: https://www.suse.com/security/cve/CVE-2013-7038.html https://www.suse.com/security/cve/CVE-2013-7039.html https://bugzilla.suse.com/1041216 https://bugzilla.suse.com/854443 From sle-updates at lists.suse.com Fri Jun 16 04:11:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2017 12:11:20 +0200 (CEST) Subject: SUSE-SU-2017:1577-1: moderate: Security update for libqt5-qtbase, libqt5-qtdeclarative Message-ID: <20170616101120.EDD1F101C8@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase, libqt5-qtdeclarative ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1577-1 Rating: moderate References: #1013095 #1034005 #1034402 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libqt5-qtbase and libqt5-qtdeclarative fixes the following issues: This security issue was fixed: - Prevent potential information leak due to race condition in QSaveFile (bsc#1034005). These non-security issues were fixed: - Fixed crash in QPlainTextEdit - Fixed Burmese rendering issue - Fixed reuse of C++-owned QObjects by different QML engines that could lead to crashes in kwin (bsc#1034402) - Make libqt5-qtquickcontrols available in SUSE Linux Enterprise. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-967=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-967=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-967=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-967=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.1-17.3.15 libQt5Concurrent-devel-5.6.1-17.3.15 libQt5Core-devel-5.6.1-17.3.15 libQt5DBus-devel-5.6.1-17.3.15 libQt5DBus-devel-debuginfo-5.6.1-17.3.15 libQt5Gui-devel-5.6.1-17.3.15 libQt5Network-devel-5.6.1-17.3.15 libQt5OpenGL-devel-5.6.1-17.3.15 libQt5OpenGLExtensions-devel-static-5.6.1-17.3.15 libQt5PlatformHeaders-devel-5.6.1-17.3.15 libQt5PlatformSupport-devel-static-5.6.1-17.3.15 libQt5PrintSupport-devel-5.6.1-17.3.15 libQt5Sql-devel-5.6.1-17.3.15 libQt5Test-devel-5.6.1-17.3.15 libQt5Widgets-devel-5.6.1-17.3.15 libQt5Xml-devel-5.6.1-17.3.15 libqt5-qtbase-common-devel-5.6.1-17.3.15 libqt5-qtbase-common-devel-debuginfo-5.6.1-17.3.15 libqt5-qtbase-debugsource-5.6.1-17.3.15 libqt5-qtbase-devel-5.6.1-17.3.15 libqt5-qtdeclarative-debugsource-5.6.1-13.3.1 libqt5-qtdeclarative-devel-5.6.1-13.3.1 libqt5-qtdeclarative-devel-debuginfo-5.6.1-13.3.1 libqt5-qtdeclarative-tools-5.6.1-13.3.1 libqt5-qtdeclarative-tools-debuginfo-5.6.1-13.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): libQt5Core-private-headers-devel-5.6.1-17.3.15 libQt5DBus-private-headers-devel-5.6.1-17.3.15 libQt5Gui-private-headers-devel-5.6.1-17.3.15 libQt5Network-private-headers-devel-5.6.1-17.3.15 libQt5OpenGL-private-headers-devel-5.6.1-17.3.15 libQt5PlatformSupport-private-headers-devel-5.6.1-17.3.15 libQt5PrintSupport-private-headers-devel-5.6.1-17.3.15 libQt5Sql-private-headers-devel-5.6.1-17.3.15 libQt5Test-private-headers-devel-5.6.1-17.3.15 libQt5Widgets-private-headers-devel-5.6.1-17.3.15 libqt5-qtbase-private-headers-devel-5.6.1-17.3.15 libqt5-qtdeclarative-private-headers-devel-5.6.1-13.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libQt5Concurrent5-5.6.1-17.3.15 libQt5Concurrent5-debuginfo-5.6.1-17.3.15 libQt5Core5-5.6.1-17.3.15 libQt5Core5-debuginfo-5.6.1-17.3.15 libQt5DBus5-5.6.1-17.3.15 libQt5DBus5-debuginfo-5.6.1-17.3.15 libQt5Gui5-5.6.1-17.3.15 libQt5Gui5-debuginfo-5.6.1-17.3.15 libQt5Network5-5.6.1-17.3.15 libQt5Network5-debuginfo-5.6.1-17.3.15 libQt5OpenGL5-5.6.1-17.3.15 libQt5OpenGL5-debuginfo-5.6.1-17.3.15 libQt5PrintSupport5-5.6.1-17.3.15 libQt5PrintSupport5-debuginfo-5.6.1-17.3.15 libQt5Sql5-5.6.1-17.3.15 libQt5Sql5-debuginfo-5.6.1-17.3.15 libQt5Sql5-mysql-5.6.1-17.3.15 libQt5Sql5-mysql-debuginfo-5.6.1-17.3.15 libQt5Sql5-postgresql-5.6.1-17.3.15 libQt5Sql5-postgresql-debuginfo-5.6.1-17.3.15 libQt5Sql5-sqlite-5.6.1-17.3.15 libQt5Sql5-sqlite-debuginfo-5.6.1-17.3.15 libQt5Sql5-unixODBC-5.6.1-17.3.15 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.3.15 libQt5Test5-5.6.1-17.3.15 libQt5Test5-debuginfo-5.6.1-17.3.15 libQt5Widgets5-5.6.1-17.3.15 libQt5Widgets5-debuginfo-5.6.1-17.3.15 libQt5Xml5-5.6.1-17.3.15 libQt5Xml5-debuginfo-5.6.1-17.3.15 libQtQuick5-5.6.1-13.3.1 libQtQuick5-debuginfo-5.6.1-13.3.1 libqt5-qtbase-debugsource-5.6.1-17.3.15 libqt5-qtdeclarative-debugsource-5.6.1-13.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libQt5Concurrent5-5.6.1-17.3.15 libQt5Concurrent5-debuginfo-5.6.1-17.3.15 libQt5Core5-5.6.1-17.3.15 libQt5Core5-debuginfo-5.6.1-17.3.15 libQt5DBus5-5.6.1-17.3.15 libQt5DBus5-debuginfo-5.6.1-17.3.15 libQt5Gui5-5.6.1-17.3.15 libQt5Gui5-debuginfo-5.6.1-17.3.15 libQt5Network5-5.6.1-17.3.15 libQt5Network5-debuginfo-5.6.1-17.3.15 libQt5OpenGL5-5.6.1-17.3.15 libQt5OpenGL5-debuginfo-5.6.1-17.3.15 libQt5PrintSupport5-5.6.1-17.3.15 libQt5PrintSupport5-debuginfo-5.6.1-17.3.15 libQt5Sql5-5.6.1-17.3.15 libQt5Sql5-debuginfo-5.6.1-17.3.15 libQt5Sql5-mysql-5.6.1-17.3.15 libQt5Sql5-mysql-debuginfo-5.6.1-17.3.15 libQt5Sql5-postgresql-5.6.1-17.3.15 libQt5Sql5-postgresql-debuginfo-5.6.1-17.3.15 libQt5Sql5-sqlite-5.6.1-17.3.15 libQt5Sql5-sqlite-debuginfo-5.6.1-17.3.15 libQt5Sql5-unixODBC-5.6.1-17.3.15 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.3.15 libQt5Test5-5.6.1-17.3.15 libQt5Test5-debuginfo-5.6.1-17.3.15 libQt5Widgets5-5.6.1-17.3.15 libQt5Widgets5-debuginfo-5.6.1-17.3.15 libQt5Xml5-5.6.1-17.3.15 libQt5Xml5-debuginfo-5.6.1-17.3.15 libQtQuick5-5.6.1-13.3.1 libQtQuick5-debuginfo-5.6.1-13.3.1 libqt5-qtbase-debugsource-5.6.1-17.3.15 libqt5-qtdeclarative-debugsource-5.6.1-13.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libQt5Concurrent5-5.6.1-17.3.15 libQt5Concurrent5-debuginfo-5.6.1-17.3.15 libQt5Core5-5.6.1-17.3.15 libQt5Core5-debuginfo-5.6.1-17.3.15 libQt5DBus5-5.6.1-17.3.15 libQt5DBus5-debuginfo-5.6.1-17.3.15 libQt5Gui5-5.6.1-17.3.15 libQt5Gui5-debuginfo-5.6.1-17.3.15 libQt5Network5-5.6.1-17.3.15 libQt5Network5-debuginfo-5.6.1-17.3.15 libQt5OpenGL5-5.6.1-17.3.15 libQt5OpenGL5-debuginfo-5.6.1-17.3.15 libQt5PrintSupport5-5.6.1-17.3.15 libQt5PrintSupport5-debuginfo-5.6.1-17.3.15 libQt5Sql5-5.6.1-17.3.15 libQt5Sql5-debuginfo-5.6.1-17.3.15 libQt5Sql5-mysql-5.6.1-17.3.15 libQt5Sql5-mysql-debuginfo-5.6.1-17.3.15 libQt5Sql5-postgresql-5.6.1-17.3.15 libQt5Sql5-postgresql-debuginfo-5.6.1-17.3.15 libQt5Sql5-sqlite-5.6.1-17.3.15 libQt5Sql5-sqlite-debuginfo-5.6.1-17.3.15 libQt5Sql5-unixODBC-5.6.1-17.3.15 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.3.15 libQt5Test5-5.6.1-17.3.15 libQt5Test5-debuginfo-5.6.1-17.3.15 libQt5Widgets5-5.6.1-17.3.15 libQt5Widgets5-debuginfo-5.6.1-17.3.15 libQt5Xml5-5.6.1-17.3.15 libQt5Xml5-debuginfo-5.6.1-17.3.15 libQtQuick5-5.6.1-13.3.1 libQtQuick5-debuginfo-5.6.1-13.3.1 libqt5-qtbase-debugsource-5.6.1-17.3.15 libqt5-qtdeclarative-debugsource-5.6.1-13.3.1 References: https://bugzilla.suse.com/1013095 https://bugzilla.suse.com/1034005 https://bugzilla.suse.com/1034402 From sle-updates at lists.suse.com Fri Jun 16 07:09:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2017 15:09:58 +0200 (CEST) Subject: SUSE-RU-2017:1578-1: Recommended update for perf Message-ID: <20170616130958.E9B42101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1578-1 Rating: low References: #1015726 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf provides the following fix: - perf tools: Fix PMU format parsing test failure (bsc#1015726) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perf-13147=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perf-13147=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): perf-3.0.101-2.16.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): perf-debuginfo-3.0.101-2.16.4 perf-debugsource-3.0.101-2.16.4 References: https://bugzilla.suse.com/1015726 From sle-updates at lists.suse.com Fri Jun 16 10:10:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2017 18:10:32 +0200 (CEST) Subject: SUSE-RU-2017:1580-1: Recommended update for ibus-pinyin Message-ID: <20170616161032.DF49C101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ibus-pinyin ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1580-1 Rating: low References: #980890 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ibus-pinyin fixes the following issues: - Forbidden selected words cleared by ibus-pinyin in Firefox. (bsc#980890) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-970=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-970=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-970=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ibus-pinyin-1.5.0-11.2 ibus-pinyin-debuginfo-1.5.0-11.2 ibus-pinyin-debugsource-1.5.0-11.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ibus-pinyin-1.5.0-11.2 ibus-pinyin-debuginfo-1.5.0-11.2 ibus-pinyin-debugsource-1.5.0-11.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ibus-pinyin-1.5.0-11.2 ibus-pinyin-debuginfo-1.5.0-11.2 ibus-pinyin-debugsource-1.5.0-11.2 References: https://bugzilla.suse.com/980890 From sle-updates at lists.suse.com Fri Jun 16 10:11:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2017 18:11:01 +0200 (CEST) Subject: SUSE-SU-2017:1581-1: moderate: Security update for Salt Message-ID: <20170616161101.45FF3101C9@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1581-1 Rating: moderate References: #1011800 #1012999 #1017078 #1020831 #1022562 #1025896 #1027240 #1027722 #1030009 #1030073 #1032931 #1035912 #1035914 #1036125 #1038855 #1039370 #1040584 #1040886 #1043111 Cross-References: CVE-2017-5200 CVE-2017-8109 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that solves two vulnerabilities and has 17 fixes is now available. Description: This update for salt provides version 2016.11.4 and brings various fixes and improvements: - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Fix format error. (bsc#1043111) - Fix ownership for whole master cache directory. (bsc#1035914) - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Fix insecure permissions in salt-ssh temporary files. (bsc#1035912, CVE-2017-8109) - Disable custom rosters for Salt SSH via Salt API. (bsc#1011800, CVE-2017-5200) - Orchestrate and batches don't return false failed information anymore. - Speed-up cherrypy by removing sleep call. - Fix os_family grains on SUSE. (bsc#1038855) - Fix setting the language on SUSE systems. (bsc#1038855) - Use SUSE specific salt-api.service. (bsc#1039370) - Fix using hostname for minion ID as '127'. - Fix core grains constants for timezone. (bsc#1032931) - Minor fixes on new pkg.list_downloaded. - Listing all type of advisory patches for Yum module. - Prevents zero length error on Python 2.6. - Fixes zypper test error after backporting. - Raet protocol is no longer supported. (bsc#1020831) - Fix moving SSH data to the new home. (bsc#1027722) - Fix logrotating /var/log/salt/minion. (bsc#1030009) - Fix result of master_tops extension is mutually overwritten. (bsc#1030073) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs. - Allows to set custom timeouts for 'manage.up' and 'manage.status'. - Use salt's ordereddict for comparison. - Fix scripts for salt-proxy. - Add openscap module. - File.get_managed regression fix. - Fix translate variable arguments if they contain hidden keywords. (bsc#1025896) - Added unit test for dockerng.sls_build dryrun. - Added dryrun to dockerng.sls_build. - Update dockerng minimal version requirements. - Fix format error in error parsing. - Keep fix for migrating salt home directory. (bsc#1022562) - Fix salt pkg.latest raises exception if package is not available. (bsc#1012999) - Timezone should always be in UTC. (bsc#1017078) - Fix timezone handling for rpm installtime. (bsc#1017078) - Increasing timeouts for running integrations tests. - Add buildargs option to dockerng.build module. - Fix error when missing ssh-option parameter. - Re-add yum notify plugin. - All kwargs to dockerng.create to provide all features to sls_build as well. - Datetime should be returned always in UTC. - Fix possible crash while deserialising data on infinite recursion in scheduled state. (bsc#1036125) - Documentation refresh to 2016.11.4 - For a detailed description, please refer to: + https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-201705-13150=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-201705-13150=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-42.2 salt-doc-2016.11.4-42.2 salt-minion-2016.11.4-42.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-42.2 salt-doc-2016.11.4-42.2 salt-minion-2016.11.4-42.2 References: https://www.suse.com/security/cve/CVE-2017-5200.html https://www.suse.com/security/cve/CVE-2017-8109.html https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035912 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040584 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1043111 From sle-updates at lists.suse.com Fri Jun 16 10:13:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2017 18:13:53 +0200 (CEST) Subject: SUSE-SU-2017:1582-1: moderate: Security update for Salt Message-ID: <20170616161353.0D84B101C9@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1582-1 Rating: moderate References: #1011800 #1012999 #1017078 #1020831 #1022562 #1025896 #1027240 #1027722 #1030009 #1030073 #1032931 #1035912 #1035914 #1036125 #1038855 #1039370 #1040584 #1040886 #1043111 Cross-References: CVE-2017-5200 CVE-2017-8109 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 4 SUSE Enterprise Storage 3 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has 17 fixes is now available. Description: This update for salt provides version 2016.11.4 and brings various fixes and improvements: - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Fix format error. (bsc#1043111) - Fix ownership for whole master cache directory. (bsc#1035914) - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Fix insecure permissions in salt-ssh temporary files. (bsc#1035912, CVE-2017-8109) - Disable custom rosters for Salt SSH via Salt API. (bsc#1011800, CVE-2017-5200) - Orchestrate and batches don't return false failed information anymore. - Speed-up cherrypy by removing sleep call. - Fix os_family grains on SUSE. (bsc#1038855) - Fix setting the language on SUSE systems. (bsc#1038855) - Use SUSE specific salt-api.service. (bsc#1039370) - Fix using hostname for minion ID as '127'. - Fix core grains constants for timezone. (bsc#1032931) - Minor fixes on new pkg.list_downloaded. - Listing all type of advisory patches for Yum module. - Prevents zero length error on Python 2.6. - Fixes zypper test error after backporting. - Raet protocol is no longer supported. (bsc#1020831) - Fix moving SSH data to the new home. (bsc#1027722) - Fix logrotating /var/log/salt/minion. (bsc#1030009) - Fix result of master_tops extension is mutually overwritten. (bsc#1030073) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs. - Allows to set custom timeouts for 'manage.up' and 'manage.status'. - Use salt's ordereddict for comparison. - Fix scripts for salt-proxy. - Add openscap module. - File.get_managed regression fix. - Fix translate variable arguments if they contain hidden keywords. (bsc#1025896) - Added unit test for dockerng.sls_build dryrun. - Added dryrun to dockerng.sls_build. - Update dockerng minimal version requirements. - Fix format error in error parsing. - Keep fix for migrating salt home directory. (bsc#1022562) - Fix salt pkg.latest raises exception if package is not available. (bsc#1012999) - Timezone should always be in UTC. (bsc#1017078) - Fix timezone handling for rpm installtime. (bsc#1017078) - Increasing timeouts for running integrations tests. - Add buildargs option to dockerng.build module. - Fix error when missing ssh-option parameter. - Re-add yum notify plugin. - All kwargs to dockerng.create to provide all features to sls_build as well. - Datetime should be returned always in UTC. - Fix possible crash while deserialising data on infinite recursion in scheduled state. (bsc#1036125) - Documentation refresh to 2016.11.4 - For a detailed description, please refer to: + https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-974=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-974=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-974=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2017-974=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-974=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-974=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-974=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-974=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): salt-2016.11.4-45.2 salt-doc-2016.11.4-45.2 salt-minion-2016.11.4-45.2 - SUSE Manager Server 3.0 (x86_64): salt-2016.11.4-45.2 salt-api-2016.11.4-45.2 salt-doc-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 salt-proxy-2016.11.4-45.2 salt-ssh-2016.11.4-45.2 salt-syndic-2016.11.4-45.2 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2016.11.4-45.2 salt-zsh-completion-2016.11.4-45.2 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2016.11.4-45.2 salt-zsh-completion-2016.11.4-45.2 - SUSE Manager Proxy 3.0 (x86_64): salt-2016.11.4-45.2 salt-api-2016.11.4-45.2 salt-doc-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 salt-proxy-2016.11.4-45.2 salt-ssh-2016.11.4-45.2 salt-syndic-2016.11.4-45.2 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): salt-2016.11.4-45.2 salt-minion-2016.11.4-45.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): salt-2016.11.4-45.2 salt-api-2016.11.4-45.2 salt-cloud-2016.11.4-45.2 salt-doc-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 salt-proxy-2016.11.4-45.2 salt-ssh-2016.11.4-45.2 salt-syndic-2016.11.4-45.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2016.11.4-45.2 salt-zsh-completion-2016.11.4-45.2 - SUSE Enterprise Storage 4 (aarch64 x86_64): salt-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 - SUSE Enterprise Storage 3 (aarch64 x86_64): salt-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): salt-2016.11.4-45.2 salt-minion-2016.11.4-45.2 References: https://www.suse.com/security/cve/CVE-2017-5200.html https://www.suse.com/security/cve/CVE-2017-8109.html https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035912 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040584 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1043111 From sle-updates at lists.suse.com Fri Jun 16 13:09:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2017 21:09:50 +0200 (CEST) Subject: SUSE-SU-2017:1585-1: moderate: Security update for php53 Message-ID: <20170616190950.5954D101C9@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1585-1 Rating: moderate References: #1031246 #1035111 #1040883 #1040889 #1040891 Cross-References: CVE-2016-6294 CVE-2017-7272 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used the port number that is specified in the hostname argument, instead of the port number in the second argument of the function (bsc#1031246) - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). - CVE-2017-9227: An issue was discovered in Oniguruma 6.2.0, as used in mbstring in PHP. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. (bsc#1040883) - CVE-2017-9226: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (bsc#1040889) - CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. (bsc#1040891) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13151=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13151=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13151=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-108.1 php53-imap-5.3.17-108.1 php53-posix-5.3.17-108.1 php53-readline-5.3.17-108.1 php53-sockets-5.3.17-108.1 php53-sqlite-5.3.17-108.1 php53-tidy-5.3.17-108.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-108.1 php53-5.3.17-108.1 php53-bcmath-5.3.17-108.1 php53-bz2-5.3.17-108.1 php53-calendar-5.3.17-108.1 php53-ctype-5.3.17-108.1 php53-curl-5.3.17-108.1 php53-dba-5.3.17-108.1 php53-dom-5.3.17-108.1 php53-exif-5.3.17-108.1 php53-fastcgi-5.3.17-108.1 php53-fileinfo-5.3.17-108.1 php53-ftp-5.3.17-108.1 php53-gd-5.3.17-108.1 php53-gettext-5.3.17-108.1 php53-gmp-5.3.17-108.1 php53-iconv-5.3.17-108.1 php53-intl-5.3.17-108.1 php53-json-5.3.17-108.1 php53-ldap-5.3.17-108.1 php53-mbstring-5.3.17-108.1 php53-mcrypt-5.3.17-108.1 php53-mysql-5.3.17-108.1 php53-odbc-5.3.17-108.1 php53-openssl-5.3.17-108.1 php53-pcntl-5.3.17-108.1 php53-pdo-5.3.17-108.1 php53-pear-5.3.17-108.1 php53-pgsql-5.3.17-108.1 php53-pspell-5.3.17-108.1 php53-shmop-5.3.17-108.1 php53-snmp-5.3.17-108.1 php53-soap-5.3.17-108.1 php53-suhosin-5.3.17-108.1 php53-sysvmsg-5.3.17-108.1 php53-sysvsem-5.3.17-108.1 php53-sysvshm-5.3.17-108.1 php53-tokenizer-5.3.17-108.1 php53-wddx-5.3.17-108.1 php53-xmlreader-5.3.17-108.1 php53-xmlrpc-5.3.17-108.1 php53-xmlwriter-5.3.17-108.1 php53-xsl-5.3.17-108.1 php53-zip-5.3.17-108.1 php53-zlib-5.3.17-108.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-108.1 php53-debugsource-5.3.17-108.1 References: https://www.suse.com/security/cve/CVE-2016-6294.html https://www.suse.com/security/cve/CVE-2017-7272.html https://www.suse.com/security/cve/CVE-2017-9224.html https://www.suse.com/security/cve/CVE-2017-9226.html https://www.suse.com/security/cve/CVE-2017-9227.html https://bugzilla.suse.com/1031246 https://bugzilla.suse.com/1035111 https://bugzilla.suse.com/1040883 https://bugzilla.suse.com/1040889 https://bugzilla.suse.com/1040891 From sle-updates at lists.suse.com Fri Jun 16 13:10:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2017 21:10:44 +0200 (CEST) Subject: SUSE-SU-2017:1587-1: moderate: Security update for libxml2 Message-ID: <20170616191044.BC457101C9@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1587-1 Rating: moderate References: #1039063 #1039064 #1039066 #1039069 #1039661 Cross-References: CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for libxml2 fixes the following issues: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-975=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-975=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-975=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-975=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libxml2-2-2.9.1-26.15.1 libxml2-2-debuginfo-2.9.1-26.15.1 libxml2-debugsource-2.9.1-26.15.1 libxml2-tools-2.9.1-26.15.1 libxml2-tools-debuginfo-2.9.1-26.15.1 python-libxml2-2.9.1-26.15.1 python-libxml2-debuginfo-2.9.1-26.15.1 python-libxml2-debugsource-2.9.1-26.15.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libxml2-2-32bit-2.9.1-26.15.1 libxml2-2-debuginfo-32bit-2.9.1-26.15.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): libxml2-doc-2.9.1-26.15.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libxml2-2-2.9.1-26.15.1 libxml2-2-32bit-2.9.1-26.15.1 libxml2-2-debuginfo-2.9.1-26.15.1 libxml2-2-debuginfo-32bit-2.9.1-26.15.1 libxml2-debugsource-2.9.1-26.15.1 libxml2-tools-2.9.1-26.15.1 libxml2-tools-debuginfo-2.9.1-26.15.1 python-libxml2-2.9.1-26.15.1 python-libxml2-debuginfo-2.9.1-26.15.1 python-libxml2-debugsource-2.9.1-26.15.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): libxml2-doc-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libxml2-2-2.9.1-26.15.1 libxml2-2-debuginfo-2.9.1-26.15.1 libxml2-debugsource-2.9.1-26.15.1 libxml2-tools-2.9.1-26.15.1 libxml2-tools-debuginfo-2.9.1-26.15.1 python-libxml2-2.9.1-26.15.1 python-libxml2-debuginfo-2.9.1-26.15.1 python-libxml2-debugsource-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libxml2-2-32bit-2.9.1-26.15.1 libxml2-2-debuginfo-32bit-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): libxml2-doc-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libxml2-2-2.9.1-26.15.1 libxml2-2-debuginfo-2.9.1-26.15.1 libxml2-debugsource-2.9.1-26.15.1 libxml2-tools-2.9.1-26.15.1 libxml2-tools-debuginfo-2.9.1-26.15.1 python-libxml2-2.9.1-26.15.1 python-libxml2-debuginfo-2.9.1-26.15.1 python-libxml2-debugsource-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libxml2-2-32bit-2.9.1-26.15.1 libxml2-2-debuginfo-32bit-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): libxml2-doc-2.9.1-26.15.1 References: https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://bugzilla.suse.com/1039063 https://bugzilla.suse.com/1039064 https://bugzilla.suse.com/1039066 https://bugzilla.suse.com/1039069 https://bugzilla.suse.com/1039661 From sle-updates at lists.suse.com Fri Jun 16 19:09:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Jun 2017 03:09:28 +0200 (CEST) Subject: SUSE-RU-2017:1590-1: moderate: Recommended update for util-linux Message-ID: <20170617010928.9FE4D101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1590-1 Rating: moderate References: #1033718 #1039360 #1042991 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for util-linux fixes the following lspci(1) issues: - Reading /dev/mem on aarch64 systems could lead to a kernel crash. (bsc#1033718) - Failure to detect PowerVM hypervisor. (bsc#1042991, bsc#1039360) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-977=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-977=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-977=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-977=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-977=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-977=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libuuid-devel-2.28-44.9.1 util-linux-debuginfo-2.28-44.9.1 util-linux-debugsource-2.28-44.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.28-44.9.1 libmount-devel-2.28-44.9.1 libsmartcols-devel-2.28-44.9.1 libuuid-devel-2.28-44.9.1 util-linux-debuginfo-2.28-44.9.1 util-linux-debugsource-2.28-44.9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libblkid1-2.28-44.9.1 libblkid1-debuginfo-2.28-44.9.1 libfdisk1-2.28-44.9.1 libfdisk1-debuginfo-2.28-44.9.1 libmount1-2.28-44.9.1 libmount1-debuginfo-2.28-44.9.1 libsmartcols1-2.28-44.9.1 libsmartcols1-debuginfo-2.28-44.9.1 libuuid1-2.28-44.9.1 libuuid1-debuginfo-2.28-44.9.1 python-libmount-2.28-44.9.3 python-libmount-debuginfo-2.28-44.9.3 python-libmount-debugsource-2.28-44.9.3 util-linux-2.28-44.9.1 util-linux-debuginfo-2.28-44.9.1 util-linux-debugsource-2.28-44.9.1 util-linux-systemd-2.28-44.9.3 util-linux-systemd-debuginfo-2.28-44.9.3 util-linux-systemd-debugsource-2.28-44.9.3 uuidd-2.28-44.9.3 uuidd-debuginfo-2.28-44.9.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): util-linux-lang-2.28-44.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libblkid1-2.28-44.9.1 libblkid1-debuginfo-2.28-44.9.1 libfdisk1-2.28-44.9.1 libfdisk1-debuginfo-2.28-44.9.1 libmount1-2.28-44.9.1 libmount1-debuginfo-2.28-44.9.1 libsmartcols1-2.28-44.9.1 libsmartcols1-debuginfo-2.28-44.9.1 libuuid1-2.28-44.9.1 libuuid1-debuginfo-2.28-44.9.1 python-libmount-2.28-44.9.3 python-libmount-debuginfo-2.28-44.9.3 python-libmount-debugsource-2.28-44.9.3 util-linux-2.28-44.9.1 util-linux-debuginfo-2.28-44.9.1 util-linux-debugsource-2.28-44.9.1 util-linux-systemd-2.28-44.9.3 util-linux-systemd-debuginfo-2.28-44.9.3 util-linux-systemd-debugsource-2.28-44.9.3 uuidd-2.28-44.9.3 uuidd-debuginfo-2.28-44.9.3 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libblkid1-32bit-2.28-44.9.1 libblkid1-debuginfo-32bit-2.28-44.9.1 libmount1-32bit-2.28-44.9.1 libmount1-debuginfo-32bit-2.28-44.9.1 libuuid1-32bit-2.28-44.9.1 libuuid1-debuginfo-32bit-2.28-44.9.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): util-linux-lang-2.28-44.9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libblkid1-2.28-44.9.1 libblkid1-32bit-2.28-44.9.1 libblkid1-debuginfo-2.28-44.9.1 libblkid1-debuginfo-32bit-2.28-44.9.1 libfdisk1-2.28-44.9.1 libfdisk1-debuginfo-2.28-44.9.1 libmount1-2.28-44.9.1 libmount1-32bit-2.28-44.9.1 libmount1-debuginfo-2.28-44.9.1 libmount1-debuginfo-32bit-2.28-44.9.1 libsmartcols1-2.28-44.9.1 libsmartcols1-debuginfo-2.28-44.9.1 libuuid-devel-2.28-44.9.1 libuuid1-2.28-44.9.1 libuuid1-32bit-2.28-44.9.1 libuuid1-debuginfo-2.28-44.9.1 libuuid1-debuginfo-32bit-2.28-44.9.1 python-libmount-2.28-44.9.3 python-libmount-debuginfo-2.28-44.9.3 python-libmount-debugsource-2.28-44.9.3 util-linux-2.28-44.9.1 util-linux-debuginfo-2.28-44.9.1 util-linux-debugsource-2.28-44.9.1 util-linux-systemd-2.28-44.9.3 util-linux-systemd-debuginfo-2.28-44.9.3 util-linux-systemd-debugsource-2.28-44.9.3 uuidd-2.28-44.9.3 uuidd-debuginfo-2.28-44.9.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): util-linux-lang-2.28-44.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libblkid1-2.28-44.9.1 libblkid1-debuginfo-2.28-44.9.1 libfdisk1-2.28-44.9.1 libfdisk1-debuginfo-2.28-44.9.1 libmount1-2.28-44.9.1 libmount1-debuginfo-2.28-44.9.1 libsmartcols1-2.28-44.9.1 libsmartcols1-debuginfo-2.28-44.9.1 libuuid1-2.28-44.9.1 libuuid1-debuginfo-2.28-44.9.1 util-linux-2.28-44.9.1 util-linux-debuginfo-2.28-44.9.1 util-linux-debugsource-2.28-44.9.1 util-linux-systemd-2.28-44.9.3 util-linux-systemd-debuginfo-2.28-44.9.3 util-linux-systemd-debugsource-2.28-44.9.3 References: https://bugzilla.suse.com/1033718 https://bugzilla.suse.com/1039360 https://bugzilla.suse.com/1042991 From sle-updates at lists.suse.com Mon Jun 19 04:10:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 12:10:25 +0200 (CEST) Subject: SUSE-SU-2017:1599-1: moderate: Security update for ImageMagick Message-ID: <20170619101025.71E9F101C9@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1599-1 Rating: moderate References: #1033091 #1034870 #1034872 #1034876 #1036976 #1036978 #1036980 #1036981 #1036983 #1036984 #1036985 #1036986 #1036987 #1036988 #1036989 #1036990 #1037527 #1038000 #1040025 #1040303 #1040304 #1040306 #1040332 Cross-References: CVE-2014-9846 CVE-2016-10050 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13152=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13152=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13152=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.77.1 ImageMagick-devel-6.4.3.6-7.77.1 libMagick++-devel-6.4.3.6-7.77.1 libMagick++1-6.4.3.6-7.77.1 libMagickWand1-6.4.3.6-7.77.1 perl-PerlMagick-6.4.3.6-7.77.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.77.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.77.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.77.1 ImageMagick-debugsource-6.4.3.6-7.77.1 References: https://www.suse.com/security/cve/CVE-2014-9846.html https://www.suse.com/security/cve/CVE-2016-10050.html https://www.suse.com/security/cve/CVE-2017-7606.html https://www.suse.com/security/cve/CVE-2017-7941.html https://www.suse.com/security/cve/CVE-2017-7942.html https://www.suse.com/security/cve/CVE-2017-7943.html https://www.suse.com/security/cve/CVE-2017-8344.html https://www.suse.com/security/cve/CVE-2017-8345.html https://www.suse.com/security/cve/CVE-2017-8346.html https://www.suse.com/security/cve/CVE-2017-8348.html https://www.suse.com/security/cve/CVE-2017-8349.html https://www.suse.com/security/cve/CVE-2017-8350.html https://www.suse.com/security/cve/CVE-2017-8351.html https://www.suse.com/security/cve/CVE-2017-8352.html https://www.suse.com/security/cve/CVE-2017-8353.html https://www.suse.com/security/cve/CVE-2017-8354.html https://www.suse.com/security/cve/CVE-2017-8355.html https://www.suse.com/security/cve/CVE-2017-8357.html https://www.suse.com/security/cve/CVE-2017-8765.html https://www.suse.com/security/cve/CVE-2017-8830.html https://www.suse.com/security/cve/CVE-2017-9098.html https://www.suse.com/security/cve/CVE-2017-9141.html https://www.suse.com/security/cve/CVE-2017-9142.html https://www.suse.com/security/cve/CVE-2017-9143.html https://www.suse.com/security/cve/CVE-2017-9144.html https://bugzilla.suse.com/1033091 https://bugzilla.suse.com/1034870 https://bugzilla.suse.com/1034872 https://bugzilla.suse.com/1034876 https://bugzilla.suse.com/1036976 https://bugzilla.suse.com/1036978 https://bugzilla.suse.com/1036980 https://bugzilla.suse.com/1036981 https://bugzilla.suse.com/1036983 https://bugzilla.suse.com/1036984 https://bugzilla.suse.com/1036985 https://bugzilla.suse.com/1036986 https://bugzilla.suse.com/1036987 https://bugzilla.suse.com/1036988 https://bugzilla.suse.com/1036989 https://bugzilla.suse.com/1036990 https://bugzilla.suse.com/1037527 https://bugzilla.suse.com/1038000 https://bugzilla.suse.com/1040025 https://bugzilla.suse.com/1040303 https://bugzilla.suse.com/1040304 https://bugzilla.suse.com/1040306 https://bugzilla.suse.com/1040332 From sle-updates at lists.suse.com Mon Jun 19 07:10:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 15:10:17 +0200 (CEST) Subject: SUSE-SU-2017:1600-1: moderate: Security update for GraphicsMagick Message-ID: <20170619131017.6B5EA101BB@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1600-1 Rating: moderate References: #1033091 #1034876 #1036978 #1036980 #1036981 #1036984 #1036985 #1036986 #1036987 #1036988 #1036990 #1037527 #1038000 #1040025 #1040304 #1040332 #984144 Cross-References: CVE-2014-9847 CVE-2017-7606 CVE-2017-7941 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8355 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9142 CVE-2017-9144 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985). The previous fix for CVE-2014-9847 (bsc#984144) was incorrect and incomplete and has been refreshed. - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13153=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13153=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13153=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.77.1 libGraphicsMagick2-1.2.5-4.77.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.77.1 libGraphicsMagick2-1.2.5-4.77.1 perl-GraphicsMagick-1.2.5-4.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.77.1 GraphicsMagick-debugsource-1.2.5-4.77.1 References: https://www.suse.com/security/cve/CVE-2014-9847.html https://www.suse.com/security/cve/CVE-2017-7606.html https://www.suse.com/security/cve/CVE-2017-7941.html https://www.suse.com/security/cve/CVE-2017-8344.html https://www.suse.com/security/cve/CVE-2017-8345.html https://www.suse.com/security/cve/CVE-2017-8346.html https://www.suse.com/security/cve/CVE-2017-8349.html https://www.suse.com/security/cve/CVE-2017-8350.html https://www.suse.com/security/cve/CVE-2017-8351.html https://www.suse.com/security/cve/CVE-2017-8352.html https://www.suse.com/security/cve/CVE-2017-8353.html https://www.suse.com/security/cve/CVE-2017-8355.html https://www.suse.com/security/cve/CVE-2017-8765.html https://www.suse.com/security/cve/CVE-2017-8830.html https://www.suse.com/security/cve/CVE-2017-9098.html https://www.suse.com/security/cve/CVE-2017-9142.html https://www.suse.com/security/cve/CVE-2017-9144.html https://bugzilla.suse.com/1033091 https://bugzilla.suse.com/1034876 https://bugzilla.suse.com/1036978 https://bugzilla.suse.com/1036980 https://bugzilla.suse.com/1036981 https://bugzilla.suse.com/1036984 https://bugzilla.suse.com/1036985 https://bugzilla.suse.com/1036986 https://bugzilla.suse.com/1036987 https://bugzilla.suse.com/1036988 https://bugzilla.suse.com/1036990 https://bugzilla.suse.com/1037527 https://bugzilla.suse.com/1038000 https://bugzilla.suse.com/1040025 https://bugzilla.suse.com/1040304 https://bugzilla.suse.com/1040332 https://bugzilla.suse.com/984144 From sle-updates at lists.suse.com Mon Jun 19 07:12:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 15:12:46 +0200 (CEST) Subject: SUSE-RU-2017:1602-1: moderate: Recommended update for python-azure-agent Message-ID: <20170619131246.7E688101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1602-1 Rating: moderate References: #1042202 #1042203 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-azure-agent provides version 2.2.13 and brings the following fixes and improvements: - Fix for host plugin response encoding. - Fix for GAiA public key handling. - Fix for host plugin channel initialization. - Fix for AzureStack protocol error handling. - Removal of iptables rules from AzureStack protocol. - There are too many log print to /var/log/waagent.log. - Questionable split call in common/conf.py. - Remove extension logs during de-provision. - Reset of RDMA drivers not taking effect. - WALA de-provision process not clean up all cloudinit files. - Ensure the transport certificate expires in no more than two years enhancement. - Emit goal state processing performance metrics enhancement. - Align with the Azure Stack protocol enhancement. - Location of configuration file should be editable. - Add new OS.SshDir in waagent.conf. - De-provision cloud-init data. - Enable FIPS support. - Enable auto-update for AzureStack. - Default route is not added if it already exists. - Change option order for mkfs. - Enable customer-supported cloud-init. - Agent should purge /var/lib/waagent/events if it gets full. - Remove superseded extension folders / zip files. - Agent should remove unused extension directories and zip files. - Agent should not issue an HTTP HEAD to determine status blob type. - Correct HandlerState status check and clean-up reported events. - Reduce polling time for extension processing. - Emit event if re-provisioning without a de-provision. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-python-azure-agent-13154=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (x86_64): python-azure-agent-2.2.13-27.1 References: https://bugzilla.suse.com/1042202 https://bugzilla.suse.com/1042203 From sle-updates at lists.suse.com Mon Jun 19 07:13:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 15:13:16 +0200 (CEST) Subject: SUSE-SU-2017:1603-1: moderate: Security update for netpbm Message-ID: <20170619131316.39436101C9@maintenance.suse.de> SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1603-1 Rating: moderate References: #1024287 #1024292 #1024294 Cross-References: CVE-2017-2581 CVE-2017-2586 CVE-2017-2587 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for netpbm fixes the following issues: Security bugs: * CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images. [bsc#1024292] * CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287] * CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-980=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-980=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-980=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-980=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.66.3-7.1 netpbm-debuginfo-10.66.3-7.1 netpbm-debugsource-10.66.3-7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libnetpbm11-10.66.3-7.1 libnetpbm11-debuginfo-10.66.3-7.1 netpbm-10.66.3-7.1 netpbm-debuginfo-10.66.3-7.1 netpbm-debugsource-10.66.3-7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libnetpbm11-10.66.3-7.1 libnetpbm11-debuginfo-10.66.3-7.1 netpbm-10.66.3-7.1 netpbm-debuginfo-10.66.3-7.1 netpbm-debugsource-10.66.3-7.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libnetpbm11-32bit-10.66.3-7.1 libnetpbm11-debuginfo-32bit-10.66.3-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libnetpbm11-10.66.3-7.1 libnetpbm11-32bit-10.66.3-7.1 libnetpbm11-debuginfo-10.66.3-7.1 libnetpbm11-debuginfo-32bit-10.66.3-7.1 netpbm-10.66.3-7.1 netpbm-debuginfo-10.66.3-7.1 netpbm-debugsource-10.66.3-7.1 References: https://www.suse.com/security/cve/CVE-2017-2581.html https://www.suse.com/security/cve/CVE-2017-2586.html https://www.suse.com/security/cve/CVE-2017-2587.html https://bugzilla.suse.com/1024287 https://bugzilla.suse.com/1024292 https://bugzilla.suse.com/1024294 From sle-updates at lists.suse.com Mon Jun 19 07:14:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 15:14:23 +0200 (CEST) Subject: SUSE-RU-2017:1605-1: moderate: Recommended update for python-azure-agent Message-ID: <20170619131423.E86E3101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1605-1 Rating: moderate References: #1042202 #1042203 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-azure-agent provides version 2.2.13 and brings the following fixes and improvements: - Fix for host plugin response encoding. - Fix for GAiA public key handling. - Fix for host plugin channel initialization. - Fix for AzureStack protocol error handling. - Removal of iptables rules from AzureStack protocol. - There are too many log print to /var/log/waagent.log. - Questionable split call in common/conf.py. - Remove extension logs during de-provision. - Reset of RDMA drivers not taking effect. - WALA de-provision process not clean up all cloudinit files. - Ensure the transport certificate expires in no more than two years enhancement. - Emit goal state processing performance metrics enhancement. - Align with the Azure Stack protocol enhancement. - Location of configuration file should be editable. - Add new OS.SshDir in waagent.conf. - De-provision cloud-init data. - Enable FIPS support. - Enable auto-update for AzureStack. - Default route is not added if it already exists. - Change option order for mkfs. - Enable customer-supported cloud-init. - Agent should purge /var/lib/waagent/events if it gets full. - Remove superseded extension folders / zip files. - Agent should remove unused extension directories and zip files. - Agent should not issue an HTTP HEAD to determine status blob type. - Correct HandlerState status check and clean-up reported events. - Reduce polling time for extension processing. - Emit event if re-provisioning without a de-provision. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-983=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.2.13-33.1 References: https://bugzilla.suse.com/1042202 https://bugzilla.suse.com/1042203 From sle-updates at lists.suse.com Mon Jun 19 07:14:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 15:14:54 +0200 (CEST) Subject: SUSE-SU-2017:1606-1: important: Security update for mercurial Message-ID: <20170619131454.9AAE8101C9@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1606-1 Rating: important References: #1043063 Cross-References: CVE-2017-9462 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: Security issue fixed: - CVE-2017-9462: Fix the arbitrary code exec by remote users via "hg serve --stdio" (bsc#1043063): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-981=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-14.1 mercurial-debuginfo-2.8.2-14.1 mercurial-debugsource-2.8.2-14.1 References: https://www.suse.com/security/cve/CVE-2017-9462.html https://bugzilla.suse.com/1043063 From sle-updates at lists.suse.com Mon Jun 19 10:11:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 18:11:10 +0200 (CEST) Subject: SUSE-SU-2017:1608-1: moderate: Security update for libgcrypt Message-ID: <20170619161110.5B086101C9@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1608-1 Rating: moderate References: #1042326 #931932 Cross-References: CVE-2017-9526 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libgcrypt fixes the following issues: - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. (bsc#1042326) - Don't require secure memory for the fips selftests, this prevents the "Oops, secure memory pool already initialized" warning. (bsc#931932) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-985=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-985=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-985=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-985=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-985=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt-devel-1.6.1-16.39.1 libgcrypt-devel-debuginfo-1.6.1-16.39.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt20-1.6.1-16.39.1 libgcrypt20-debuginfo-1.6.1-16.39.1 libgcrypt20-hmac-1.6.1-16.39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt20-1.6.1-16.39.1 libgcrypt20-debuginfo-1.6.1-16.39.1 libgcrypt20-hmac-1.6.1-16.39.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libgcrypt20-32bit-1.6.1-16.39.1 libgcrypt20-debuginfo-32bit-1.6.1-16.39.1 libgcrypt20-hmac-32bit-1.6.1-16.39.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt20-1.6.1-16.39.1 libgcrypt20-32bit-1.6.1-16.39.1 libgcrypt20-debuginfo-1.6.1-16.39.1 libgcrypt20-debuginfo-32bit-1.6.1-16.39.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt20-1.6.1-16.39.1 libgcrypt20-debuginfo-1.6.1-16.39.1 References: https://www.suse.com/security/cve/CVE-2017-9526.html https://bugzilla.suse.com/1042326 https://bugzilla.suse.com/931932 From sle-updates at lists.suse.com Mon Jun 19 13:10:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:10:14 +0200 (CEST) Subject: SUSE-SU-2017:1611-1: important: Security update for glibc Message-ID: <20170619191014.6620C101C9@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1611-1 Rating: important References: #1038690 #1039357 #987216 Cross-References: CVE-2017-1000366 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - The incorrectly defined constant O_TMPFILE has been fixed. [bsc#1038690] - A defect in glibc's regression test suite has been remedied to avoid false positives. [bsc#987216] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-988=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-988=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): glibc-2.19-22.21.1 glibc-32bit-2.19-22.21.1 glibc-debuginfo-2.19-22.21.1 glibc-debuginfo-32bit-2.19-22.21.1 glibc-debugsource-2.19-22.21.1 glibc-devel-2.19-22.21.1 glibc-devel-32bit-2.19-22.21.1 glibc-devel-debuginfo-2.19-22.21.1 glibc-devel-debuginfo-32bit-2.19-22.21.1 glibc-locale-2.19-22.21.1 glibc-locale-32bit-2.19-22.21.1 glibc-locale-debuginfo-2.19-22.21.1 glibc-locale-debuginfo-32bit-2.19-22.21.1 glibc-profile-2.19-22.21.1 glibc-profile-32bit-2.19-22.21.1 nscd-2.19-22.21.1 nscd-debuginfo-2.19-22.21.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): glibc-html-2.19-22.21.1 glibc-i18ndata-2.19-22.21.1 glibc-info-2.19-22.21.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): glibc-2.19-22.21.1 glibc-debuginfo-2.19-22.21.1 glibc-debugsource-2.19-22.21.1 glibc-devel-2.19-22.21.1 glibc-devel-debuginfo-2.19-22.21.1 glibc-locale-2.19-22.21.1 glibc-locale-debuginfo-2.19-22.21.1 glibc-profile-2.19-22.21.1 nscd-2.19-22.21.1 nscd-debuginfo-2.19-22.21.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): glibc-32bit-2.19-22.21.1 glibc-debuginfo-32bit-2.19-22.21.1 glibc-devel-32bit-2.19-22.21.1 glibc-devel-debuginfo-32bit-2.19-22.21.1 glibc-locale-32bit-2.19-22.21.1 glibc-locale-debuginfo-32bit-2.19-22.21.1 glibc-profile-32bit-2.19-22.21.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): glibc-html-2.19-22.21.1 glibc-i18ndata-2.19-22.21.1 glibc-info-2.19-22.21.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1038690 https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/987216 From sle-updates at lists.suse.com Mon Jun 19 13:11:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:11:54 +0200 (CEST) Subject: SUSE-SU-2017:1613-1: critical: Security update for the Linux Kernel Message-ID: <20170619191154.71D0B101C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1613-1 Rating: critical References: #1039348 #979021 Cross-References: CVE-2015-3288 CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security fixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bnc#979021). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13156=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13156=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13156=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13156=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.102.1 kernel-default-base-3.0.101-0.47.102.1 kernel-default-devel-3.0.101-0.47.102.1 kernel-source-3.0.101-0.47.102.1 kernel-syms-3.0.101-0.47.102.1 kernel-trace-3.0.101-0.47.102.1 kernel-trace-base-3.0.101-0.47.102.1 kernel-trace-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.102.1 kernel-ec2-base-3.0.101-0.47.102.1 kernel-ec2-devel-3.0.101-0.47.102.1 kernel-xen-3.0.101-0.47.102.1 kernel-xen-base-3.0.101-0.47.102.1 kernel-xen-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.102.1 kernel-bigsmp-base-3.0.101-0.47.102.1 kernel-bigsmp-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.102.1 kernel-pae-base-3.0.101-0.47.102.1 kernel-pae-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.102.1 kernel-trace-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.102.1 kernel-default-base-3.0.101-0.47.102.1 kernel-default-devel-3.0.101-0.47.102.1 kernel-ec2-3.0.101-0.47.102.1 kernel-ec2-base-3.0.101-0.47.102.1 kernel-ec2-devel-3.0.101-0.47.102.1 kernel-pae-3.0.101-0.47.102.1 kernel-pae-base-3.0.101-0.47.102.1 kernel-pae-devel-3.0.101-0.47.102.1 kernel-source-3.0.101-0.47.102.1 kernel-syms-3.0.101-0.47.102.1 kernel-trace-3.0.101-0.47.102.1 kernel-trace-base-3.0.101-0.47.102.1 kernel-trace-devel-3.0.101-0.47.102.1 kernel-xen-3.0.101-0.47.102.1 kernel-xen-base-3.0.101-0.47.102.1 kernel-xen-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.102.1 kernel-default-debugsource-3.0.101-0.47.102.1 kernel-trace-debuginfo-3.0.101-0.47.102.1 kernel-trace-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.102.1 kernel-ec2-debugsource-3.0.101-0.47.102.1 kernel-xen-debuginfo-3.0.101-0.47.102.1 kernel-xen-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.102.1 kernel-bigsmp-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.102.1 kernel-pae-debugsource-3.0.101-0.47.102.1 References: https://www.suse.com/security/cve/CVE-2015-3288.html https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/979021 From sle-updates at lists.suse.com Mon Jun 19 13:12:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:12:34 +0200 (CEST) Subject: SUSE-SU-2017:1614-1: important: Security update for glibc Message-ID: <20170619191234.DD68D101C9@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1614-1 Rating: important References: #1038690 #1039357 #986858 Cross-References: CVE-2017-1000366 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - The incorrectly defined constant O_TMPFILE has been fixed. [bsc#1038690] - An incorrectly specified buffer length in nscd netgroup queries has been fixed. [bsc#986858] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-989=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-989=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-989=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): glibc-2.19-40.6.1 glibc-32bit-2.19-40.6.1 glibc-debuginfo-2.19-40.6.1 glibc-debuginfo-32bit-2.19-40.6.1 glibc-debugsource-2.19-40.6.1 glibc-devel-2.19-40.6.1 glibc-devel-32bit-2.19-40.6.1 glibc-devel-debuginfo-2.19-40.6.1 glibc-devel-debuginfo-32bit-2.19-40.6.1 glibc-locale-2.19-40.6.1 glibc-locale-32bit-2.19-40.6.1 glibc-locale-debuginfo-2.19-40.6.1 glibc-locale-debuginfo-32bit-2.19-40.6.1 glibc-profile-2.19-40.6.1 glibc-profile-32bit-2.19-40.6.1 nscd-2.19-40.6.1 nscd-debuginfo-2.19-40.6.1 - SUSE OpenStack Cloud 6 (noarch): glibc-html-2.19-40.6.1 glibc-i18ndata-2.19-40.6.1 glibc-info-2.19-40.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): glibc-2.19-40.6.1 glibc-debuginfo-2.19-40.6.1 glibc-debugsource-2.19-40.6.1 glibc-devel-2.19-40.6.1 glibc-devel-debuginfo-2.19-40.6.1 glibc-locale-2.19-40.6.1 glibc-locale-debuginfo-2.19-40.6.1 glibc-profile-2.19-40.6.1 nscd-2.19-40.6.1 nscd-debuginfo-2.19-40.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): glibc-32bit-2.19-40.6.1 glibc-debuginfo-32bit-2.19-40.6.1 glibc-devel-32bit-2.19-40.6.1 glibc-devel-debuginfo-32bit-2.19-40.6.1 glibc-locale-32bit-2.19-40.6.1 glibc-locale-debuginfo-32bit-2.19-40.6.1 glibc-profile-32bit-2.19-40.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): glibc-html-2.19-40.6.1 glibc-i18ndata-2.19-40.6.1 glibc-info-2.19-40.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glibc-2.19-40.6.1 glibc-debuginfo-2.19-40.6.1 glibc-debugsource-2.19-40.6.1 glibc-devel-2.19-40.6.1 glibc-devel-debuginfo-2.19-40.6.1 glibc-locale-2.19-40.6.1 glibc-locale-debuginfo-2.19-40.6.1 glibc-profile-2.19-40.6.1 nscd-2.19-40.6.1 nscd-debuginfo-2.19-40.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): glibc-32bit-2.19-40.6.1 glibc-debuginfo-32bit-2.19-40.6.1 glibc-devel-32bit-2.19-40.6.1 glibc-devel-debuginfo-32bit-2.19-40.6.1 glibc-locale-32bit-2.19-40.6.1 glibc-locale-debuginfo-32bit-2.19-40.6.1 glibc-profile-32bit-2.19-40.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glibc-html-2.19-40.6.1 glibc-i18ndata-2.19-40.6.1 glibc-info-2.19-40.6.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1038690 https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/986858 From sle-updates at lists.suse.com Mon Jun 19 13:13:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:13:18 +0200 (CEST) Subject: SUSE-SU-2017:1615-1: critical: Security update for the Linux Kernel Message-ID: <20170619191318.D7DBB101C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1615-1 Rating: critical References: #1039348 #1042292 Cross-References: CVE-2017-1000364 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: netfilter: A use-after-free was fixed that could cause a kernel panic on a system shutdown. (bsc#1042292) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-996=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-996=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-996=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-996=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.45.1 kernel-default-base-3.12.74-60.64.45.1 kernel-default-base-debuginfo-3.12.74-60.64.45.1 kernel-default-debuginfo-3.12.74-60.64.45.1 kernel-default-debugsource-3.12.74-60.64.45.1 kernel-default-devel-3.12.74-60.64.45.1 kernel-syms-3.12.74-60.64.45.1 kernel-xen-3.12.74-60.64.45.1 kernel-xen-base-3.12.74-60.64.45.1 kernel-xen-base-debuginfo-3.12.74-60.64.45.1 kernel-xen-debuginfo-3.12.74-60.64.45.1 kernel-xen-debugsource-3.12.74-60.64.45.1 kernel-xen-devel-3.12.74-60.64.45.1 kgraft-patch-3_12_74-60_64_45-default-1-4.1 kgraft-patch-3_12_74-60_64_45-xen-1-4.1 - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.45.1 kernel-macros-3.12.74-60.64.45.1 kernel-source-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.45.1 kernel-default-base-3.12.74-60.64.45.1 kernel-default-base-debuginfo-3.12.74-60.64.45.1 kernel-default-debuginfo-3.12.74-60.64.45.1 kernel-default-debugsource-3.12.74-60.64.45.1 kernel-default-devel-3.12.74-60.64.45.1 kernel-syms-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.45.1 kernel-macros-3.12.74-60.64.45.1 kernel-source-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.45.1 kernel-xen-base-3.12.74-60.64.45.1 kernel-xen-base-debuginfo-3.12.74-60.64.45.1 kernel-xen-debuginfo-3.12.74-60.64.45.1 kernel-xen-debugsource-3.12.74-60.64.45.1 kernel-xen-devel-3.12.74-60.64.45.1 kgraft-patch-3_12_74-60_64_45-default-1-4.1 kgraft-patch-3_12_74-60_64_45-xen-1-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.45.1 kernel-default-base-3.12.74-60.64.45.1 kernel-default-base-debuginfo-3.12.74-60.64.45.1 kernel-default-debuginfo-3.12.74-60.64.45.1 kernel-default-debugsource-3.12.74-60.64.45.1 kernel-default-devel-3.12.74-60.64.45.1 kernel-syms-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.45.1 kernel-macros-3.12.74-60.64.45.1 kernel-source-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.45.1 kernel-xen-base-3.12.74-60.64.45.1 kernel-xen-base-debuginfo-3.12.74-60.64.45.1 kernel-xen-debuginfo-3.12.74-60.64.45.1 kernel-xen-debugsource-3.12.74-60.64.45.1 kernel-xen-devel-3.12.74-60.64.45.1 kgraft-patch-3_12_74-60_64_45-default-1-4.1 kgraft-patch-3_12_74-60_64_45-xen-1-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.45.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.45.1 kernel-ec2-debuginfo-3.12.74-60.64.45.1 kernel-ec2-debugsource-3.12.74-60.64.45.1 kernel-ec2-devel-3.12.74-60.64.45.1 kernel-ec2-extra-3.12.74-60.64.45.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.45.1 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1042292 From sle-updates at lists.suse.com Mon Jun 19 13:14:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:14:03 +0200 (CEST) Subject: SUSE-RU-2017:1616-1: moderate: Recommended update for util-linux Message-ID: <20170619191403.1A160101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1616-1 Rating: moderate References: #1033718 #1039360 #1042991 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for util-linux fixes the following lspci(1) issues: - Reading /dev/mem on aarch64 systems could lead to a kernel crash. (bsc#1033718) - Failure to detect PowerVM hypervisor. (bsc#1042991, bsc#1039360) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-987=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-987=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-987=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): util-linux-lang-2.25-46.1 - SUSE OpenStack Cloud 6 (x86_64): libblkid1-2.25-46.1 libblkid1-32bit-2.25-46.1 libblkid1-debuginfo-2.25-46.1 libblkid1-debuginfo-32bit-2.25-46.1 libmount1-2.25-46.1 libmount1-32bit-2.25-46.1 libmount1-debuginfo-2.25-46.1 libmount1-debuginfo-32bit-2.25-46.1 libsmartcols1-2.25-46.1 libsmartcols1-debuginfo-2.25-46.1 libuuid1-2.25-46.1 libuuid1-32bit-2.25-46.1 libuuid1-debuginfo-2.25-46.1 libuuid1-debuginfo-32bit-2.25-46.1 python-libmount-2.25-46.1 python-libmount-debuginfo-2.25-46.1 python-libmount-debugsource-2.25-46.1 util-linux-2.25-46.1 util-linux-debuginfo-2.25-46.1 util-linux-debugsource-2.25-46.1 util-linux-systemd-2.25-46.1 util-linux-systemd-debuginfo-2.25-46.1 util-linux-systemd-debugsource-2.25-46.1 uuidd-2.25-46.1 uuidd-debuginfo-2.25-46.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libblkid1-2.25-46.1 libblkid1-debuginfo-2.25-46.1 libmount1-2.25-46.1 libmount1-debuginfo-2.25-46.1 libsmartcols1-2.25-46.1 libsmartcols1-debuginfo-2.25-46.1 libuuid1-2.25-46.1 libuuid1-debuginfo-2.25-46.1 python-libmount-2.25-46.1 python-libmount-debuginfo-2.25-46.1 python-libmount-debugsource-2.25-46.1 util-linux-2.25-46.1 util-linux-debuginfo-2.25-46.1 util-linux-debugsource-2.25-46.1 util-linux-systemd-2.25-46.1 util-linux-systemd-debuginfo-2.25-46.1 util-linux-systemd-debugsource-2.25-46.1 uuidd-2.25-46.1 uuidd-debuginfo-2.25-46.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): util-linux-lang-2.25-46.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libblkid1-32bit-2.25-46.1 libblkid1-debuginfo-32bit-2.25-46.1 libmount1-32bit-2.25-46.1 libmount1-debuginfo-32bit-2.25-46.1 libuuid1-32bit-2.25-46.1 libuuid1-debuginfo-32bit-2.25-46.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libblkid1-2.25-46.1 libblkid1-debuginfo-2.25-46.1 libmount1-2.25-46.1 libmount1-debuginfo-2.25-46.1 libsmartcols1-2.25-46.1 libsmartcols1-debuginfo-2.25-46.1 libuuid1-2.25-46.1 libuuid1-debuginfo-2.25-46.1 python-libmount-2.25-46.1 python-libmount-debuginfo-2.25-46.1 python-libmount-debugsource-2.25-46.1 util-linux-2.25-46.1 util-linux-debuginfo-2.25-46.1 util-linux-debugsource-2.25-46.1 util-linux-systemd-2.25-46.1 util-linux-systemd-debuginfo-2.25-46.1 util-linux-systemd-debugsource-2.25-46.1 uuidd-2.25-46.1 uuidd-debuginfo-2.25-46.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libblkid1-32bit-2.25-46.1 libblkid1-debuginfo-32bit-2.25-46.1 libmount1-32bit-2.25-46.1 libmount1-debuginfo-32bit-2.25-46.1 libuuid1-32bit-2.25-46.1 libuuid1-debuginfo-32bit-2.25-46.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): util-linux-lang-2.25-46.1 References: https://bugzilla.suse.com/1033718 https://bugzilla.suse.com/1039360 https://bugzilla.suse.com/1042991 From sle-updates at lists.suse.com Mon Jun 19 13:14:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:14:45 +0200 (CEST) Subject: SUSE-SU-2017:1617-1: critical: Security update for the Linux Kernel Message-ID: <20170619191445.90CCC101C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1617-1 Rating: critical References: #1037384 #1039348 Cross-References: CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - There was a load failure in the sha-mb encryption implementation (bsc#1037384). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-994=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-994=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-994=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-994=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-994=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-994=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-994=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-994=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 kernel-default-extra-4.4.59-92.20.2 kernel-default-extra-debuginfo-4.4.59-92.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.59-92.20.2 kernel-obs-build-debugsource-4.4.59-92.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.59-92.20.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.59-92.20.2 kernel-default-base-4.4.59-92.20.2 kernel-default-base-debuginfo-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 kernel-default-devel-4.4.59-92.20.2 kernel-syms-4.4.59-92.20.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.59-92.20.2 kernel-macros-4.4.59-92.20.2 kernel-source-4.4.59-92.20.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.59-92.20.2 kernel-default-base-4.4.59-92.20.2 kernel-default-base-debuginfo-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 kernel-default-devel-4.4.59-92.20.2 kernel-syms-4.4.59-92.20.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.59-92.20.2 kernel-macros-4.4.59-92.20.2 kernel-source-4.4.59-92.20.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_20-default-1-2.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.59-92.20.2 cluster-md-kmp-default-debuginfo-4.4.59-92.20.2 cluster-network-kmp-default-4.4.59-92.20.2 cluster-network-kmp-default-debuginfo-4.4.59-92.20.2 dlm-kmp-default-4.4.59-92.20.2 dlm-kmp-default-debuginfo-4.4.59-92.20.2 gfs2-kmp-default-4.4.59-92.20.2 gfs2-kmp-default-debuginfo-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 ocfs2-kmp-default-4.4.59-92.20.2 ocfs2-kmp-default-debuginfo-4.4.59-92.20.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 kernel-default-devel-4.4.59-92.20.2 kernel-default-extra-4.4.59-92.20.2 kernel-default-extra-debuginfo-4.4.59-92.20.2 kernel-syms-4.4.59-92.20.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.59-92.20.2 kernel-macros-4.4.59-92.20.2 kernel-source-4.4.59-92.20.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1037384 https://bugzilla.suse.com/1039348 From sle-updates at lists.suse.com Mon Jun 19 13:15:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:15:28 +0200 (CEST) Subject: SUSE-SU-2017:1618-1: critical: Security update for the Linux Kernel Message-ID: <20170619191528.64B2A101C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1618-1 Rating: critical References: #1039348 #1042292 Cross-References: CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: netfilter: A use-after-free was fixed that could cause a kernel panic on a system shutdown. (bsc#1042292) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-995=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-995=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-995=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.77.1 kernel-macros-3.12.61-52.77.1 kernel-source-3.12.61-52.77.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.77.1 kernel-default-base-3.12.61-52.77.1 kernel-default-base-debuginfo-3.12.61-52.77.1 kernel-default-debuginfo-3.12.61-52.77.1 kernel-default-debugsource-3.12.61-52.77.1 kernel-default-devel-3.12.61-52.77.1 kernel-syms-3.12.61-52.77.1 kernel-xen-3.12.61-52.77.1 kernel-xen-base-3.12.61-52.77.1 kernel-xen-base-debuginfo-3.12.61-52.77.1 kernel-xen-debuginfo-3.12.61-52.77.1 kernel-xen-debugsource-3.12.61-52.77.1 kernel-xen-devel-3.12.61-52.77.1 kgraft-patch-3_12_61-52_77-default-1-4.1 kgraft-patch-3_12_61-52_77-xen-1-4.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.77.1 kernel-default-base-3.12.61-52.77.1 kernel-default-base-debuginfo-3.12.61-52.77.1 kernel-default-debuginfo-3.12.61-52.77.1 kernel-default-debugsource-3.12.61-52.77.1 kernel-default-devel-3.12.61-52.77.1 kernel-syms-3.12.61-52.77.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.77.1 kernel-xen-base-3.12.61-52.77.1 kernel-xen-base-debuginfo-3.12.61-52.77.1 kernel-xen-debuginfo-3.12.61-52.77.1 kernel-xen-debugsource-3.12.61-52.77.1 kernel-xen-devel-3.12.61-52.77.1 kgraft-patch-3_12_61-52_77-default-1-4.1 kgraft-patch-3_12_61-52_77-xen-1-4.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.77.1 kernel-macros-3.12.61-52.77.1 kernel-source-3.12.61-52.77.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.77.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.77.1 kernel-ec2-debuginfo-3.12.61-52.77.1 kernel-ec2-debugsource-3.12.61-52.77.1 kernel-ec2-devel-3.12.61-52.77.1 kernel-ec2-extra-3.12.61-52.77.1 kernel-ec2-extra-debuginfo-3.12.61-52.77.1 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1042292 From sle-updates at lists.suse.com Mon Jun 19 13:16:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:16:10 +0200 (CEST) Subject: SUSE-SU-2017:1619-1: important: Security update for glibc Message-ID: <20170619191610.97E37101C9@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1619-1 Rating: important References: #1039357 #1040043 Cross-References: CVE-2017-1000366 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-990=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-990=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-990=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-990=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-990=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-static-2.22-61.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): glibc-info-2.22-61.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): glibc-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-2.22-61.3 glibc-devel-debuginfo-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 glibc-profile-2.22-61.3 nscd-2.22-61.3 nscd-debuginfo-2.22-61.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): glibc-html-2.22-61.3 glibc-i18ndata-2.22-61.3 glibc-info-2.22-61.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): glibc-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-2.22-61.3 glibc-devel-debuginfo-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 glibc-profile-2.22-61.3 nscd-2.22-61.3 nscd-debuginfo-2.22-61.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): glibc-html-2.22-61.3 glibc-i18ndata-2.22-61.3 glibc-info-2.22-61.3 - SUSE Linux Enterprise Server 12-SP2 (x86_64): glibc-32bit-2.22-61.3 glibc-debuginfo-32bit-2.22-61.3 glibc-devel-32bit-2.22-61.3 glibc-devel-debuginfo-32bit-2.22-61.3 glibc-locale-32bit-2.22-61.3 glibc-locale-debuginfo-32bit-2.22-61.3 glibc-profile-32bit-2.22-61.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): glibc-i18ndata-2.22-61.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): glibc-2.22-61.3 glibc-32bit-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debuginfo-32bit-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-2.22-61.3 glibc-devel-32bit-2.22-61.3 glibc-devel-debuginfo-2.22-61.3 glibc-devel-debuginfo-32bit-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-32bit-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 glibc-locale-debuginfo-32bit-2.22-61.3 nscd-2.22-61.3 nscd-debuginfo-2.22-61.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glibc-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/1040043 From sle-updates at lists.suse.com Mon Jun 19 19:09:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2017 03:09:24 +0200 (CEST) Subject: SUSE-SU-2017:1621-1: important: Security update for glibc Message-ID: <20170620010924.570AD101C9@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1621-1 Rating: important References: #1039357 Cross-References: CVE-2017-1000366 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-13158=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-13158=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-glibc-13158=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-13158=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-13158=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-13158=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.109.1 glibc-devel-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.109.1 glibc-i18ndata-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 glibc-locale-2.11.3-17.109.1 glibc-profile-2.11.3-17.109.1 nscd-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.109.1 glibc-devel-32bit-2.11.3-17.109.1 glibc-locale-32bit-2.11.3-17.109.1 glibc-profile-32bit-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.109.1 glibc-profile-x86-2.11.3-17.109.1 glibc-x86-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.109.1 glibc-devel-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.109.1 glibc-i18ndata-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 glibc-locale-2.11.3-17.109.1 glibc-profile-2.11.3-17.109.1 nscd-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.109.1 glibc-devel-32bit-2.11.3-17.109.1 glibc-locale-32bit-2.11.3-17.109.1 glibc-profile-32bit-2.11.3-17.109.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.109.1 glibc-devel-2.11.3-17.109.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.109.1 glibc-i18ndata-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 glibc-locale-2.11.3-17.109.1 glibc-profile-2.11.3-17.109.1 nscd-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.109.1 glibc-debugsource-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.109.1 glibc-debugsource-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.109.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1039357 From sle-updates at lists.suse.com Tue Jun 20 04:11:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2017 12:11:35 +0200 (CEST) Subject: SUSE-SU-2017:1622-1: important: Security update for openvpn Message-ID: <20170620101135.53E48101C9@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1622-1 Rating: important References: #1038709 #1038711 #1038713 #995374 Cross-References: CVE-2016-6329 CVE-2017-7478 CVE-2017-7479 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for openvpn fixes the following issues: - CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374) - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709) - CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711) - Hardening measures found by internal audit (bsc#1038713) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-998=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-998=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-998=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openvpn-2.3.8-16.14.1 openvpn-auth-pam-plugin-2.3.8-16.14.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): openvpn-2.3.8-16.14.1 openvpn-auth-pam-plugin-2.3.8-16.14.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openvpn-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 References: https://www.suse.com/security/cve/CVE-2016-6329.html https://www.suse.com/security/cve/CVE-2017-7478.html https://www.suse.com/security/cve/CVE-2017-7479.html https://bugzilla.suse.com/1038709 https://bugzilla.suse.com/1038711 https://bugzilla.suse.com/1038713 https://bugzilla.suse.com/995374 From sle-updates at lists.suse.com Tue Jun 20 07:10:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2017 15:10:34 +0200 (CEST) Subject: SUSE-RU-2017:1624-1: Recommended update for biosdevname Message-ID: <20170620131034.E516F101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for biosdevname ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1624-1 Rating: low References: #965585 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for biosdevname provides the following fix: - Avoid duplicate naming of Mellanox-ConnectX-4 interfaces by biosdevname (bsc#965585) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-biosdevname-13159=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-biosdevname-13159=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): biosdevname-0.6.1-0.15.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): biosdevname-debuginfo-0.6.1-0.15.2 biosdevname-debugsource-0.6.1-0.15.2 References: https://bugzilla.suse.com/965585 From sle-updates at lists.suse.com Tue Jun 20 10:10:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2017 18:10:00 +0200 (CEST) Subject: SUSE-SU-2017:1626-1: important: Security update for sudo Message-ID: <20170620161000.30D78101C9@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1626-1 Rating: important References: #1034560 #1042146 Cross-References: CVE-2017-1000368 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146) Also the following non security bug was fixed: - Link the "system_group" plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1002=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1002=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1002=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1002=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1002=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 sudo-devel-1.8.10p3-10.10.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 References: https://www.suse.com/security/cve/CVE-2017-1000368.html https://bugzilla.suse.com/1034560 https://bugzilla.suse.com/1042146 From sle-updates at lists.suse.com Tue Jun 20 10:10:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2017 18:10:43 +0200 (CEST) Subject: SUSE-SU-2017:1627-1: important: Security update for sudo Message-ID: <20170620161043.56A96101C9@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1627-1 Rating: important References: #1034560 #1042146 Cross-References: CVE-2017-1000368 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following issues: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146) Also the following non security bug was fixed: - Link the "system_group" plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1001=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1001=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1001=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1001=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 References: https://www.suse.com/security/cve/CVE-2017-1000368.html https://bugzilla.suse.com/1034560 https://bugzilla.suse.com/1042146 From sle-updates at lists.suse.com Tue Jun 20 16:09:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 00:09:16 +0200 (CEST) Subject: SUSE-SU-2017:1628-1: critical: Security update for the Linux Kernel Message-ID: <20170620220916.0AD32101C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1628-1 Rating: critical References: #1018074 #1035920 #1039348 #1042921 #1043234 Cross-References: CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - fnic now returns 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic is now using rport->dd_data to check if rport is online instead of rport_lookup (bsc#1035920). - The rport check location in fnic_queuecommand_lck was corrected (bsc#1035920). - xfs: remove patches that caused regression (bsc#1043234). - mm: enlarge stack guard gap (bnc#1039348, CVE-2017-1000364, bnc#1042921). - PCI: Allow access to VPD attributes with size 0 (bsc#1018074). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-13160=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-13160=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13160=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13160=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-104.7 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-104.2 kernel-default-base-3.0.101-104.2 kernel-default-devel-3.0.101-104.2 kernel-source-3.0.101-104.2 kernel-syms-3.0.101-104.2 kernel-trace-3.0.101-104.2 kernel-trace-base-3.0.101-104.2 kernel-trace-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-104.2 kernel-ec2-base-3.0.101-104.2 kernel-ec2-devel-3.0.101-104.2 kernel-xen-3.0.101-104.2 kernel-xen-base-3.0.101-104.2 kernel-xen-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-104.2 kernel-bigmem-base-3.0.101-104.2 kernel-bigmem-devel-3.0.101-104.2 kernel-ppc64-3.0.101-104.2 kernel-ppc64-base-3.0.101-104.2 kernel-ppc64-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-104.2 kernel-pae-base-3.0.101-104.2 kernel-pae-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-104.2 kernel-default-debugsource-3.0.101-104.2 kernel-trace-debuginfo-3.0.101-104.2 kernel-trace-debugsource-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-104.2 kernel-trace-devel-debuginfo-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-104.2 kernel-ec2-debugsource-3.0.101-104.2 kernel-xen-debuginfo-3.0.101-104.2 kernel-xen-debugsource-3.0.101-104.2 kernel-xen-devel-debuginfo-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-104.2 kernel-bigmem-debugsource-3.0.101-104.2 kernel-ppc64-debuginfo-3.0.101-104.2 kernel-ppc64-debugsource-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-104.2 kernel-pae-debugsource-3.0.101-104.2 kernel-pae-devel-debuginfo-3.0.101-104.2 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1018074 https://bugzilla.suse.com/1035920 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1042921 https://bugzilla.suse.com/1043234 From sle-updates at lists.suse.com Tue Jun 20 19:09:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 03:09:42 +0200 (CEST) Subject: SUSE-RU-2017:1630-1: moderate: Recommended update for pure-ftpd Message-ID: <20170621010942.A1F8B101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for pure-ftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1630-1 Rating: moderate References: #1042690 #971980 #986520 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides pure-ftpd 1.0.43, which brings several fixes and new features. - The connection is now dropped if HTTP commands are received. - LDAP force_default_gid and force_default_uid now work as documented. - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch is now on by default, except in broken clients compatibility mode. - New command-line switch: -2/--certfile= to set the path to the certificate file when using TLS. - Support for TCP_FASTOPEN added on Linux. - The LDAP configuration file now allows a default gid without also defining a default uid. - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE) - TLS forward secrecy support was added. DH parameters are loaded from TLS_DHPARAMS_FILE, if present. ECDH is also supported and the default curve is prime256v1 (TLS_DEFAULT_ECDH_CURVE). - scrypt hashed passwords can be used in the MySQL, PostgreSQL and LDAP backends. - The -C: prefix can be added to the cipher suite in order to make valid client certificates mandatory. - The Clear Command Channel (CCC) command is now supported. - SSL (v2, v3) is refused by default. - DES-hashed passwords are not supported any more. - LDAP uid and gid values can over overridden in the LDAP configuration file. - RC4 was dropped. - Repair checkproc() on Linux when support for capabilities is compiled in. - Add support for MFMT, with the same code as SITE UTIME. - Support 2-arguments SITE UTIME. - Add LDAPDefaultHomeDirectory. - Fix quota computation after rename() overwrites an existing file. - If 10 digits are not enough to print the size of a file in an ls-like output, bump the max number of digits to 18. This adds support for files up to 1 exabyte. - Support SHA1 password hashing in MySQL and PostgreSQL backends. - Support for braces expansion in directory listings has been disabled. - Introduce --tlsciphersuite (-J) to set the list of allowed ciphers. - The -F switch has been documented in the built-in help. - Shell-like escaping is now partially handled when emulating the "ls" command. - pure-quotacheck can now work with a large number of files. - When an upload gets renamed (--autorename), send the new name to the uploadscript instead of the original one. - The ALLO command now checks for the actual disk space in addition to the virtual quota. - After an atomic resumed upload, don't append the previous file size to the quota. - Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is UTF8. - Reset the CWD failures counter after a successful directory has been created. - Allow users with no quota to delete .pureftpd-upload-* files. - Properly change the process name on Linux when the -S option is used. - Restore the traditional behavior of a download restarting at the end of a file. - Refuse empty passwords in LDAP bind mode. - LDAP authentication through binding is now possible in addition to passwords. - Almost a complete rewrite of the upload, download and TLS code for more reliability. - Don't use atomic uploads unless --notruncate or --autorename have been enabled. - List up to 10000 files per directory per default instead of 2000. - Quota handling reworked. - RNTO support even when quota are enabled. - Don't change the TCP window size. - Privsep is now enabled by default. For a comprehensive list of changes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-pure-ftpd-13161=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pure-ftpd-13161=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): pure-ftpd-1.0.43-29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pure-ftpd-debuginfo-1.0.43-29.1 pure-ftpd-debugsource-1.0.43-29.1 References: https://bugzilla.suse.com/1042690 https://bugzilla.suse.com/971980 https://bugzilla.suse.com/986520 From sle-updates at lists.suse.com Wed Jun 21 04:09:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 12:09:37 +0200 (CEST) Subject: SUSE-RU-2017:1631-1: moderate: Recommended update for openldap2 Message-ID: <20170621100937.8A3FF101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1631-1 Rating: moderate References: #1043101 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issues: A seperate openldap2-client-openssl1 package is being split out, which contains the ldap commandline client tools in TLS 1.2 enabled variants. These previously lived directly in the library package, which lead to confusion. (bsc#1043101) These binaries can be found in /opt/suse/bin/ldap* Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openldap2-13163=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openldap2-13163=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openldap2-13163=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openldap2-13163=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): openldap2-back-perl-2.4.26-0.73.1 openldap2-devel-2.4.26-0.73.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): openldap2-devel-32bit-2.4.26-0.73.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): openldap2-2.4.26-0.73.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.73.1 libldap-2_4-2-2.4.26-0.73.1 openldap2-2.4.26-0.73.1 openldap2-back-meta-2.4.26-0.73.1 openldap2-client-2.4.26-0.73.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.73.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libldap-2_4-2-x86-2.4.26-0.73.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libldap-openssl1-2_4-2-2.4.26-0.73.1 openldap2-client-openssl1-2.4.26-0.73.1 openldap2-openssl1-2.4.26-0.73.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libldap-openssl1-2_4-2-32bit-2.4.26-0.73.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libldap-openssl1-2_4-2-x86-2.4.26-0.73.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.73.1 openldap2-client-debugsource-2.4.26-0.73.1 openldap2-debuginfo-2.4.26-0.73.1 openldap2-debugsource-2.4.26-0.73.1 References: https://bugzilla.suse.com/1043101 From sle-updates at lists.suse.com Wed Jun 21 04:10:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 12:10:05 +0200 (CEST) Subject: SUSE-SU-2017:1632-1: important: Security update for tomcat6 Message-ID: <20170621101005.0E5A5101C9@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1632-1 Rating: important References: #1007853 #1007854 #1007855 #1007857 #1007858 #1011805 #1011812 #1015119 #1033448 #1036642 #988489 Cross-References: CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for tomcat6 fixes the following issues: Tomcat was updated to version 6.0.53: The full changelog is: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security issues fixed: - CVE-2017-5647: A bug in the handling of pipelined requests could lead to information disclosure (bsc#1036642) - CVE-2016-8745: Regression in the error handling methods could lead to information disclosure (bsc#1015119) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5388: an arbitrary HTTP_PROXY environment variable might allow remote attackers to redirect outbound HTTP traffic (bsc#988489) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tomcat6-13162=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-tomcat6-13162=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tomcat6-13162=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): tomcat6-6.0.53-0.56.1 tomcat6-admin-webapps-6.0.53-0.56.1 tomcat6-docs-webapp-6.0.53-0.56.1 tomcat6-javadoc-6.0.53-0.56.1 tomcat6-jsp-2_1-api-6.0.53-0.56.1 tomcat6-lib-6.0.53-0.56.1 tomcat6-servlet-2_5-api-6.0.53-0.56.1 tomcat6-webapps-6.0.53-0.56.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): tomcat6-6.0.53-0.56.1 tomcat6-admin-webapps-6.0.53-0.56.1 tomcat6-docs-webapp-6.0.53-0.56.1 tomcat6-javadoc-6.0.53-0.56.1 tomcat6-jsp-2_1-api-6.0.53-0.56.1 tomcat6-lib-6.0.53-0.56.1 tomcat6-servlet-2_5-api-6.0.53-0.56.1 tomcat6-webapps-6.0.53-0.56.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): tomcat6-6.0.53-0.56.1 tomcat6-admin-webapps-6.0.53-0.56.1 tomcat6-docs-webapp-6.0.53-0.56.1 tomcat6-javadoc-6.0.53-0.56.1 tomcat6-jsp-2_1-api-6.0.53-0.56.1 tomcat6-lib-6.0.53-0.56.1 tomcat6-servlet-2_5-api-6.0.53-0.56.1 tomcat6-webapps-6.0.53-0.56.1 References: https://www.suse.com/security/cve/CVE-2016-0762.html https://www.suse.com/security/cve/CVE-2016-5018.html https://www.suse.com/security/cve/CVE-2016-5388.html https://www.suse.com/security/cve/CVE-2016-6794.html https://www.suse.com/security/cve/CVE-2016-6796.html https://www.suse.com/security/cve/CVE-2016-6797.html https://www.suse.com/security/cve/CVE-2016-6816.html https://www.suse.com/security/cve/CVE-2016-8735.html https://www.suse.com/security/cve/CVE-2016-8745.html https://www.suse.com/security/cve/CVE-2017-5647.html https://bugzilla.suse.com/1007853 https://bugzilla.suse.com/1007854 https://bugzilla.suse.com/1007855 https://bugzilla.suse.com/1007857 https://bugzilla.suse.com/1007858 https://bugzilla.suse.com/1011805 https://bugzilla.suse.com/1011812 https://bugzilla.suse.com/1015119 https://bugzilla.suse.com/1033448 https://bugzilla.suse.com/1036642 https://bugzilla.suse.com/988489 From sle-updates at lists.suse.com Wed Jun 21 10:10:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:10:31 +0200 (CEST) Subject: SUSE-RU-2017:1634-1: Recommended update for sblim-sfcb Message-ID: <20170621161031.C2F6C101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1634-1 Rating: low References: #1041885 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sblim-sfcb provides the following fixes: - Create clist.pem as a symbolic link to already existing server.pem if it does not exist. This is needed for upgrades from SLE 11-SP4 versions that did not use this certificate. - Re-introduce symbolic link for legacy cmpi-provider-register for upgrades from SLE 11. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1016=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1016=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1016=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sblim-sfcb-1.4.8-16.1 sblim-sfcb-debuginfo-1.4.8-16.1 sblim-sfcb-debugsource-1.4.8-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sblim-sfcb-1.4.8-16.1 sblim-sfcb-debuginfo-1.4.8-16.1 sblim-sfcb-debugsource-1.4.8-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sblim-sfcb-1.4.8-16.1 sblim-sfcb-debuginfo-1.4.8-16.1 sblim-sfcb-debugsource-1.4.8-16.1 References: https://bugzilla.suse.com/1041885 From sle-updates at lists.suse.com Wed Jun 21 10:11:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:11:05 +0200 (CEST) Subject: SUSE-SU-2017:1635-1: important: Security update for openvpn Message-ID: <20170621161105.1A93B101CA@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1635-1 Rating: important References: #1044947 Cross-References: CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openvpn fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a (quite inefficient) DoS attack on the server. [bsc#1044947, CVE-2017-7521] - The ASN1 parsing code contained a bug that could have resulted in some buffers being free()d twice, and this issue could have potentially been triggered remotely by a VPN peer. [bsc#1044947, CVE-2017-7521] - If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker between client and proxy could cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory was likely to contain the proxy password. If the proxy password had not been reused, this was unlikely to compromise the security of the OpenVPN tunnel itself. Clients who did not use the --http-proxy option with ntlm2 authentication were not affected. [bsc#1044947, CVE-2017-7520] - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1011=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1011=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1011=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1011=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1011=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1011=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1011=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1011=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openvpn-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 References: https://www.suse.com/security/cve/CVE-2017-7508.html https://www.suse.com/security/cve/CVE-2017-7520.html https://www.suse.com/security/cve/CVE-2017-7521.html https://bugzilla.suse.com/1044947 From sle-updates at lists.suse.com Wed Jun 21 10:11:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:11:37 +0200 (CEST) Subject: SUSE-RU-2017:1636-1: Recommended update for rpmlint Message-ID: <20170621161137.53DC7101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1636-1 Rating: low References: #1027577 #1044280 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes rpmlint to accept uppercase logical operators in RPM license tags. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1009=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): rpmlint-1.5-37.3.1 References: https://bugzilla.suse.com/1027577 https://bugzilla.suse.com/1044280 From sle-updates at lists.suse.com Wed Jun 21 10:12:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:12:19 +0200 (CEST) Subject: SUSE-RU-2017:1637-1: Recommended update for sapconf Message-ID: <20170621161219.6B122101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1637-1 Rating: low References: #1043841 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes sapconf to require sapinit-systemd-compat, preventing SAP systems from being stopped every time the SAP Host Agent is restarted. (bsc#1043841) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1017=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1017=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): sapconf-4.0-8.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): sapconf-4.0-8.3.1 References: https://bugzilla.suse.com/1043841 From sle-updates at lists.suse.com Wed Jun 21 10:13:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:13:28 +0200 (CEST) Subject: SUSE-RU-2017:1639-1: Recommended update for kernel-firmware Message-ID: <20170621161328.D35FE101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1639-1 Rating: low References: #1022054 #1024459 #1039310 #1039785 #1041354 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update provides kernel-firmware 20170530, which brings new versions of firmwares for several devices: - Liquidio v1.5.1 - Marvell SD8887, SD8897-B0, USB8997 - wil6210 4.1.0.55 - Chelsio cxgb4 1.16.45.0 - Intel Omni Path (OPA) - Intel SST BYT/BSW, Intel SKL/BXT/KBL audio - Intel BT 7265 (C0/D0), 7265 (D1), 7260 (B3/B4/B5/B6), 8260 and 8265 - qed FW 8.10.5.0, 8.10.10.0, 8.20.0.0 - BRCM4356/4358, RTL8723BE/RTL8821AE, wl127x/wl128x - cxgb4 1.16.26.0, MT8173 VPU, rockchip dptx v3.1 - Radeon SMC, Marvell PCIe8997, ath10k QCA4019 hw1.0, QCA9887 hw1.0 - QCA9888 hw2.0, QCA9984 hw1.0, QCA988X hw2.0 and QCA6174 - rt2870sta, rt3071.bin, rtl8822be - i915 DMC 1.23 xhci-rcar R-Car H3 and M3-W - usbdux, usbduxsigma - NVidia GP100 - iwlwifi -17 and -22 for Windstorm Peak. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1010=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1010=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1010=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-firmware-20170530-21.7.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-firmware-20170530-21.7.1 ucode-amd-20170530-21.7.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-firmware-20170530-21.7.1 ucode-amd-20170530-21.7.1 References: https://bugzilla.suse.com/1022054 https://bugzilla.suse.com/1024459 https://bugzilla.suse.com/1039310 https://bugzilla.suse.com/1039785 https://bugzilla.suse.com/1041354 From sle-updates at lists.suse.com Wed Jun 21 10:14:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:14:32 +0200 (CEST) Subject: SUSE-RU-2017:1640-1: moderate: Recommended update for SUSE Manager Proxy 3.0 Message-ID: <20170621161432.A2766101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1640-1 Rating: moderate References: #1029350 #1033825 #1035015 #1035633 #1036268 #1037355 #1037635 #1037828 #1038858 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-backend: - Don't let disabled user log in. - Fix relative imports and update Copyright date. (bsc#1037635) - Rename incomplete_package_import to package_import_skip_changelog. - Spacewalk-backend should require the exact version of spacewalk-backend-libs. (bsc#1037635) spacewalk-certs-tools: - Update openssl on bootstrap. (bsc#1037828) - Setup bootstrap repository also when no packages are missing. - Update important packages before registration. (bsc#1037355) spacewalk-proxy: - On package upgrade move mgrsshtunnel home to /var/lib/spacewalk. - Change mgrsshtunnel user home to /var/lib/spacewalk. - Fix starting/stopping services rhn-proxy. (bsc#1038858) - Don't append to parent key response to authorized_keys on http error. (bsc#1035015) spacewalk-web: - Set SUSE Manager version to 3.0.6. - Allow dot character '.' for activation key. (bsc#1035633) susemanager-sls: - Add missing file name attribute to yum plugin state. - Use include instead of state.apply channels to fix salt-ssh issue. (bsc#1036268) - Fix pkgset beacon. (bsc#1029350) - Encode formula to string. (bsc#1033825) - Update basic packages when bootstrapping with salt. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-1015=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (noarch): spacewalk-backend-2.5.24.10-25.1 spacewalk-backend-libs-2.5.24.10-25.1 spacewalk-base-minimal-2.5.7.16-24.1 spacewalk-base-minimal-config-2.5.7.16-24.1 spacewalk-certs-tools-2.5.1.9-20.1 spacewalk-proxy-broker-2.5.1.8-19.1 spacewalk-proxy-common-2.5.1.8-19.1 spacewalk-proxy-management-2.5.1.8-19.1 spacewalk-proxy-package-manager-2.5.1.8-19.1 spacewalk-proxy-redirect-2.5.1.8-19.1 spacewalk-proxy-salt-2.5.1.8-19.1 susemanager-sls-0.1.21-26.1 References: https://bugzilla.suse.com/1029350 https://bugzilla.suse.com/1033825 https://bugzilla.suse.com/1035015 https://bugzilla.suse.com/1035633 https://bugzilla.suse.com/1036268 https://bugzilla.suse.com/1037355 https://bugzilla.suse.com/1037635 https://bugzilla.suse.com/1037828 https://bugzilla.suse.com/1038858 From sle-updates at lists.suse.com Wed Jun 21 10:16:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:16:39 +0200 (CEST) Subject: SUSE-RU-2017:1641-1: Recommended update for rpmlint Message-ID: <20170621161639.86C77101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1641-1 Rating: low References: #1027577 #1044280 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes rpmlint to accept uppercase logical operators in RPM license tags. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-rpmlint-13165=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): rpmlint-0.84-8.29.2 References: https://bugzilla.suse.com/1027577 https://bugzilla.suse.com/1044280 From sle-updates at lists.suse.com Wed Jun 21 10:17:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:17:16 +0200 (CEST) Subject: SUSE-SU-2017:1642-1: important: Security update for openvpn Message-ID: <20170621161716.6322F101CA@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1642-1 Rating: important References: #1044947 Cross-References: CVE-2017-7508 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvpn fixes the following issues: - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openvpn-13166=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openvpn-13166=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openvpn-13166=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openvpn-13166=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openvpn-13166=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openvpn-2.0.9-143.46.1 openvpn-auth-pam-plugin-2.0.9-143.46.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): openvpn-2.0.9-143.46.1 openvpn-auth-pam-plugin-2.0.9-143.46.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openvpn-2.0.9-143.46.1 openvpn-auth-pam-plugin-2.0.9-143.46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openvpn-debuginfo-2.0.9-143.46.1 openvpn-debugsource-2.0.9-143.46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openvpn-debuginfo-2.0.9-143.46.1 openvpn-debugsource-2.0.9-143.46.1 References: https://www.suse.com/security/cve/CVE-2017-7508.html https://bugzilla.suse.com/1044947 From sle-updates at lists.suse.com Wed Jun 21 10:17:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:17:42 +0200 (CEST) Subject: SUSE-RU-2017:1643-1: Recommended update for sapconf Message-ID: <20170621161742.D0258101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1643-1 Rating: low References: #1043841 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes sapconf to require sapinit-systemd-compat, preventing SAP systems from being stopped every time the SAP Host Agent is restarted. (bsc#1043841) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1018=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1018=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1018=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): sapconf-4.1.6-18.9.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): sapconf-4.1.6-18.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): sapconf-4.1.6-18.9.1 References: https://bugzilla.suse.com/1043841 From sle-updates at lists.suse.com Wed Jun 21 10:18:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:18:14 +0200 (CEST) Subject: SUSE-RU-2017:1644-1: Recommended update for cmpi-provider-register Message-ID: <20170621161814.4CBFC101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for cmpi-provider-register ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1644-1 Rating: low References: #1041885 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cmpi-provider-register adapts sfcb_init_script to SLE 12 SP2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1014=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1014=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1014=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): cmpi-provider-register-1.0.1-6.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): cmpi-provider-register-1.0.1-6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): cmpi-provider-register-1.0.1-6.1 References: https://bugzilla.suse.com/1041885 From sle-updates at lists.suse.com Wed Jun 21 10:18:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:18:41 +0200 (CEST) Subject: SUSE-RU-2017:1645-1: moderate: Recommended update for SUSE Manager Server 3.0 Message-ID: <20170621161841.99686101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1645-1 Rating: moderate References: #1013876 #1019672 #1020852 #1025761 #1029350 #1029840 #1031716 #1032286 #1032380 #1032798 #1033341 #1033825 #1033889 #1034837 #1035633 #1035724 #1036268 #1037355 #1037635 #1037736 #1037828 #1038027 #1039286 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has 23 recommended fixes can now be installed. Description: This update fixes the following issues: locale-formula: - Remove documentation links which point to developer-only wiki. (bsc#1033341) salt-netapi-client: - Fix sending kwarg in payload in RunnerCall. spacecmd: - Remove get_certificateexpiration support in spacecmd. (bsc#1013876) spacewalk-backend: - Don't let disabled user log in. - Fix relative imports and update Copyright date. (bsc#1037635) - Rename incomplete_package_import to package_import_skip_changelog. - Spacewalk-backend should require the exact version of spacewalk-backend-libs. (bsc#1037635) spacewalk-certs-tools: - Update openssl on bootstrap. (bsc#1037828) - Setup bootstrap repository also when no packages are missing. - Update important packages before registration. (bsc#1037355) spacewalk-config: - Rename incomplete_package_import to package_import_skip_changelog. - Document Incomplete_package_import, Java.message_queue_thread_pool_size, salt_presence_ping_timeout and salt_presence_ping_gather_job_timeout in man page. spacewalk-java: - Fix race condition for preview websocket messages in remote commands page. - Enable pkgset beacon for all SUSE OS distributions. (bsc#1032286) - Add info about base products to json input for subscription-matcher. - Add product class info to the json input for the subscription-matcher. (bsc#1031716) - Change mgrsshtunnel user home to /var/lib/spacewalk. - Make schedule notification links consistent for actions for a single system. (bsc#1039286) - Lookup functions should return every minion only one time. - Store temporary roster in configured location. (bsc#1019672) - Avoid System.out for logging. - Allow dot character '.' for activation key. (bsc#1035633) - Use the util method when checking whether minion is ssh push-like. - Change contact method for bootstrap script and ssh-push. (bsc#1020852) - SSM Task Log: make title coherent with menu item. - Hide lock for Salt servers. (bsc#1032380) - Parse old and new return structure of spmigration return event. - Parse result of SP migration Dry Run correctly. (bsc#1034837) - Prevent possible null pointer exception when installed products could not be found. (bsc#1034837) - Added the following missing references to the changelog: bsc#1033889, bsc#1025761, bsc#1029840 spacewalk-web: - Set SUSE Manager version to 3.0.6. - Allow dot character '.' for activation key. (bsc#1035633) susemanager: - Add openssl to bootstrap repositories. (bsc#1037828) - Add some basic packages to RES bootstrap repository. (bsc#1037355) - Add python-backports-ssl_match_hostname to RES7 bootstrap repository. (bsc#1038027) susemanager-schema: - Add base column to suseProducts. - Add channel_family_id column to suseProducts. (bsc#1031716) - Recreate possible missing data. (bsc#1032798) - Take care that capability name exists. (bsc#1035724) - Add logging to can_entitle_server function to write out the reason of a failure. (bsc#1032798) susemanager-sls: - Add missing file name attribute to yum plugin state. - Use include instead of state.apply channels to fix salt-ssh issue. (bsc#1036268) - Fix pkgset beacon. (bsc#1029350) - Encode formula to string. (bsc#1033825) - Update basic packages when bootstrapping with salt. susemanager-sync-data: - Add support for SLES12 SP1 LTSS. (bsc#1037736) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1015=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): locale-formula-0.2-5.1 salt-netapi-client-0.11.1-15.1 spacecmd-2.5.5.6-15.1 spacewalk-backend-2.5.24.10-25.1 spacewalk-backend-app-2.5.24.10-25.1 spacewalk-backend-applet-2.5.24.10-25.1 spacewalk-backend-config-files-2.5.24.10-25.1 spacewalk-backend-config-files-common-2.5.24.10-25.1 spacewalk-backend-config-files-tool-2.5.24.10-25.1 spacewalk-backend-iss-2.5.24.10-25.1 spacewalk-backend-iss-export-2.5.24.10-25.1 spacewalk-backend-libs-2.5.24.10-25.1 spacewalk-backend-package-push-server-2.5.24.10-25.1 spacewalk-backend-server-2.5.24.10-25.1 spacewalk-backend-sql-2.5.24.10-25.1 spacewalk-backend-sql-oracle-2.5.24.10-25.1 spacewalk-backend-sql-postgresql-2.5.24.10-25.1 spacewalk-backend-tools-2.5.24.10-25.1 spacewalk-backend-xml-export-libs-2.5.24.10-25.1 spacewalk-backend-xmlrpc-2.5.24.10-25.1 spacewalk-base-2.5.7.16-24.1 spacewalk-base-minimal-2.5.7.16-24.1 spacewalk-base-minimal-config-2.5.7.16-24.1 spacewalk-certs-tools-2.5.1.9-20.1 spacewalk-config-2.5.2.7-12.1 spacewalk-html-2.5.7.16-24.1 spacewalk-java-2.5.59.15-26.1 spacewalk-java-config-2.5.59.15-26.1 spacewalk-java-lib-2.5.59.15-26.1 spacewalk-java-oracle-2.5.59.15-26.1 spacewalk-java-postgresql-2.5.59.15-26.1 spacewalk-taskomatic-2.5.59.15-26.1 susemanager-schema-3.0.20-24.1 susemanager-sls-0.1.21-26.1 susemanager-sync-data-3.0.17-27.1 - SUSE Manager Server 3.0 (x86_64): susemanager-3.0.22-24.1 susemanager-tools-3.0.22-24.1 References: https://bugzilla.suse.com/1013876 https://bugzilla.suse.com/1019672 https://bugzilla.suse.com/1020852 https://bugzilla.suse.com/1025761 https://bugzilla.suse.com/1029350 https://bugzilla.suse.com/1029840 https://bugzilla.suse.com/1031716 https://bugzilla.suse.com/1032286 https://bugzilla.suse.com/1032380 https://bugzilla.suse.com/1032798 https://bugzilla.suse.com/1033341 https://bugzilla.suse.com/1033825 https://bugzilla.suse.com/1033889 https://bugzilla.suse.com/1034837 https://bugzilla.suse.com/1035633 https://bugzilla.suse.com/1035724 https://bugzilla.suse.com/1036268 https://bugzilla.suse.com/1037355 https://bugzilla.suse.com/1037635 https://bugzilla.suse.com/1037736 https://bugzilla.suse.com/1037828 https://bugzilla.suse.com/1038027 https://bugzilla.suse.com/1039286 From sle-updates at lists.suse.com Wed Jun 21 10:23:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:23:30 +0200 (CEST) Subject: SUSE-RU-2017:1646-1: Recommended update for biosdevname Message-ID: <20170621162330.85E60101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for biosdevname ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1646-1 Rating: low References: #1042187 Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for biosdevname provides the following fixes: - Do not rename non-Ethernet network interfaces. (bsc#1042187) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1013=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1013=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP2 (x86_64): biosdevname-0.7.2-7.3 biosdevname-debuginfo-0.7.2-7.3 biosdevname-debugsource-0.7.2-7.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): biosdevname-0.7.2-7.3 biosdevname-debuginfo-0.7.2-7.3 biosdevname-debugsource-0.7.2-7.3 References: https://bugzilla.suse.com/1042187 From sle-updates at lists.suse.com Thu Jun 22 07:09:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2017 15:09:27 +0200 (CEST) Subject: SUSE-RU-2017:1648-1: Recommended update for rsyslog Message-ID: <20170622130927.CDD75101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1648-1 Rating: low References: #1041210 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog provides the following fix: - Don't not use cached timestamp for actionSuspend (bsc#1041210) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-rsyslog-13167=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-rsyslog-13167=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsyslog-5.10.1-0.13.1 rsyslog-diag-tools-5.10.1-0.13.1 rsyslog-doc-5.10.1-0.13.1 rsyslog-module-gssapi-5.10.1-0.13.1 rsyslog-module-gtls-5.10.1-0.13.1 rsyslog-module-mysql-5.10.1-0.13.1 rsyslog-module-pgsql-5.10.1-0.13.1 rsyslog-module-relp-5.10.1-0.13.1 rsyslog-module-snmp-5.10.1-0.13.1 rsyslog-module-udpspoof-5.10.1-0.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsyslog-debuginfo-5.10.1-0.13.1 rsyslog-debugsource-5.10.1-0.13.1 References: https://bugzilla.suse.com/1041210 From sle-updates at lists.suse.com Thu Jun 22 13:10:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2017 21:10:01 +0200 (CEST) Subject: SUSE-RU-2017:1652-1: Recommended update for SUSEConnect, libzypp, yast2-pkg-bindings, zypper Message-ID: <20170622191001.C5BA6101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect, libzypp, yast2-pkg-bindings, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1652-1 Rating: low References: #1032152 #1032259 #1037210 #1037783 #1041889 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The Software Update Stack was updated to receive fixes and enhancements. SUSEConnect: - Fix license auto-agreement support. (bsc#1037783) zypper: - Accept --auto-agree-with-product-licenses from SUSEConnect. (bsc#1037783) - Describe supported SSL related URL options in man page. (bsc#1032152) yast2-pkg-bindings: - Fix pkgGpgCheck callback crashing when reporting SrcPackages. (bsc#1037210) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1024=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1024=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): zypper-log-1.11.65-2.61.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): SUSEConnect-0.3.1-9.30.1 libzypp-14.45.4-2.65.4 libzypp-debuginfo-14.45.4-2.65.4 libzypp-debugsource-14.45.4-2.65.4 yast2-pkg-bindings-3.1.20.4-14.1 yast2-pkg-bindings-debuginfo-3.1.20.4-14.1 yast2-pkg-bindings-debugsource-3.1.20.4-14.1 zypper-1.11.65-2.61.1 zypper-debuginfo-1.11.65-2.61.1 zypper-debugsource-1.11.65-2.61.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.1-9.30.1 libzypp-14.45.4-2.65.4 libzypp-debuginfo-14.45.4-2.65.4 libzypp-debugsource-14.45.4-2.65.4 yast2-pkg-bindings-3.1.20.4-14.1 yast2-pkg-bindings-debuginfo-3.1.20.4-14.1 yast2-pkg-bindings-debugsource-3.1.20.4-14.1 zypper-1.11.65-2.61.1 zypper-debuginfo-1.11.65-2.61.1 zypper-debugsource-1.11.65-2.61.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): zypper-log-1.11.65-2.61.1 References: https://bugzilla.suse.com/1032152 https://bugzilla.suse.com/1032259 https://bugzilla.suse.com/1037210 https://bugzilla.suse.com/1037783 https://bugzilla.suse.com/1041889 From sle-updates at lists.suse.com Thu Jun 22 13:11:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2017 21:11:07 +0200 (CEST) Subject: SUSE-RU-2017:1653-1: Recommended update for SUSEConnect, libzypp, yast2-pkg-bindings, zypper Message-ID: <20170622191107.6325C101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect, libzypp, yast2-pkg-bindings, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1653-1 Rating: low References: #1021117 #1032152 #1032259 #1037210 #1037783 #1041889 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: The Software Update Stack was updated to receive fixes and enhancements. SUSEConnect: - Fix license auto-agreement support. (bsc#1037783) zypper: - Accept --auto-agree-with-product-licenses from SUSEConnect. (bsc#1037783) - Describe supported SSL related URL options in man page. (bsc#1032152) yast2-pkg-bindings: - Fix pkgGpgCheck callback crashing when reporting SrcPackages. (bsc#1037210) - Fix failure when trying to save a plugin service. (bsc#1021117) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1023=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1023=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): SUSEConnect-0.3.1-17.11.1 libzypp-15.25.0-45.1 libzypp-debuginfo-15.25.0-45.1 libzypp-debugsource-15.25.0-45.1 yast2-pkg-bindings-3.1.31.3-2.8.1 yast2-pkg-bindings-debuginfo-3.1.31.3-2.8.1 yast2-pkg-bindings-debugsource-3.1.31.3-2.8.1 zypper-1.12.53-45.1 zypper-debuginfo-1.12.53-45.1 zypper-debugsource-1.12.53-45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): zypper-log-1.12.53-45.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.1-17.11.1 libzypp-15.25.0-45.1 libzypp-debuginfo-15.25.0-45.1 libzypp-debugsource-15.25.0-45.1 yast2-pkg-bindings-3.1.31.3-2.8.1 yast2-pkg-bindings-debuginfo-3.1.31.3-2.8.1 yast2-pkg-bindings-debugsource-3.1.31.3-2.8.1 zypper-1.12.53-45.1 zypper-debuginfo-1.12.53-45.1 zypper-debugsource-1.12.53-45.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): zypper-log-1.12.53-45.1 References: https://bugzilla.suse.com/1021117 https://bugzilla.suse.com/1032152 https://bugzilla.suse.com/1032259 https://bugzilla.suse.com/1037210 https://bugzilla.suse.com/1037783 https://bugzilla.suse.com/1041889 From sle-updates at lists.suse.com Thu Jun 22 13:13:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2017 21:13:11 +0200 (CEST) Subject: SUSE-RU-2017:1657-1: moderate: Recommended update for SUSEConnect, libzypp, yast2-pkg-bindings, zypper Message-ID: <20170622191311.42E41101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect, libzypp, yast2-pkg-bindings, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1657-1 Rating: moderate References: #1017267 #1017486 #1021117 #1028661 #1030686 #1031093 #1032152 #1032259 #1032279 #1032632 #1035344 #1035729 #1037210 #1037254 #1037783 #1041889 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 16 recommended fixes can now be installed. Description: The Software Update Stack was updated to receive fixes and enhancements. SUSEConnect: - Fix license auto-agreement support. (bsc#1037783) libzypp: - Use a common workflow for downloading packages and source packages. This includes a common way of handling and reporting gpg signature and checks. (bsc#1037210) - Treat explicit queries for 'kind:name' correctly. (bsc#1035729) - Add API to control resolver job to update all packages. (fate#320653) - Remove legacy vendor equivalence between 'suse' and 'opensuse'. (bsc#1030686) - Allow temporary repositories to control their metadata directories. (bsc#1032632) - Recognize license tarball in rpmmd repositories. (fate#316159) - Fix media verification to properly propagate media access errors. (bsc#1031093) - Fix invalidation of PoolItems if Pool IDs are reused. (bsc#1028661) zypper: - Accept --auto-agree-with-product-licenses from SUSEConnect. (bsc#1037783) - Add hint about possibly missing plugin package when handling unknown commands. (bsc#1037254) - Tag packages installed by user request as 'i+' on search output. - Fix crash when non-package types are passed as argument. (bsc#1037210) - Use a common definition for common solver options. (bsc#1017486) - Fix translation shortcut error. (bsc#1035344) - Add --with-update option to "zypper patch" to install also plain package updates. This is basically the same as running "zypper update" afterwards. (fate#320653) - Remove legacy vendor equivalence between 'suse' and 'opensuse'. (bsc#1030686) - Fix crash when exiting after pressing CTRL-C quickly twice or more. (bsc#1032279) - Use private temporary repository for --plus-repo. (bsc#1032632, bsc#1017267) - Use private temporary repository to collect rpms passed on the command line. (bsc#1032632) - Allow --plus-content to temporarily enable repositories by alias/number. - Recognize --plus-content repositories. (fate#319486) - Describe supported SSL related URL options in man page. (bsc#1032152) yast2-pkg-bindings: - Fix pkgGpgCheck callback crashing when reporting SrcPackages. (bsc#1037210) - Fix failure when trying to save a plugin service. (bsc#1021117) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1022=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1022=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1022=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1022=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1022=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libzypp-debuginfo-16.12.0-27.14.5 libzypp-debugsource-16.12.0-27.14.5 libzypp-devel-16.12.0-27.14.5 libzypp-devel-doc-16.12.0-27.14.5 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): yast2-pkg-bindings-devel-doc-3.1.36-6.5.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): SUSEConnect-0.3.1-19.11.2 libzypp-16.12.0-27.14.5 libzypp-debuginfo-16.12.0-27.14.5 libzypp-debugsource-16.12.0-27.14.5 yast2-pkg-bindings-3.1.36-6.5.5 yast2-pkg-bindings-debuginfo-3.1.36-6.5.5 yast2-pkg-bindings-debugsource-3.1.36-6.5.5 zypper-1.13.28-18.8.5 zypper-debuginfo-1.13.28-18.8.5 zypper-debugsource-1.13.28-18.8.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): zypper-log-1.13.28-18.8.5 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): SUSEConnect-0.3.1-19.11.2 libzypp-16.12.0-27.14.5 libzypp-debuginfo-16.12.0-27.14.5 libzypp-debugsource-16.12.0-27.14.5 yast2-pkg-bindings-3.1.36-6.5.5 yast2-pkg-bindings-debuginfo-3.1.36-6.5.5 yast2-pkg-bindings-debugsource-3.1.36-6.5.5 zypper-1.13.28-18.8.5 zypper-debuginfo-1.13.28-18.8.5 zypper-debugsource-1.13.28-18.8.5 - SUSE Linux Enterprise Server 12-SP2 (noarch): zypper-log-1.13.28-18.8.5 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): zypper-log-1.13.28-18.8.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): SUSEConnect-0.3.1-19.11.2 libzypp-16.12.0-27.14.5 libzypp-debuginfo-16.12.0-27.14.5 libzypp-debugsource-16.12.0-27.14.5 yast2-pkg-bindings-3.1.36-6.5.5 yast2-pkg-bindings-debuginfo-3.1.36-6.5.5 yast2-pkg-bindings-debugsource-3.1.36-6.5.5 zypper-1.13.28-18.8.5 zypper-debuginfo-1.13.28-18.8.5 zypper-debugsource-1.13.28-18.8.5 - OpenStack Cloud Magnum Orchestration 7 (x86_64): SUSEConnect-0.3.1-19.11.2 libzypp-16.12.0-27.14.5 libzypp-debuginfo-16.12.0-27.14.5 libzypp-debugsource-16.12.0-27.14.5 zypper-1.13.28-18.8.5 zypper-debuginfo-1.13.28-18.8.5 zypper-debugsource-1.13.28-18.8.5 References: https://bugzilla.suse.com/1017267 https://bugzilla.suse.com/1017486 https://bugzilla.suse.com/1021117 https://bugzilla.suse.com/1028661 https://bugzilla.suse.com/1030686 https://bugzilla.suse.com/1031093 https://bugzilla.suse.com/1032152 https://bugzilla.suse.com/1032259 https://bugzilla.suse.com/1032279 https://bugzilla.suse.com/1032632 https://bugzilla.suse.com/1035344 https://bugzilla.suse.com/1035729 https://bugzilla.suse.com/1037210 https://bugzilla.suse.com/1037254 https://bugzilla.suse.com/1037783 https://bugzilla.suse.com/1041889 From sle-updates at lists.suse.com Thu Jun 22 19:09:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2017 03:09:54 +0200 (CEST) Subject: SUSE-RU-2017:1659-1: Recommended update for xfsprogs Message-ID: <20170623010954.97CC9101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1659-1 Rating: low References: #1034045 #1037376 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xfsprogs provides the following fixes: - Moved dracut files to accommodate JeOS (bsc#1037376). - Don't call xfs_sb_quota_from_disk twice in xfs_repair(8). (bsc#1034045) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1025=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1025=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1025=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1025=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): xfsprogs-debuginfo-4.3.0-12.1 xfsprogs-debugsource-4.3.0-12.1 xfsprogs-devel-4.3.0-12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): xfsprogs-4.3.0-12.1 xfsprogs-debuginfo-4.3.0-12.1 xfsprogs-debugsource-4.3.0-12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): xfsprogs-4.3.0-12.1 xfsprogs-debuginfo-4.3.0-12.1 xfsprogs-debugsource-4.3.0-12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xfsprogs-4.3.0-12.1 xfsprogs-debuginfo-4.3.0-12.1 xfsprogs-debugsource-4.3.0-12.1 References: https://bugzilla.suse.com/1034045 https://bugzilla.suse.com/1037376 From sle-updates at lists.suse.com Fri Jun 23 07:09:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2017 15:09:54 +0200 (CEST) Subject: SUSE-SU-2017:1660-1: important: Security update for tomcat Message-ID: <20170623130954.AD543101CA@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1660-1 Rating: important References: #1007853 #1007854 #1007855 #1007857 #1007858 #1011805 #1011812 #1015119 #1033447 #1033448 #986359 #988489 Cross-References: CVE-2016-0762 CVE-2016-3092 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 CVE-2017-5648 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: Tomcat was updated to version 7.0.78, fixing various bugs and security issues. For full details see https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2016-0762: A realm timing attack in tomcat was fixed which could disclose existence of users (bsc#1007854) - CVE-2016-3092: Usage of vulnerable FileUpload package could have resulted in denial of service (bsc#986359) - CVE-2016-5018: A security manager bypass via a Tomcat utility method that was accessible to web applications was fixed. (bsc#1007855) - CVE-2016-5388: Setting HTTP_PROXY environment variable via Proxy header (bsc#988489) - CVE-2016-6794: A tomcat system property disclosure was fixed. (bsc#1007857) - CVE-2016-6796: A tomcat security manager bypass via manipulation of the configuration parameters for the JSP Servlet. (bsc#1007858) - CVE-2016-6797: A tomcat unrestricted access to global resources via ResourceLinkFactory was fixed. (bsc#1007853) - CVE-2016-6816: A HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests was fixed. (bsc#1011812) - CVE-2016-8735: A Remote code execution vulnerability in JmxRemoteLifecycleListener was fixed (bsc#1011805) - CVE-2016-8745: A Tomcat Information Disclosure in the error handling of send file code for the NIO HTTP connector was fixed. (bsc#1015119) - CVE-2017-5647: A tomcat information disclosure in pipelined request processing was fixed. (bsc#1033448) - CVE-2017-5648: A tomcat information disclosure due to using incorrect facade objects was fixed (bsc#1033447) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1027=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1027=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): tomcat-7.0.78-7.13.4 tomcat-admin-webapps-7.0.78-7.13.4 tomcat-docs-webapp-7.0.78-7.13.4 tomcat-el-2_2-api-7.0.78-7.13.4 tomcat-javadoc-7.0.78-7.13.4 tomcat-jsp-2_2-api-7.0.78-7.13.4 tomcat-lib-7.0.78-7.13.4 tomcat-servlet-3_0-api-7.0.78-7.13.4 tomcat-webapps-7.0.78-7.13.4 - SUSE Linux Enterprise Server 12-LTSS (noarch): tomcat-7.0.78-7.13.4 tomcat-admin-webapps-7.0.78-7.13.4 tomcat-docs-webapp-7.0.78-7.13.4 tomcat-el-2_2-api-7.0.78-7.13.4 tomcat-javadoc-7.0.78-7.13.4 tomcat-jsp-2_2-api-7.0.78-7.13.4 tomcat-lib-7.0.78-7.13.4 tomcat-servlet-3_0-api-7.0.78-7.13.4 tomcat-webapps-7.0.78-7.13.4 References: https://www.suse.com/security/cve/CVE-2016-0762.html https://www.suse.com/security/cve/CVE-2016-3092.html https://www.suse.com/security/cve/CVE-2016-5018.html https://www.suse.com/security/cve/CVE-2016-5388.html https://www.suse.com/security/cve/CVE-2016-6794.html https://www.suse.com/security/cve/CVE-2016-6796.html https://www.suse.com/security/cve/CVE-2016-6797.html https://www.suse.com/security/cve/CVE-2016-6816.html https://www.suse.com/security/cve/CVE-2016-8735.html https://www.suse.com/security/cve/CVE-2016-8745.html https://www.suse.com/security/cve/CVE-2017-5647.html https://www.suse.com/security/cve/CVE-2017-5648.html https://bugzilla.suse.com/1007853 https://bugzilla.suse.com/1007854 https://bugzilla.suse.com/1007855 https://bugzilla.suse.com/1007857 https://bugzilla.suse.com/1007858 https://bugzilla.suse.com/1011805 https://bugzilla.suse.com/1011812 https://bugzilla.suse.com/1015119 https://bugzilla.suse.com/1033447 https://bugzilla.suse.com/1033448 https://bugzilla.suse.com/986359 https://bugzilla.suse.com/988489 From sle-updates at lists.suse.com Fri Jun 23 07:11:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2017 15:11:40 +0200 (CEST) Subject: SUSE-SU-2017:1661-1: moderate: Security update for openssh-openssl1 Message-ID: <20170623131140.09283101C3@maintenance.suse.de> SUSE Security Update: Security update for openssh-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1661-1 Rating: moderate References: #1005480 #1005893 #1006221 #1016366 #1016369 Cross-References: CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for openssh-openssl1 fixes the following issues: - Properly verify CIDR masks in configuration (bsc#1005893) - CVE-2016-10009: limit directories for loading PKCS11 modules (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssh-openssl1-13169=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openssh-openssl1-6.6p1-18.1 openssh-openssl1-helpers-6.6p1-18.1 References: https://www.suse.com/security/cve/CVE-2016-10009.html https://www.suse.com/security/cve/CVE-2016-10011.html https://www.suse.com/security/cve/CVE-2016-8858.html https://bugzilla.suse.com/1005480 https://bugzilla.suse.com/1005893 https://bugzilla.suse.com/1006221 https://bugzilla.suse.com/1016366 https://bugzilla.suse.com/1016369 From sle-updates at lists.suse.com Fri Jun 23 10:10:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2017 18:10:48 +0200 (CEST) Subject: SUSE-SU-2017:1662-1: moderate: Security update for php5 Message-ID: <20170623161048.60726101CA@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1662-1 Rating: moderate References: #1035111 #1040883 #1040889 #1040891 Cross-References: CVE-2016-6294 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for php5 fixes the following security issues: - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). - CVE-2017-9227: A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. (bsc#1040883) - CVE-2017-9226: A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. (bsc#1040889) - CVE-2017-9224: A stack out-of-bounds read occurs in match_at() during regular expression searching. (bsc#1040891) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1030=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1030=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-108.1 php5-debugsource-5.5.14-108.1 php5-devel-5.5.14-108.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-108.1 apache2-mod_php5-debuginfo-5.5.14-108.1 php5-5.5.14-108.1 php5-bcmath-5.5.14-108.1 php5-bcmath-debuginfo-5.5.14-108.1 php5-bz2-5.5.14-108.1 php5-bz2-debuginfo-5.5.14-108.1 php5-calendar-5.5.14-108.1 php5-calendar-debuginfo-5.5.14-108.1 php5-ctype-5.5.14-108.1 php5-ctype-debuginfo-5.5.14-108.1 php5-curl-5.5.14-108.1 php5-curl-debuginfo-5.5.14-108.1 php5-dba-5.5.14-108.1 php5-dba-debuginfo-5.5.14-108.1 php5-debuginfo-5.5.14-108.1 php5-debugsource-5.5.14-108.1 php5-dom-5.5.14-108.1 php5-dom-debuginfo-5.5.14-108.1 php5-enchant-5.5.14-108.1 php5-enchant-debuginfo-5.5.14-108.1 php5-exif-5.5.14-108.1 php5-exif-debuginfo-5.5.14-108.1 php5-fastcgi-5.5.14-108.1 php5-fastcgi-debuginfo-5.5.14-108.1 php5-fileinfo-5.5.14-108.1 php5-fileinfo-debuginfo-5.5.14-108.1 php5-fpm-5.5.14-108.1 php5-fpm-debuginfo-5.5.14-108.1 php5-ftp-5.5.14-108.1 php5-ftp-debuginfo-5.5.14-108.1 php5-gd-5.5.14-108.1 php5-gd-debuginfo-5.5.14-108.1 php5-gettext-5.5.14-108.1 php5-gettext-debuginfo-5.5.14-108.1 php5-gmp-5.5.14-108.1 php5-gmp-debuginfo-5.5.14-108.1 php5-iconv-5.5.14-108.1 php5-iconv-debuginfo-5.5.14-108.1 php5-imap-5.5.14-108.1 php5-imap-debuginfo-5.5.14-108.1 php5-intl-5.5.14-108.1 php5-intl-debuginfo-5.5.14-108.1 php5-json-5.5.14-108.1 php5-json-debuginfo-5.5.14-108.1 php5-ldap-5.5.14-108.1 php5-ldap-debuginfo-5.5.14-108.1 php5-mbstring-5.5.14-108.1 php5-mbstring-debuginfo-5.5.14-108.1 php5-mcrypt-5.5.14-108.1 php5-mcrypt-debuginfo-5.5.14-108.1 php5-mysql-5.5.14-108.1 php5-mysql-debuginfo-5.5.14-108.1 php5-odbc-5.5.14-108.1 php5-odbc-debuginfo-5.5.14-108.1 php5-opcache-5.5.14-108.1 php5-opcache-debuginfo-5.5.14-108.1 php5-openssl-5.5.14-108.1 php5-openssl-debuginfo-5.5.14-108.1 php5-pcntl-5.5.14-108.1 php5-pcntl-debuginfo-5.5.14-108.1 php5-pdo-5.5.14-108.1 php5-pdo-debuginfo-5.5.14-108.1 php5-pgsql-5.5.14-108.1 php5-pgsql-debuginfo-5.5.14-108.1 php5-phar-5.5.14-108.1 php5-phar-debuginfo-5.5.14-108.1 php5-posix-5.5.14-108.1 php5-posix-debuginfo-5.5.14-108.1 php5-pspell-5.5.14-108.1 php5-pspell-debuginfo-5.5.14-108.1 php5-shmop-5.5.14-108.1 php5-shmop-debuginfo-5.5.14-108.1 php5-snmp-5.5.14-108.1 php5-snmp-debuginfo-5.5.14-108.1 php5-soap-5.5.14-108.1 php5-soap-debuginfo-5.5.14-108.1 php5-sockets-5.5.14-108.1 php5-sockets-debuginfo-5.5.14-108.1 php5-sqlite-5.5.14-108.1 php5-sqlite-debuginfo-5.5.14-108.1 php5-suhosin-5.5.14-108.1 php5-suhosin-debuginfo-5.5.14-108.1 php5-sysvmsg-5.5.14-108.1 php5-sysvmsg-debuginfo-5.5.14-108.1 php5-sysvsem-5.5.14-108.1 php5-sysvsem-debuginfo-5.5.14-108.1 php5-sysvshm-5.5.14-108.1 php5-sysvshm-debuginfo-5.5.14-108.1 php5-tokenizer-5.5.14-108.1 php5-tokenizer-debuginfo-5.5.14-108.1 php5-wddx-5.5.14-108.1 php5-wddx-debuginfo-5.5.14-108.1 php5-xmlreader-5.5.14-108.1 php5-xmlreader-debuginfo-5.5.14-108.1 php5-xmlrpc-5.5.14-108.1 php5-xmlrpc-debuginfo-5.5.14-108.1 php5-xmlwriter-5.5.14-108.1 php5-xmlwriter-debuginfo-5.5.14-108.1 php5-xsl-5.5.14-108.1 php5-xsl-debuginfo-5.5.14-108.1 php5-zip-5.5.14-108.1 php5-zip-debuginfo-5.5.14-108.1 php5-zlib-5.5.14-108.1 php5-zlib-debuginfo-5.5.14-108.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-108.1 References: https://www.suse.com/security/cve/CVE-2016-6294.html https://www.suse.com/security/cve/CVE-2017-9224.html https://www.suse.com/security/cve/CVE-2017-9226.html https://www.suse.com/security/cve/CVE-2017-9227.html https://bugzilla.suse.com/1035111 https://bugzilla.suse.com/1040883 https://bugzilla.suse.com/1040889 https://bugzilla.suse.com/1040891 From sle-updates at lists.suse.com Fri Jun 23 10:11:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2017 18:11:35 +0200 (CEST) Subject: SUSE-SU-2017:1663-1: moderate: Security update for wireshark Message-ID: <20170623161135.14DF8101CA@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1663-1 Rating: moderate References: #1042298 #1042299 #1042300 #1042301 #1042302 #1042303 #1042304 #1042305 #1042306 #1042307 #1042308 #1042309 Cross-References: CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: The network debugging tool wireshark was updated to version 2.2.7 to fix the following issues: - CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304) - CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303) - CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302) - CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301) - CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300) - CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305) - CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299) - CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298) - CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309) - CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308) - CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307) - CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1031=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1031=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1031=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1031=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.7-47.1 wireshark-debugsource-2.2.7-47.1 wireshark-devel-2.2.7-47.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libwireshark8-2.2.7-47.1 libwireshark8-debuginfo-2.2.7-47.1 libwiretap6-2.2.7-47.1 libwiretap6-debuginfo-2.2.7-47.1 libwscodecs1-2.2.7-47.1 libwscodecs1-debuginfo-2.2.7-47.1 libwsutil7-2.2.7-47.1 libwsutil7-debuginfo-2.2.7-47.1 wireshark-2.2.7-47.1 wireshark-debuginfo-2.2.7-47.1 wireshark-debugsource-2.2.7-47.1 wireshark-gtk-2.2.7-47.1 wireshark-gtk-debuginfo-2.2.7-47.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libwireshark8-2.2.7-47.1 libwireshark8-debuginfo-2.2.7-47.1 libwiretap6-2.2.7-47.1 libwiretap6-debuginfo-2.2.7-47.1 libwscodecs1-2.2.7-47.1 libwscodecs1-debuginfo-2.2.7-47.1 libwsutil7-2.2.7-47.1 libwsutil7-debuginfo-2.2.7-47.1 wireshark-2.2.7-47.1 wireshark-debuginfo-2.2.7-47.1 wireshark-debugsource-2.2.7-47.1 wireshark-gtk-2.2.7-47.1 wireshark-gtk-debuginfo-2.2.7-47.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libwireshark8-2.2.7-47.1 libwireshark8-debuginfo-2.2.7-47.1 libwiretap6-2.2.7-47.1 libwiretap6-debuginfo-2.2.7-47.1 libwscodecs1-2.2.7-47.1 libwscodecs1-debuginfo-2.2.7-47.1 libwsutil7-2.2.7-47.1 libwsutil7-debuginfo-2.2.7-47.1 wireshark-2.2.7-47.1 wireshark-debuginfo-2.2.7-47.1 wireshark-debugsource-2.2.7-47.1 wireshark-gtk-2.2.7-47.1 wireshark-gtk-debuginfo-2.2.7-47.1 References: https://www.suse.com/security/cve/CVE-2017-9343.html https://www.suse.com/security/cve/CVE-2017-9344.html https://www.suse.com/security/cve/CVE-2017-9345.html https://www.suse.com/security/cve/CVE-2017-9346.html https://www.suse.com/security/cve/CVE-2017-9347.html https://www.suse.com/security/cve/CVE-2017-9348.html https://www.suse.com/security/cve/CVE-2017-9349.html https://www.suse.com/security/cve/CVE-2017-9350.html https://www.suse.com/security/cve/CVE-2017-9351.html https://www.suse.com/security/cve/CVE-2017-9352.html https://www.suse.com/security/cve/CVE-2017-9353.html https://www.suse.com/security/cve/CVE-2017-9354.html https://bugzilla.suse.com/1042298 https://bugzilla.suse.com/1042299 https://bugzilla.suse.com/1042300 https://bugzilla.suse.com/1042301 https://bugzilla.suse.com/1042302 https://bugzilla.suse.com/1042303 https://bugzilla.suse.com/1042304 https://bugzilla.suse.com/1042305 https://bugzilla.suse.com/1042306 https://bugzilla.suse.com/1042307 https://bugzilla.suse.com/1042308 https://bugzilla.suse.com/1042309 From sle-updates at lists.suse.com Fri Jun 23 10:13:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2017 18:13:12 +0200 (CEST) Subject: SUSE-SU-2017:1664-1: moderate: Security update for wireshark Message-ID: <20170623161312.B125C101CA@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1664-1 Rating: moderate References: #1042298 #1042299 #1042300 #1042301 #1042302 #1042303 #1042304 #1042305 #1042306 #1042307 #1042308 #1042309 Cross-References: CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: The network analysis tool wireshark was updated to version 2.0.13 to fix the following issues: * CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304) * CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303) * CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302) * CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301) * CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300) * CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305) * CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299) * CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298) * CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309) * CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308) * CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307) * CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13170=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13170=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13170=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-2.0.13-39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): wireshark-2.0.13-39.1 wireshark-gtk-2.0.13-39.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-2.0.13-39.1 wireshark-gtk-2.0.13-39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-2.0.13-39.1 wireshark-debugsource-2.0.13-39.1 References: https://www.suse.com/security/cve/CVE-2017-9343.html https://www.suse.com/security/cve/CVE-2017-9344.html https://www.suse.com/security/cve/CVE-2017-9345.html https://www.suse.com/security/cve/CVE-2017-9346.html https://www.suse.com/security/cve/CVE-2017-9347.html https://www.suse.com/security/cve/CVE-2017-9348.html https://www.suse.com/security/cve/CVE-2017-9349.html https://www.suse.com/security/cve/CVE-2017-9350.html https://www.suse.com/security/cve/CVE-2017-9351.html https://www.suse.com/security/cve/CVE-2017-9352.html https://www.suse.com/security/cve/CVE-2017-9353.html https://www.suse.com/security/cve/CVE-2017-9354.html https://bugzilla.suse.com/1042298 https://bugzilla.suse.com/1042299 https://bugzilla.suse.com/1042300 https://bugzilla.suse.com/1042301 https://bugzilla.suse.com/1042302 https://bugzilla.suse.com/1042303 https://bugzilla.suse.com/1042304 https://bugzilla.suse.com/1042305 https://bugzilla.suse.com/1042306 https://bugzilla.suse.com/1042307 https://bugzilla.suse.com/1042308 https://bugzilla.suse.com/1042309 From sle-updates at lists.suse.com Fri Jun 23 10:14:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2017 18:14:46 +0200 (CEST) Subject: SUSE-RU-2017:1665-1: Recommended update for sap-installation-wizard Message-ID: <20170623161446.1777F101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-installation-wizard ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1665-1 Rating: low References: #1034878 #1038503 #1040398 #1045167 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sap-installation-wizard fixes the following issues: - Undefined shell variable used in trex_inst.sh. (bsc#1040398) - Internal error Yast::SapCreateStorageClient__LVG. (bsc#1038503) - HANA Installer fails due error in hard disk partitioning. (bsc#1034878) Additionally, the following enhancements have been implemented: - Do not start tuning when running on Docker. (fate#320406) - Enhance the installation wizard to be used in HANA TDI environments. (fate#320408) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2017-1029=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): sap-installation-wizard-3.1.76-23.12.1 References: https://bugzilla.suse.com/1034878 https://bugzilla.suse.com/1038503 https://bugzilla.suse.com/1040398 https://bugzilla.suse.com/1045167 From sle-updates at lists.suse.com Fri Jun 23 13:09:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2017 21:09:43 +0200 (CEST) Subject: SUSE-RU-2017:1666-1: moderate: Recommended update for openattic Message-ID: <20170623190943.8BD10FFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openattic ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1666-1 Rating: moderate References: #1033588 #1033795 #1034014 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides openattic 2.0.20, which brings various fixes and improvements: - Stop flooding the log file with "Skipping /etc/ceph/ceph.client.admin.keyring, permission denied" errors. (bsc#1033795) - Fixed "Not an absolute path" error in openattic-systemd.service. (bsc#1033588) - Fixed "AttributeError: Call to an attribute oInstance of class 'nodb.models.NodbQuerySet'" in the log file. (bsc#1034014) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1032=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): openattic-2.0.20-5.12 openattic-base-2.0.20-5.12 openattic-debugsource-2.0.20-5.12 openattic-gui-2.0.20-5.12 openattic-module-ceph-2.0.20-5.12 openattic-module-ceph-deployment-2.0.20-5.12 openattic-module-icinga-2.0.20-5.12 openattic-module-lio-2.0.20-5.12 openattic-module-nfs-2.0.20-5.12 openattic-module-samba-2.0.20-5.12 openattic-pgsql-2.0.20-5.12 References: https://bugzilla.suse.com/1033588 https://bugzilla.suse.com/1033795 https://bugzilla.suse.com/1034014 From sle-updates at lists.suse.com Fri Jun 23 13:10:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2017 21:10:21 +0200 (CEST) Subject: SUSE-RU-2017:1667-1: Recommended update for e2fsprogs Message-ID: <20170623191021.2DB1CFFD5@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1667-1 Rating: low References: #1038194 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for e2fsprogs provides the following fixes: - Don't ignore fsync errors in libext2fs. (bsc#1038194) - Fix fsync(2) detection in libext2fs. (bsc#1038194) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1033=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1033=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1033=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1033=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1033=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): e2fsprogs-debuginfo-1.42.11-15.1 e2fsprogs-debugsource-1.42.11-15.1 e2fsprogs-devel-1.42.11-15.1 libcom_err-devel-1.42.11-15.1 libext2fs-devel-1.42.11-15.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): e2fsprogs-1.42.11-15.1 e2fsprogs-debuginfo-1.42.11-15.1 e2fsprogs-debugsource-1.42.11-15.1 libcom_err2-1.42.11-15.1 libcom_err2-debuginfo-1.42.11-15.1 libext2fs2-1.42.11-15.1 libext2fs2-debuginfo-1.42.11-15.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): e2fsprogs-1.42.11-15.1 e2fsprogs-debuginfo-1.42.11-15.1 e2fsprogs-debugsource-1.42.11-15.1 libcom_err2-1.42.11-15.1 libcom_err2-debuginfo-1.42.11-15.1 libext2fs2-1.42.11-15.1 libext2fs2-debuginfo-1.42.11-15.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): e2fsprogs-debuginfo-32bit-1.42.11-15.1 libcom_err2-32bit-1.42.11-15.1 libcom_err2-debuginfo-32bit-1.42.11-15.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): e2fsprogs-1.42.11-15.1 e2fsprogs-debuginfo-1.42.11-15.1 e2fsprogs-debuginfo-32bit-1.42.11-15.1 e2fsprogs-debugsource-1.42.11-15.1 libcom_err2-1.42.11-15.1 libcom_err2-32bit-1.42.11-15.1 libcom_err2-debuginfo-1.42.11-15.1 libcom_err2-debuginfo-32bit-1.42.11-15.1 libext2fs2-1.42.11-15.1 libext2fs2-debuginfo-1.42.11-15.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): e2fsprogs-1.42.11-15.1 e2fsprogs-debuginfo-1.42.11-15.1 e2fsprogs-debugsource-1.42.11-15.1 libcom_err2-1.42.11-15.1 libcom_err2-debuginfo-1.42.11-15.1 libext2fs2-1.42.11-15.1 libext2fs2-debuginfo-1.42.11-15.1 References: https://bugzilla.suse.com/1038194 From sle-updates at lists.suse.com Mon Jun 26 04:10:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 12:10:27 +0200 (CEST) Subject: SUSE-SU-2017:1669-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Message-ID: <20170626101027.63D43FFD6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1669-1 Rating: important References: #1035082 #1043960 Cross-References: CVE-2016-10196 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 50 vulnerabilities is now available. Description: The MozillaFirefox was updated to the new ESR 52.2 release, which fixes the following issues (bsc#1043960): * MFSA 2017-16/CVE-2017-7758 Out-of-bounds read in Opus encoder * MFSA 2017-16/CVE-2017-7749 Use-after-free during docshell reloading * MFSA 2017-16/CVE-2017-7751 Use-after-free with content viewer listeners * MFSA 2017-16/CVE-2017-5472 Use-after-free using destroyed node when regenerating trees * MFSA 2017-16/CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 * MFSA 2017-16/CVE-2017-7752 Use-after-free with IME input * MFSA 2017-16/CVE-2017-7750 Use-after-free with track elements * MFSA 2017-16/CVE-2017-7768 32 byte arbitrary file read through Mozilla Maintenance Service * MFSA 2017-16/CVE-2017-7778 Vulnerabilities in the Graphite 2 library * MFSA 2017-16/CVE-2017-7754 Out-of-bounds read in WebGL with ImageInfo object * MFSA 2017-16/CVE-2017-7755 Privilege escalation through Firefox Installer with same directory DLL files * MFSA 2017-16/CVE-2017-7756 Use-after-free and use-after-scope logging XHR header errors * MFSA 2017-16/CVE-2017-7757 Use-after-free in IndexedDB * MFSA 2017-16/CVE-2017-7761 File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application * MFSA 2017-16/CVE-2017-7763 Mac fonts render some unicode characters as spaces * MFSA 2017-16/CVE-2017-7765 Mark of the Web bypass when saving executable files * MFSA 2017-16/CVE-2017-7764 (bmo#1364283, bmo#http://www.unicode.org/reports/tr31/tr31-26 .html#Aspirational_Use_Scripts) Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082) * MFSA 2017-12/CVE-2016-10196 Vulnerabilities in Libevent library * MFSA 2017-12/CVE-2017-5443 Out-of-bounds write during BinHex decoding * MFSA 2017-12/CVE-2017-5429 Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 * MFSA 2017-12/CVE-2017-5464 Memory corruption with accessibility and DOM manipulation * MFSA 2017-12/CVE-2017-5465 Out-of-bounds read in ConvolvePixel * MFSA 2017-12/CVE-2017-5466 Origin confusion when reloading isolated data:text/html URL * MFSA 2017-12/CVE-2017-5467 Memory corruption when drawing Skia content * MFSA 2017-12/CVE-2017-5460 Use-after-free in frame selection * MFSA 2017-12/CVE-2017-5461 Out-of-bounds write in Base64 encoding in NSS * MFSA 2017-12/CVE-2017-5448 Out-of-bounds write in ClearKeyDecryptor * MFSA 2017-12/CVE-2017-5449 Crash during bidirectional unicode manipulation with animation * MFSA 2017-12/CVE-2017-5446 Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data * MFSA 2017-12/CVE-2017-5447 Out-of-bounds read during glyph processing * MFSA 2017-12/CVE-2017-5444 Buffer overflow while parsing application/http-index-format content * MFSA 2017-12/CVE-2017-5445 Uninitialized values used while parsing application/http- index-format content * MFSA 2017-12/CVE-2017-5442 Use-after-free during style changes * MFSA 2017-12/CVE-2017-5469 Potential Buffer overflow in flex-generated code * MFSA 2017-12/CVE-2017-5440 Use-after-free in txExecutionState destructor during XSLT processing * MFSA 2017-12/CVE-2017-5441 Use-after-free with selection during scroll events * MFSA 2017-12/CVE-2017-5439 Use-after-free in nsTArray Length() during XSLT processing * MFSA 2017-12/CVE-2017-5438 Use-after-free in nsAutoPtr during XSLT processing * MFSA 2017-12/CVE-2017-5436 Out-of-bounds write with malicious font in Graphite 2 * MFSA 2017-12/CVE-2017-5435 Use-after-free during transaction processing in the editor * MFSA 2017-12/CVE-2017-5434 Use-after-free during focus handling * MFSA 2017-12/CVE-2017-5433 Use-after-free in SMIL animation functions * MFSA 2017-12/CVE-2017-5432 Use-after-free in text input selection * MFSA 2017-12/CVE-2017-5430 Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 * MFSA 2017-12/CVE-2017-5459 Buffer overflow in WebGL * MFSA 2017-12/CVE-2017-5462 DRBG flaw in NSS * MFSA 2017-12/CVE-2017-5455 Sandbox escape through internal feed reader APIs * MFSA 2017-12/CVE-2017-5454 Sandbox escape allowing file system read access through file picker * MFSA 2017-12/CVE-2017-5456 Sandbox escape allowing local file system access * MFSA 2017-12/CVE-2017-5451 Addressbar spoofing with onblur event Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1035=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1035=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1035=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1035=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1035=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1035=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1035=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1035=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1035=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 References: https://www.suse.com/security/cve/CVE-2016-10196.html https://www.suse.com/security/cve/CVE-2017-5429.html https://www.suse.com/security/cve/CVE-2017-5430.html https://www.suse.com/security/cve/CVE-2017-5432.html https://www.suse.com/security/cve/CVE-2017-5433.html https://www.suse.com/security/cve/CVE-2017-5434.html https://www.suse.com/security/cve/CVE-2017-5435.html https://www.suse.com/security/cve/CVE-2017-5436.html https://www.suse.com/security/cve/CVE-2017-5438.html https://www.suse.com/security/cve/CVE-2017-5439.html https://www.suse.com/security/cve/CVE-2017-5440.html https://www.suse.com/security/cve/CVE-2017-5441.html https://www.suse.com/security/cve/CVE-2017-5442.html https://www.suse.com/security/cve/CVE-2017-5443.html https://www.suse.com/security/cve/CVE-2017-5444.html https://www.suse.com/security/cve/CVE-2017-5445.html https://www.suse.com/security/cve/CVE-2017-5446.html https://www.suse.com/security/cve/CVE-2017-5447.html https://www.suse.com/security/cve/CVE-2017-5448.html https://www.suse.com/security/cve/CVE-2017-5449.html https://www.suse.com/security/cve/CVE-2017-5451.html https://www.suse.com/security/cve/CVE-2017-5454.html https://www.suse.com/security/cve/CVE-2017-5455.html https://www.suse.com/security/cve/CVE-2017-5456.html https://www.suse.com/security/cve/CVE-2017-5459.html https://www.suse.com/security/cve/CVE-2017-5460.html https://www.suse.com/security/cve/CVE-2017-5461.html https://www.suse.com/security/cve/CVE-2017-5462.html https://www.suse.com/security/cve/CVE-2017-5464.html https://www.suse.com/security/cve/CVE-2017-5465.html https://www.suse.com/security/cve/CVE-2017-5466.html https://www.suse.com/security/cve/CVE-2017-5467.html https://www.suse.com/security/cve/CVE-2017-5469.html https://www.suse.com/security/cve/CVE-2017-5470.html https://www.suse.com/security/cve/CVE-2017-5472.html https://www.suse.com/security/cve/CVE-2017-7749.html https://www.suse.com/security/cve/CVE-2017-7750.html https://www.suse.com/security/cve/CVE-2017-7751.html https://www.suse.com/security/cve/CVE-2017-7752.html https://www.suse.com/security/cve/CVE-2017-7754.html https://www.suse.com/security/cve/CVE-2017-7755.html https://www.suse.com/security/cve/CVE-2017-7756.html https://www.suse.com/security/cve/CVE-2017-7757.html https://www.suse.com/security/cve/CVE-2017-7758.html https://www.suse.com/security/cve/CVE-2017-7761.html https://www.suse.com/security/cve/CVE-2017-7763.html https://www.suse.com/security/cve/CVE-2017-7764.html https://www.suse.com/security/cve/CVE-2017-7765.html https://www.suse.com/security/cve/CVE-2017-7768.html https://www.suse.com/security/cve/CVE-2017-7778.html https://bugzilla.suse.com/1035082 https://bugzilla.suse.com/1043960 From sle-updates at lists.suse.com Mon Jun 26 04:11:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 12:11:15 +0200 (CEST) Subject: SUSE-SU-2017:1670-1: moderate: Security update for libxml2 Message-ID: <20170626101115.37FC1FFD6@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1670-1 Rating: moderate References: #1024989 #1044337 Cross-References: CVE-2017-0663 CVE-2017-5969 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1036=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1036=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1036=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1036=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1036=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-42.1 libxml2-devel-2.9.4-42.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxml2-2-2.9.4-42.1 libxml2-2-debuginfo-2.9.4-42.1 libxml2-debugsource-2.9.4-42.1 libxml2-tools-2.9.4-42.1 libxml2-tools-debuginfo-2.9.4-42.1 python-libxml2-2.9.4-42.1 python-libxml2-debuginfo-2.9.4-42.1 python-libxml2-debugsource-2.9.4-42.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libxml2-doc-2.9.4-42.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libxml2-2-2.9.4-42.1 libxml2-2-debuginfo-2.9.4-42.1 libxml2-debugsource-2.9.4-42.1 libxml2-tools-2.9.4-42.1 libxml2-tools-debuginfo-2.9.4-42.1 python-libxml2-2.9.4-42.1 python-libxml2-debuginfo-2.9.4-42.1 python-libxml2-debugsource-2.9.4-42.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libxml2-2-32bit-2.9.4-42.1 libxml2-2-debuginfo-32bit-2.9.4-42.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): libxml2-doc-2.9.4-42.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libxml2-2-2.9.4-42.1 libxml2-2-32bit-2.9.4-42.1 libxml2-2-debuginfo-2.9.4-42.1 libxml2-2-debuginfo-32bit-2.9.4-42.1 libxml2-debugsource-2.9.4-42.1 libxml2-tools-2.9.4-42.1 libxml2-tools-debuginfo-2.9.4-42.1 python-libxml2-2.9.4-42.1 python-libxml2-debuginfo-2.9.4-42.1 python-libxml2-debugsource-2.9.4-42.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libxml2-2-2.9.4-42.1 libxml2-2-debuginfo-2.9.4-42.1 libxml2-debugsource-2.9.4-42.1 References: https://www.suse.com/security/cve/CVE-2017-0663.html https://www.suse.com/security/cve/CVE-2017-5969.html https://bugzilla.suse.com/1024989 https://bugzilla.suse.com/1044337 From sle-updates at lists.suse.com Mon Jun 26 04:11:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 12:11:53 +0200 (CEST) Subject: SUSE-SU-2017:1671-1: moderate: Security update for cairo Message-ID: <20170626101153.30391FFD6@maintenance.suse.de> SUSE Security Update: Security update for cairo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1671-1 Rating: moderate References: #1007255 #1036789 Cross-References: CVE-2016-9082 CVE-2017-7475 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for cairo fixes the following issues: - CVE-2017-7475: Fixed a segfault in get_bitmap_surface due to malformed font (bsc#1036789). - CVE-2016-9082: fix a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1034=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1034=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1034=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1034=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): cairo-debugsource-1.15.2-24.1 cairo-devel-1.15.2-24.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): cairo-debugsource-1.15.2-24.1 libcairo-gobject2-1.15.2-24.1 libcairo-gobject2-debuginfo-1.15.2-24.1 libcairo-script-interpreter2-1.15.2-24.1 libcairo-script-interpreter2-debuginfo-1.15.2-24.1 libcairo2-1.15.2-24.1 libcairo2-debuginfo-1.15.2-24.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): cairo-debugsource-1.15.2-24.1 libcairo-gobject2-1.15.2-24.1 libcairo-gobject2-debuginfo-1.15.2-24.1 libcairo-script-interpreter2-1.15.2-24.1 libcairo-script-interpreter2-debuginfo-1.15.2-24.1 libcairo2-1.15.2-24.1 libcairo2-debuginfo-1.15.2-24.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libcairo-gobject2-32bit-1.15.2-24.1 libcairo-gobject2-debuginfo-32bit-1.15.2-24.1 libcairo2-32bit-1.15.2-24.1 libcairo2-debuginfo-32bit-1.15.2-24.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): cairo-debugsource-1.15.2-24.1 libcairo-gobject2-1.15.2-24.1 libcairo-gobject2-32bit-1.15.2-24.1 libcairo-gobject2-debuginfo-1.15.2-24.1 libcairo-gobject2-debuginfo-32bit-1.15.2-24.1 libcairo-script-interpreter2-1.15.2-24.1 libcairo-script-interpreter2-debuginfo-1.15.2-24.1 libcairo2-1.15.2-24.1 libcairo2-32bit-1.15.2-24.1 libcairo2-debuginfo-1.15.2-24.1 libcairo2-debuginfo-32bit-1.15.2-24.1 References: https://www.suse.com/security/cve/CVE-2016-9082.html https://www.suse.com/security/cve/CVE-2017-7475.html https://bugzilla.suse.com/1007255 https://bugzilla.suse.com/1036789 From sle-updates at lists.suse.com Mon Jun 26 07:12:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 15:12:34 +0200 (CEST) Subject: SUSE-SU-2017:1672-1: moderate: Security update for poppler Message-ID: <20170626131234.610C7FFD6@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1672-1 Rating: moderate References: #1040170 #1042803 Cross-References: CVE-2017-9083 CVE-2017-9406 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for poppler fixes the following issues: - CVE-2017-9406: Fixed a memory leak that occurred while parsing invalid XRef attributes (bsc#1042803). - CVE-2017-9083: Fixed a memory leak that occurred when the parser tried to recover from a broken input file. (bsc#1040170) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1038=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1038=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1038=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpoppler44-0.24.4-14.3.1 libpoppler44-debuginfo-0.24.4-14.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpoppler44-0.24.4-14.3.1 libpoppler44-debuginfo-0.24.4-14.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpoppler44-0.24.4-14.3.1 libpoppler44-debuginfo-0.24.4-14.3.1 References: https://www.suse.com/security/cve/CVE-2017-9083.html https://www.suse.com/security/cve/CVE-2017-9406.html https://bugzilla.suse.com/1040170 https://bugzilla.suse.com/1042803 From sle-updates at lists.suse.com Mon Jun 26 07:13:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 15:13:56 +0200 (CEST) Subject: SUSE-SU-2017:1675-1: moderate: Security update for xorg-x11-server Message-ID: <20170626131356.3DAB9FFD6@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1675-1 Rating: moderate References: #1019649 #1021803 #1025029 #1025035 #1025084 #1025985 #1032509 #1039042 Cross-References: CVE-2017-2624 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update for xorg-x11-server provides the following fixes: - Remove unused function with use-after-free issue. (bsc#1025035) - Use arc4random to generate cookies. (bsc#1025084) - Prevent timing attack against MIT cookie. (bsc#1025029, CVE-2017-2624) - XDrawArc performance improvement. (bsc#1019649) - Re-enable indirect GLX by default. (bsc#1039042) - Add IndirectGLX ServerFlags option which allows users to enable or disable indirect GLX. (bsc#1032509) - Fix dashing in GLAMOR. (bsc#1021803) - Fix X server crash on drawing dashed lines. (bsc#1025985) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1037=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1037=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1037=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1037=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.18.3-71.1 xorg-x11-server-debugsource-7.6_1.18.3-71.1 xorg-x11-server-sdk-7.6_1.18.3-71.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): xorg-x11-server-7.6_1.18.3-71.1 xorg-x11-server-debuginfo-7.6_1.18.3-71.1 xorg-x11-server-debugsource-7.6_1.18.3-71.1 xorg-x11-server-extra-7.6_1.18.3-71.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-71.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): xorg-x11-server-7.6_1.18.3-71.1 xorg-x11-server-debuginfo-7.6_1.18.3-71.1 xorg-x11-server-debugsource-7.6_1.18.3-71.1 xorg-x11-server-extra-7.6_1.18.3-71.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-71.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xorg-x11-server-7.6_1.18.3-71.1 xorg-x11-server-debuginfo-7.6_1.18.3-71.1 xorg-x11-server-debugsource-7.6_1.18.3-71.1 xorg-x11-server-extra-7.6_1.18.3-71.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-71.1 References: https://www.suse.com/security/cve/CVE-2017-2624.html https://bugzilla.suse.com/1019649 https://bugzilla.suse.com/1021803 https://bugzilla.suse.com/1025029 https://bugzilla.suse.com/1025035 https://bugzilla.suse.com/1025084 https://bugzilla.suse.com/1025985 https://bugzilla.suse.com/1032509 https://bugzilla.suse.com/1039042 From sle-updates at lists.suse.com Mon Jun 26 10:11:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 18:11:56 +0200 (CEST) Subject: SUSE-SU-2017:1690-1: moderate: Security update for postgresql94 Message-ID: <20170626161156.3C027FFD6@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1690-1 Rating: moderate References: #1037603 #1037624 #1038293 Cross-References: CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for postgresql94 to 9.4.12 fixes the following issues: Upstream changelogs: - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed: * CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. * CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) * CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12: * Build corruption with CREATE INDEX CONCURRENTLY * Fixes for visibility and write-ahead-log stability Changes in version 9.4.10: * Fix WAL-logging of truncation of relation free space maps and visibility maps * Fix incorrect creation of GIN index WAL records on big-endian machines * Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction * Fix EvalPlanQual rechecks involving CTE scans * Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1039=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1039=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1039=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1039=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): postgresql94-devel-9.4.12-20.1 postgresql94-devel-debuginfo-9.4.12-20.1 postgresql94-libs-debugsource-9.4.12-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): postgresql94-9.4.12-20.1 postgresql94-contrib-9.4.12-20.1 postgresql94-contrib-debuginfo-9.4.12-20.1 postgresql94-debuginfo-9.4.12-20.1 postgresql94-debugsource-9.4.12-20.1 postgresql94-server-9.4.12-20.1 postgresql94-server-debuginfo-9.4.12-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): postgresql94-docs-9.4.12-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): postgresql94-9.4.12-20.1 postgresql94-contrib-9.4.12-20.1 postgresql94-contrib-debuginfo-9.4.12-20.1 postgresql94-debuginfo-9.4.12-20.1 postgresql94-debugsource-9.4.12-20.1 postgresql94-server-9.4.12-20.1 postgresql94-server-debuginfo-9.4.12-20.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): postgresql94-docs-9.4.12-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): postgresql94-9.4.12-20.1 postgresql94-debuginfo-9.4.12-20.1 postgresql94-debugsource-9.4.12-20.1 References: https://www.suse.com/security/cve/CVE-2017-7484.html https://www.suse.com/security/cve/CVE-2017-7485.html https://www.suse.com/security/cve/CVE-2017-7486.html https://bugzilla.suse.com/1037603 https://bugzilla.suse.com/1037624 https://bugzilla.suse.com/1038293 From sle-updates at lists.suse.com Mon Jun 26 10:12:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 18:12:41 +0200 (CEST) Subject: SUSE-OU-2017:1691-1: Optional update for postgresql96 Message-ID: <20170626161241.4B25FFFD6@maintenance.suse.de> SUSE Optional Update: Optional update for postgresql96 ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1691-1 Rating: low References: #1038474 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update delivers PostgreSQL 9.6.3 to the SUSE Linux Enterprise 12 codebase. Major enhancements in PostgreSQL 9.6 include: - Parallel execution of sequential scans, joins and aggregates - Avoid scanning pages unnecessarily during vacuum freeze operations - Synchronous replication now allows multiple standby servers for increased reliability - Full-text search can now search for phrases (multiple adjacent words) - postgres_fdw now supports remote joins, sorts, UPDATEs, and DELETEs - Substantial performance improvements, especially in the area of scalability on multi-CPU-socket servers. Version 9.6 contains a number of changes that may affect compatibility with previous releases. Please refer to https://www.postgresql.org/docs/9.6/static/release-9-6.html for a comprehensive list of changes. The existing client libraries libecpg6 and libpq5 are now taken from the postgresql96 build instead of the postgresql94 build. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1042=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1042=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1042=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1042=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1042=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1042=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libecpg6-9.6.3-2.1 libecpg6-debuginfo-9.6.3-2.1 libpq5-9.6.3-2.1 libpq5-debuginfo-9.6.3-2.1 postgresql96-9.6.3-2.4 postgresql96-contrib-9.6.3-2.4 postgresql96-contrib-debuginfo-9.6.3-2.4 postgresql96-debuginfo-9.6.3-2.4 postgresql96-debugsource-9.6.3-2.4 postgresql96-libs-debugsource-9.6.3-2.1 postgresql96-server-9.6.3-2.4 postgresql96-server-debuginfo-9.6.3-2.4 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postgresql-init-9.6-17.17.1 postgresql96-docs-9.6.3-2.4 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpq5-32bit-9.6.3-2.1 libpq5-debuginfo-32bit-9.6.3-2.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libecpg6-9.6.3-2.1 libecpg6-debuginfo-9.6.3-2.1 libpq5-32bit-9.6.3-2.1 libpq5-9.6.3-2.1 libpq5-debuginfo-32bit-9.6.3-2.1 libpq5-debuginfo-9.6.3-2.1 postgresql96-9.6.3-2.4 postgresql96-contrib-9.6.3-2.4 postgresql96-contrib-debuginfo-9.6.3-2.4 postgresql96-debuginfo-9.6.3-2.4 postgresql96-debugsource-9.6.3-2.4 postgresql96-libs-debugsource-9.6.3-2.1 postgresql96-server-9.6.3-2.4 postgresql96-server-debuginfo-9.6.3-2.4 - SUSE Linux Enterprise Server for SAP 12 (noarch): postgresql-init-9.6-17.17.1 postgresql96-docs-9.6.3-2.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libecpg6-9.6.3-2.1 libecpg6-debuginfo-9.6.3-2.1 libpq5-9.6.3-2.1 libpq5-debuginfo-9.6.3-2.1 postgresql96-9.6.3-2.4 postgresql96-contrib-9.6.3-2.4 postgresql96-contrib-debuginfo-9.6.3-2.4 postgresql96-debuginfo-9.6.3-2.4 postgresql96-debugsource-9.6.3-2.4 postgresql96-libs-debugsource-9.6.3-2.1 postgresql96-server-9.6.3-2.4 postgresql96-server-debuginfo-9.6.3-2.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): postgresql-init-9.6-17.17.1 postgresql96-docs-9.6.3-2.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libecpg6-9.6.3-2.1 libecpg6-debuginfo-9.6.3-2.1 libpq5-9.6.3-2.1 libpq5-debuginfo-9.6.3-2.1 postgresql96-9.6.3-2.4 postgresql96-contrib-9.6.3-2.4 postgresql96-contrib-debuginfo-9.6.3-2.4 postgresql96-debuginfo-9.6.3-2.4 postgresql96-debugsource-9.6.3-2.4 postgresql96-libs-debugsource-9.6.3-2.1 postgresql96-server-9.6.3-2.4 postgresql96-server-debuginfo-9.6.3-2.4 - SUSE Linux Enterprise Server 12-SP2 (noarch): postgresql-init-9.6-17.17.1 postgresql96-docs-9.6.3-2.4 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpq5-32bit-9.6.3-2.1 libpq5-debuginfo-32bit-9.6.3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libecpg6-9.6.3-2.1 libecpg6-debuginfo-9.6.3-2.1 libpq5-9.6.3-2.1 libpq5-debuginfo-9.6.3-2.1 postgresql96-9.6.3-2.4 postgresql96-contrib-9.6.3-2.4 postgresql96-contrib-debuginfo-9.6.3-2.4 postgresql96-debuginfo-9.6.3-2.4 postgresql96-debugsource-9.6.3-2.4 postgresql96-libs-debugsource-9.6.3-2.1 postgresql96-server-9.6.3-2.4 postgresql96-server-debuginfo-9.6.3-2.4 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libpq5-32bit-9.6.3-2.1 libpq5-debuginfo-32bit-9.6.3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postgresql-init-9.6-17.17.1 postgresql96-docs-9.6.3-2.4 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libecpg6-9.6.3-2.1 libecpg6-debuginfo-9.6.3-2.1 libpq5-9.6.3-2.1 libpq5-debuginfo-9.6.3-2.1 postgresql96-9.6.3-2.4 postgresql96-contrib-9.6.3-2.4 postgresql96-contrib-debuginfo-9.6.3-2.4 postgresql96-debuginfo-9.6.3-2.4 postgresql96-debugsource-9.6.3-2.4 postgresql96-libs-debugsource-9.6.3-2.1 postgresql96-server-9.6.3-2.4 postgresql96-server-debuginfo-9.6.3-2.4 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libpq5-32bit-9.6.3-2.1 libpq5-debuginfo-32bit-9.6.3-2.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql-init-9.6-17.17.1 postgresql96-docs-9.6.3-2.4 References: https://bugzilla.suse.com/1038474 From sle-updates at lists.suse.com Mon Jun 26 10:13:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 18:13:06 +0200 (CEST) Subject: SUSE-RU-2017:1692-1: Recommended update for rdma Message-ID: <20170626161306.1EA75FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for rdma ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1692-1 Rating: low References: #972725 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rdma provides the following fixes: - Workaround hostname -s failure during boot (bsc#972725) - Drop broken node_desc registration already done by udev (bsc#972725) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1041=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1041=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): rdma-2.1-11.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): rdma-2.1-11.1 References: https://bugzilla.suse.com/972725 From sle-updates at lists.suse.com Mon Jun 26 10:13:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 18:13:34 +0200 (CEST) Subject: SUSE-RU-2017:1693-1: Recommended update for libsemanage, policycoreutils Message-ID: <20170626161334.15DDDFFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsemanage, policycoreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1693-1 Rating: low References: #1043237 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libsemanage, policycoreutils fixes the following issue: - Show version numbers of modules where they are available (bsc#1043237) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1040=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1040=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1040=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1040=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1040=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsemanage-debugsource-2.5-8.1 libsemanage-devel-2.5-8.1 libsemanage-devel-static-2.5-8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsemanage-debugsource-2.5-8.1 libsemanage1-2.5-8.1 libsemanage1-debuginfo-2.5-8.1 policycoreutils-2.5-9.1 policycoreutils-debuginfo-2.5-9.1 policycoreutils-debugsource-2.5-9.1 policycoreutils-python-2.5-9.1 policycoreutils-python-debuginfo-2.5-9.1 python-semanage-2.5-8.1 python-semanage-debuginfo-2.5-8.1 python-semanage-debugsource-2.5-8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsemanage-debugsource-2.5-8.1 libsemanage1-2.5-8.1 libsemanage1-debuginfo-2.5-8.1 policycoreutils-2.5-9.1 policycoreutils-debuginfo-2.5-9.1 policycoreutils-debugsource-2.5-9.1 policycoreutils-python-2.5-9.1 policycoreutils-python-debuginfo-2.5-9.1 python-semanage-2.5-8.1 python-semanage-debuginfo-2.5-8.1 python-semanage-debugsource-2.5-8.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsemanage1-32bit-2.5-8.1 libsemanage1-debuginfo-32bit-2.5-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsemanage-debugsource-2.5-8.1 libsemanage1-2.5-8.1 libsemanage1-32bit-2.5-8.1 libsemanage1-debuginfo-2.5-8.1 libsemanage1-debuginfo-32bit-2.5-8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsemanage-debugsource-2.5-8.1 libsemanage1-2.5-8.1 libsemanage1-debuginfo-2.5-8.1 References: https://bugzilla.suse.com/1043237 From sle-updates at lists.suse.com Mon Jun 26 10:13:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 18:13:58 +0200 (CEST) Subject: SUSE-RU-2017:1694-1: Recommended update for ocfs2, gfs, cluster-network and drbd Message-ID: <20170626161358.B2EB5FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocfs2, gfs, cluster-network and drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1694-1 Rating: low References: #1005651 #1013018 #1013800 #1019783 #1040619 #971947 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update delivers the "bigmem" kernel flavor modules for SUSE Linux Enterprise 11 SP4 High Availability Extension for PowerPC 64. It also fixes following bugs in ocfs2 kernel modules: - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - ocfs2: do not write error flag to user structure we cannot copy from/to (bsc#1013018). - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800). - ocfs2: fix error return code in ocfs2_info_handle_freefrag() (bsc#1013018). - ocfs2: null deref on allocation error (bsc#1013018). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-bigmem-kmps-13171=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-bigmem-kmps-13171=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bigmem-kmps-13171=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): cluster-network-kmp-rt-1.4_3.0.101_rt130_68-2.31.1 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_68-2.31.1 drbd-kmp-rt-8.4.4_3.0.101_rt130_68-0.26.1 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_68-0.26.1 gfs2-kmp-rt-2_3.0.101_rt130_68-0.23.1 gfs2-kmp-rt_trace-2_3.0.101_rt130_68-0.23.1 ocfs2-kmp-rt-1.6_3.0.101_rt130_68-0.27.1 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_68-0.27.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_100-2.31.1 cluster-network-kmp-trace-1.4_3.0.101_100-2.31.1 drbd-8.4.4-0.26.1 drbd-bash-completion-8.4.4-0.26.1 drbd-heartbeat-8.4.4-0.26.1 drbd-kmp-default-8.4.4_3.0.101_100-0.26.1 drbd-kmp-trace-8.4.4_3.0.101_100-0.26.1 drbd-pacemaker-8.4.4-0.26.1 drbd-udev-8.4.4-0.26.1 drbd-utils-8.4.4-0.26.1 gfs2-kmp-default-2_3.0.101_100-0.23.1 gfs2-kmp-trace-2_3.0.101_100-0.23.1 ocfs2-kmp-default-1.6_3.0.101_100-0.27.1 ocfs2-kmp-trace-1.6_3.0.101_100-0.27.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_100-2.31.1 drbd-kmp-xen-8.4.4_3.0.101_100-0.26.1 gfs2-kmp-xen-2_3.0.101_100-0.23.1 ocfs2-kmp-xen-1.6_3.0.101_100-0.27.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64): drbd-xen-8.4.4-0.26.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64): cluster-network-kmp-bigmem-1.4_3.0.101_100-2.31.1 cluster-network-kmp-ppc64-1.4_3.0.101_100-2.31.1 drbd-kmp-bigmem-8.4.4_3.0.101_100-0.26.1 drbd-kmp-ppc64-8.4.4_3.0.101_100-0.26.1 gfs2-kmp-bigmem-2_3.0.101_100-0.23.1 gfs2-kmp-ppc64-2_3.0.101_100-0.23.1 ocfs2-kmp-bigmem-1.6_3.0.101_100-0.27.1 ocfs2-kmp-ppc64-1.6_3.0.101_100-0.27.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586): cluster-network-kmp-pae-1.4_3.0.101_100-2.31.1 drbd-kmp-pae-8.4.4_3.0.101_100-0.26.1 gfs2-kmp-pae-2_3.0.101_100-0.23.1 ocfs2-kmp-pae-1.6_3.0.101_100-0.27.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): drbd-debuginfo-8.4.4-0.26.1 drbd-debugsource-8.4.4-0.26.1 References: https://bugzilla.suse.com/1005651 https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1013800 https://bugzilla.suse.com/1019783 https://bugzilla.suse.com/1040619 https://bugzilla.suse.com/971947 From sle-updates at lists.suse.com Mon Jun 26 10:15:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2017 18:15:35 +0200 (CEST) Subject: SUSE-SU-2017:1696-1: important: Security update for kernel-source Message-ID: <20170626161535.C6FA7FFD6@maintenance.suse.de> SUSE Security Update: Security update for kernel-source ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1696-1 Rating: important References: #1045340 #1045406 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Linux kernel update for SUSE Linux Enterprise 11 SP4 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-13172=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-13172=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-13172=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-13172=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-107.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-107.1 kernel-default-base-3.0.101-107.1 kernel-default-devel-3.0.101-107.1 kernel-source-3.0.101-107.1 kernel-syms-3.0.101-107.1 kernel-trace-3.0.101-107.1 kernel-trace-base-3.0.101-107.1 kernel-trace-devel-3.0.101-107.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-107.1 kernel-ec2-base-3.0.101-107.1 kernel-ec2-devel-3.0.101-107.1 kernel-xen-3.0.101-107.1 kernel-xen-base-3.0.101-107.1 kernel-xen-devel-3.0.101-107.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-107.1 kernel-bigmem-base-3.0.101-107.1 kernel-bigmem-devel-3.0.101-107.1 kernel-ppc64-3.0.101-107.1 kernel-ppc64-base-3.0.101-107.1 kernel-ppc64-devel-3.0.101-107.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-107.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-107.1 kernel-pae-base-3.0.101-107.1 kernel-pae-devel-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-107.1 kernel-default-debugsource-3.0.101-107.1 kernel-trace-debuginfo-3.0.101-107.1 kernel-trace-debugsource-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-107.1 kernel-trace-devel-debuginfo-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-107.1 kernel-ec2-debugsource-3.0.101-107.1 kernel-xen-debuginfo-3.0.101-107.1 kernel-xen-debugsource-3.0.101-107.1 kernel-xen-devel-debuginfo-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-107.1 kernel-bigmem-debugsource-3.0.101-107.1 kernel-ppc64-debuginfo-3.0.101-107.1 kernel-ppc64-debugsource-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-107.1 kernel-pae-debugsource-3.0.101-107.1 kernel-pae-devel-debuginfo-3.0.101-107.1 References: https://bugzilla.suse.com/1045340 https://bugzilla.suse.com/1045406 From sle-updates at lists.suse.com Mon Jun 26 16:10:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2017 00:10:24 +0200 (CEST) Subject: SUSE-SU-2017:1699-1: moderate: Security update for cobbler Message-ID: <20170626221024.4A8EDFFD6@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1699-1 Rating: moderate References: #1030582 Cross-References: CVE-2016-9605 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cobbler fixes the following issues: - CVE-2016-9605: A directory traversal problem in the fix script endpoint was fixed that could be used to leak file content. (bsc#1030582) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-1048=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1048=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (noarch): koan-2.6.6-48.1 - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-48.1 References: https://www.suse.com/security/cve/CVE-2016-9605.html https://bugzilla.suse.com/1030582 From sle-updates at lists.suse.com Mon Jun 26 16:11:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2017 00:11:15 +0200 (CEST) Subject: SUSE-SU-2017:1701-1: important: Security update for jakarta-taglibs-standard Message-ID: <20170626221115.D90D0FFD6@maintenance.suse.de> SUSE Security Update: Security update for jakarta-taglibs-standard ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1701-1 Rating: important References: #920813 Cross-References: CVE-2015-0254 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-jakarta-taglibs-standard-13173=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): jakarta-taglibs-standard-1.1.1-234.31.1 jakarta-taglibs-standard-javadoc-1.1.1-234.31.1 References: https://www.suse.com/security/cve/CVE-2015-0254.html https://bugzilla.suse.com/920813 From sle-updates at lists.suse.com Mon Jun 26 19:09:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2017 03:09:54 +0200 (CEST) Subject: SUSE-RU-2017:1702-1: Recommended update for quilt Message-ID: <20170627010954.99994FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for quilt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1702-1 Rating: low References: #1042889 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for quilt provides the following fixes: - Do not use interactive mode with "quilt push -f". (bsc#1042889) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1049=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): quilt-0.61-6.4 References: https://bugzilla.suse.com/1042889 From sle-updates at lists.suse.com Tue Jun 27 07:10:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2017 15:10:20 +0200 (CEST) Subject: SUSE-OU-2017:1703-1: Initial release of chrome-gnome-shell Message-ID: <20170627131020.E95F7F7B2@maintenance.suse.de> SUSE Optional Update: Initial release of chrome-gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1703-1 Rating: low References: #1035469 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds chrome-gnome-shell to SUSE Linux Enterprise 12, bringing GNOME Shell integration for browsers compatible with the Chrome Extension standard, such as Mozilla Firefox. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1051=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1051=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1051=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): chrome-gnome-shell-9-2.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): chrome-gnome-shell-9-2.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): chrome-gnome-shell-9-2.1 References: https://bugzilla.suse.com/1035469 From sle-updates at lists.suse.com Tue Jun 27 07:10:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2017 15:10:44 +0200 (CEST) Subject: SUSE-SU-2017:1704-1: important: Security update for the Linux kernel Message-ID: <20170627131044.A7598FFD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1704-1 Rating: important References: #1045340 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Linux kernel update for SUSE Linux Enterprise 12 SP1 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1050=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1050=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1050=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1050=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.48.1 kernel-macros-3.12.74-60.64.48.1 kernel-source-3.12.74-60.64.48.1 - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.48.1 kernel-default-base-3.12.74-60.64.48.1 kernel-default-base-debuginfo-3.12.74-60.64.48.1 kernel-default-debuginfo-3.12.74-60.64.48.1 kernel-default-debugsource-3.12.74-60.64.48.1 kernel-default-devel-3.12.74-60.64.48.1 kernel-syms-3.12.74-60.64.48.1 kernel-xen-3.12.74-60.64.48.1 kernel-xen-base-3.12.74-60.64.48.1 kernel-xen-base-debuginfo-3.12.74-60.64.48.1 kernel-xen-debuginfo-3.12.74-60.64.48.1 kernel-xen-debugsource-3.12.74-60.64.48.1 kernel-xen-devel-3.12.74-60.64.48.1 kgraft-patch-3_12_74-60_64_48-default-1-2.1 kgraft-patch-3_12_74-60_64_48-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.48.1 kernel-default-base-3.12.74-60.64.48.1 kernel-default-base-debuginfo-3.12.74-60.64.48.1 kernel-default-debuginfo-3.12.74-60.64.48.1 kernel-default-debugsource-3.12.74-60.64.48.1 kernel-default-devel-3.12.74-60.64.48.1 kernel-syms-3.12.74-60.64.48.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.48.1 kernel-macros-3.12.74-60.64.48.1 kernel-source-3.12.74-60.64.48.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.48.1 kernel-xen-base-3.12.74-60.64.48.1 kernel-xen-base-debuginfo-3.12.74-60.64.48.1 kernel-xen-debuginfo-3.12.74-60.64.48.1 kernel-xen-debugsource-3.12.74-60.64.48.1 kernel-xen-devel-3.12.74-60.64.48.1 kgraft-patch-3_12_74-60_64_48-default-1-2.1 kgraft-patch-3_12_74-60_64_48-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.48.1 kernel-default-base-3.12.74-60.64.48.1 kernel-default-base-debuginfo-3.12.74-60.64.48.1 kernel-default-debuginfo-3.12.74-60.64.48.1 kernel-default-debugsource-3.12.74-60.64.48.1 kernel-default-devel-3.12.74-60.64.48.1 kernel-syms-3.12.74-60.64.48.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.48.1 kernel-macros-3.12.74-60.64.48.1 kernel-source-3.12.74-60.64.48.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.48.1 kernel-xen-base-3.12.74-60.64.48.1 kernel-xen-base-debuginfo-3.12.74-60.64.48.1 kernel-xen-debuginfo-3.12.74-60.64.48.1 kernel-xen-debugsource-3.12.74-60.64.48.1 kernel-xen-devel-3.12.74-60.64.48.1 kgraft-patch-3_12_74-60_64_48-default-1-2.1 kgraft-patch-3_12_74-60_64_48-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.48.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.48.1 kernel-ec2-debuginfo-3.12.74-60.64.48.1 kernel-ec2-debugsource-3.12.74-60.64.48.1 kernel-ec2-devel-3.12.74-60.64.48.1 kernel-ec2-extra-3.12.74-60.64.48.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.48.1 References: https://bugzilla.suse.com/1045340 From sle-updates at lists.suse.com Tue Jun 27 13:09:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2017 21:09:28 +0200 (CEST) Subject: SUSE-SU-2017:1705-1: moderate: Security update for freeradius-server Message-ID: <20170627190928.2528FFFD7@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1705-1 Rating: moderate References: #1027243 #1041445 Cross-References: CVE-2017-9148 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for freeradius-server fixes the following issues: Security issue fixed: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (bsc#1041445) Non security issue fixed: - Fix case insensitive matching in compiled regular expressions (bsc#1027243) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1056=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1056=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1056=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.3-17.4.1 freeradius-server-debugsource-3.0.3-17.4.1 freeradius-server-devel-3.0.3-17.4.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): freeradius-server-3.0.3-17.4.1 freeradius-server-debuginfo-3.0.3-17.4.1 freeradius-server-debugsource-3.0.3-17.4.1 freeradius-server-doc-3.0.3-17.4.1 freeradius-server-krb5-3.0.3-17.4.1 freeradius-server-krb5-debuginfo-3.0.3-17.4.1 freeradius-server-ldap-3.0.3-17.4.1 freeradius-server-ldap-debuginfo-3.0.3-17.4.1 freeradius-server-libs-3.0.3-17.4.1 freeradius-server-libs-debuginfo-3.0.3-17.4.1 freeradius-server-mysql-3.0.3-17.4.1 freeradius-server-mysql-debuginfo-3.0.3-17.4.1 freeradius-server-perl-3.0.3-17.4.1 freeradius-server-perl-debuginfo-3.0.3-17.4.1 freeradius-server-postgresql-3.0.3-17.4.1 freeradius-server-postgresql-debuginfo-3.0.3-17.4.1 freeradius-server-python-3.0.3-17.4.1 freeradius-server-python-debuginfo-3.0.3-17.4.1 freeradius-server-sqlite-3.0.3-17.4.1 freeradius-server-sqlite-debuginfo-3.0.3-17.4.1 freeradius-server-utils-3.0.3-17.4.1 freeradius-server-utils-debuginfo-3.0.3-17.4.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): freeradius-server-3.0.3-17.4.1 freeradius-server-debuginfo-3.0.3-17.4.1 freeradius-server-debugsource-3.0.3-17.4.1 freeradius-server-doc-3.0.3-17.4.1 freeradius-server-krb5-3.0.3-17.4.1 freeradius-server-krb5-debuginfo-3.0.3-17.4.1 freeradius-server-ldap-3.0.3-17.4.1 freeradius-server-ldap-debuginfo-3.0.3-17.4.1 freeradius-server-libs-3.0.3-17.4.1 freeradius-server-libs-debuginfo-3.0.3-17.4.1 freeradius-server-mysql-3.0.3-17.4.1 freeradius-server-mysql-debuginfo-3.0.3-17.4.1 freeradius-server-perl-3.0.3-17.4.1 freeradius-server-perl-debuginfo-3.0.3-17.4.1 freeradius-server-postgresql-3.0.3-17.4.1 freeradius-server-postgresql-debuginfo-3.0.3-17.4.1 freeradius-server-python-3.0.3-17.4.1 freeradius-server-python-debuginfo-3.0.3-17.4.1 freeradius-server-sqlite-3.0.3-17.4.1 freeradius-server-sqlite-debuginfo-3.0.3-17.4.1 freeradius-server-utils-3.0.3-17.4.1 freeradius-server-utils-debuginfo-3.0.3-17.4.1 References: https://www.suse.com/security/cve/CVE-2017-9148.html https://bugzilla.suse.com/1027243 https://bugzilla.suse.com/1041445 From sle-updates at lists.suse.com Tue Jun 27 13:09:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2017 21:09:58 +0200 (CEST) Subject: SUSE-SU-2017:1706-1: important: Security update for the Linux Kernel Message-ID: <20170627190958.DB6F4FFD7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1706-1 Rating: important References: #1045340 #1045406 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13178=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13178=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13178=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13178=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.105.1 kernel-default-base-3.0.101-0.47.105.1 kernel-default-devel-3.0.101-0.47.105.1 kernel-source-3.0.101-0.47.105.1 kernel-syms-3.0.101-0.47.105.1 kernel-trace-3.0.101-0.47.105.1 kernel-trace-base-3.0.101-0.47.105.1 kernel-trace-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.105.1 kernel-ec2-base-3.0.101-0.47.105.1 kernel-ec2-devel-3.0.101-0.47.105.1 kernel-xen-3.0.101-0.47.105.1 kernel-xen-base-3.0.101-0.47.105.1 kernel-xen-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.105.1 kernel-bigsmp-base-3.0.101-0.47.105.1 kernel-bigsmp-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.105.1 kernel-pae-base-3.0.101-0.47.105.1 kernel-pae-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.105.1 kernel-trace-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.105.1 kernel-default-base-3.0.101-0.47.105.1 kernel-default-devel-3.0.101-0.47.105.1 kernel-ec2-3.0.101-0.47.105.1 kernel-ec2-base-3.0.101-0.47.105.1 kernel-ec2-devel-3.0.101-0.47.105.1 kernel-pae-3.0.101-0.47.105.1 kernel-pae-base-3.0.101-0.47.105.1 kernel-pae-devel-3.0.101-0.47.105.1 kernel-source-3.0.101-0.47.105.1 kernel-syms-3.0.101-0.47.105.1 kernel-trace-3.0.101-0.47.105.1 kernel-trace-base-3.0.101-0.47.105.1 kernel-trace-devel-3.0.101-0.47.105.1 kernel-xen-3.0.101-0.47.105.1 kernel-xen-base-3.0.101-0.47.105.1 kernel-xen-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.105.1 kernel-default-debugsource-3.0.101-0.47.105.1 kernel-trace-debuginfo-3.0.101-0.47.105.1 kernel-trace-debugsource-3.0.101-0.47.105.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.105.1 kernel-ec2-debugsource-3.0.101-0.47.105.1 kernel-xen-debuginfo-3.0.101-0.47.105.1 kernel-xen-debugsource-3.0.101-0.47.105.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.105.1 kernel-bigsmp-debugsource-3.0.101-0.47.105.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.105.1 kernel-pae-debugsource-3.0.101-0.47.105.1 References: https://bugzilla.suse.com/1045340 https://bugzilla.suse.com/1045406 From sle-updates at lists.suse.com Wed Jun 28 04:10:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2017 12:10:00 +0200 (CEST) Subject: SUSE-SU-2017:1707-1: important: Security update for the Linux kernel Message-ID: <20170628101000.71F40FFD7@maintenance.suse.de> SUSE Security Update: Security update for the Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1707-1 Rating: important References: #1045340 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Linux kernel update for SUSE Linux Enterprise 12 SP2 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1058=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1058=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1058=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1058=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1058=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1058=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1058=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1058=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 kernel-default-extra-4.4.59-92.24.2 kernel-default-extra-debuginfo-4.4.59-92.24.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.59-92.24.2 kernel-obs-build-debugsource-4.4.59-92.24.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.59-92.24.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.59-92.24.2 kernel-default-base-4.4.59-92.24.2 kernel-default-base-debuginfo-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 kernel-default-devel-4.4.59-92.24.2 kernel-syms-4.4.59-92.24.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.59-92.24.2 kernel-macros-4.4.59-92.24.2 kernel-source-4.4.59-92.24.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.59-92.24.2 kernel-default-base-4.4.59-92.24.2 kernel-default-base-debuginfo-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 kernel-default-devel-4.4.59-92.24.2 kernel-syms-4.4.59-92.24.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.59-92.24.2 kernel-macros-4.4.59-92.24.2 kernel-source-4.4.59-92.24.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_24-default-1-2.3 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.59-92.24.2 cluster-md-kmp-default-debuginfo-4.4.59-92.24.2 cluster-network-kmp-default-4.4.59-92.24.2 cluster-network-kmp-default-debuginfo-4.4.59-92.24.2 dlm-kmp-default-4.4.59-92.24.2 dlm-kmp-default-debuginfo-4.4.59-92.24.2 gfs2-kmp-default-4.4.59-92.24.2 gfs2-kmp-default-debuginfo-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 ocfs2-kmp-default-4.4.59-92.24.2 ocfs2-kmp-default-debuginfo-4.4.59-92.24.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.59-92.24.2 kernel-macros-4.4.59-92.24.2 kernel-source-4.4.59-92.24.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 kernel-default-devel-4.4.59-92.24.2 kernel-default-extra-4.4.59-92.24.2 kernel-default-extra-debuginfo-4.4.59-92.24.2 kernel-syms-4.4.59-92.24.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 References: https://bugzilla.suse.com/1045340 From sle-updates at lists.suse.com Wed Jun 28 10:11:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2017 18:11:14 +0200 (CEST) Subject: SUSE-SU-2017:1709-1: important: Security update for php53 Message-ID: <20170628161114.7A6E0FFD7@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1709-1 Rating: important References: #1031246 #1044976 Cross-References: CVE-2017-7272 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. [bsc#1044976] The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13179=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13179=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13179=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-111.2 php53-imap-5.3.17-111.2 php53-posix-5.3.17-111.2 php53-readline-5.3.17-111.2 php53-sockets-5.3.17-111.2 php53-sqlite-5.3.17-111.2 php53-tidy-5.3.17-111.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-111.2 php53-5.3.17-111.2 php53-bcmath-5.3.17-111.2 php53-bz2-5.3.17-111.2 php53-calendar-5.3.17-111.2 php53-ctype-5.3.17-111.2 php53-curl-5.3.17-111.2 php53-dba-5.3.17-111.2 php53-dom-5.3.17-111.2 php53-exif-5.3.17-111.2 php53-fastcgi-5.3.17-111.2 php53-fileinfo-5.3.17-111.2 php53-ftp-5.3.17-111.2 php53-gd-5.3.17-111.2 php53-gettext-5.3.17-111.2 php53-gmp-5.3.17-111.2 php53-iconv-5.3.17-111.2 php53-intl-5.3.17-111.2 php53-json-5.3.17-111.2 php53-ldap-5.3.17-111.2 php53-mbstring-5.3.17-111.2 php53-mcrypt-5.3.17-111.2 php53-mysql-5.3.17-111.2 php53-odbc-5.3.17-111.2 php53-openssl-5.3.17-111.2 php53-pcntl-5.3.17-111.2 php53-pdo-5.3.17-111.2 php53-pear-5.3.17-111.2 php53-pgsql-5.3.17-111.2 php53-pspell-5.3.17-111.2 php53-shmop-5.3.17-111.2 php53-snmp-5.3.17-111.2 php53-soap-5.3.17-111.2 php53-suhosin-5.3.17-111.2 php53-sysvmsg-5.3.17-111.2 php53-sysvsem-5.3.17-111.2 php53-sysvshm-5.3.17-111.2 php53-tokenizer-5.3.17-111.2 php53-wddx-5.3.17-111.2 php53-xmlreader-5.3.17-111.2 php53-xmlrpc-5.3.17-111.2 php53-xmlwriter-5.3.17-111.2 php53-xsl-5.3.17-111.2 php53-zip-5.3.17-111.2 php53-zlib-5.3.17-111.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-111.2 php53-debugsource-5.3.17-111.2 References: https://www.suse.com/security/cve/CVE-2017-7272.html https://bugzilla.suse.com/1031246 https://bugzilla.suse.com/1044976 From sle-updates at lists.suse.com Wed Jun 28 10:11:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2017 18:11:53 +0200 (CEST) Subject: SUSE-RU-2017:1710-1: Recommended update for apache-commons-daemon Message-ID: <20170628161153.2D37EFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache-commons-daemon ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1710-1 Rating: low References: #716139 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache-commons-daemon provides the following fix: - Corrected error creating and using temporary files (bsc#716139) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1059=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1059=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): apache-commons-daemon-1.0.15-6.10 apache-commons-daemon-debugsource-1.0.15-6.10 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): apache-commons-daemon-javadoc-1.0.15-6.10 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): apache-commons-daemon-1.0.15-6.10 apache-commons-daemon-debugsource-1.0.15-6.10 - SUSE Linux Enterprise Server 12-SP2 (noarch): apache-commons-daemon-javadoc-1.0.15-6.10 References: https://bugzilla.suse.com/716139 From sle-updates at lists.suse.com Wed Jun 28 16:09:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 00:09:21 +0200 (CEST) Subject: SUSE-RU-2017:1711-1: Recommended update for build, osc Message-ID: <20170628220921.371F7FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for build, osc ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1711-1 Rating: low References: #1013981 #1018895 #944121 #953782 #973404 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: The Open Build Service Commander (osc) was updated to version 0.158.0, which brings many new features, enhancements and fixes: New commands added: - unpublish (requires OBS 2.8) - blame (requires OBS 2.9) - comment - checkconstraints - workerinfo - addchannels - enablechannel - service merge - service wait New options: - Add '--blame' option to osc meta command - Add '--build-opt' to osc build command - Add 'multibuild (-M)' to commands: buildlog, remotebuildlog, buildinfo, build, buildhistory, jobhistory, rebuild, restartbuild/abortbuild, wipebinaries, getbinaries - Add '--wipe' option to osc chroot for deleting buildroots - Add '--vm-memory' option to osc build - Add '--multibuild' to results command for showing all packages of a multibuild config - Add '--multibuild-package' option to results command for showing only one package of the multibuild config - Add 'osc service runall' to run all services locally, independent of the mode - Add 'build --vm-telnet' option for getting debug shell in KVM builds - Add 'buildhistory --limit' option - Add '--linkrev' option to branch command - Add '--add-repository-block' option to branch command - Add '--add-repository-rebuild' option to branch command Fixes and enhancements: - cat/less/blame: Default to expand to stay in sync with checkout - Show package status when repository configuration is broken - Try to autodetect local package when running 'osc build' - Comment requests in interactive mode - Fix wipebinaries to prevent wiping of complete repository - Add compat code for older APIs that do not support multibuild - Fix ssl.connection instantiation in case of old M2Crypto - Fix local service run for non-existent (server-side) package - Fix local build of kiwi images using obsrepositories:// - Show multibuild results by default - Support operation in checked out package for cat/less/blame - Highlight scheduled jobs with dispatch problems due to constraints - Allow to specify a log message in lock command - Fix "osc add" of new package container - Support snapcraft.yaml build descriptions - "osc add" of a directory offers to create an archive for uploading it - Support usage or preinstall images in local builds - Revision control options for "meta prj" - Support for new obs_scm services (OBS 2.7 needed) - Show errors on branch failures again - Maintenance request offers to supersede old, but still open requests - Support new package instances on branching when using -N parameter For a comprehensive list of changes please refer to the package's change log. Packages 'build', 'obs-service-format_spec_file' and 'obs-service-source_validator' also received updates bringing fixes and enhancements. Please refer to the respective change logs for a comprehensive list of changes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1061=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): build-20170320-8.1 build-initvm-s390-20170320-8.1 build-initvm-x86_64-20170320-8.1 build-mkbaselibs-20170320-8.1 obs-service-format_spec_file-20170204-3.1 obs-service-source_validator-0.6+git20170111.82ea590-8.1 osc-0.158.0-14.1 References: https://bugzilla.suse.com/1013981 https://bugzilla.suse.com/1018895 https://bugzilla.suse.com/944121 https://bugzilla.suse.com/953782 https://bugzilla.suse.com/973404 From sle-updates at lists.suse.com Wed Jun 28 19:09:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 03:09:15 +0200 (CEST) Subject: SUSE-SU-2017:1712-1: moderate: Security update for vim Message-ID: <20170629010915.D7386FFD7@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1712-1 Rating: moderate References: #1018870 #1024724 #1027053 #1027057 Cross-References: CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for vim fixes the following issues: Security issues fixed: - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed: - Speed up YAML syntax highlighting (bsc#1018870) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1063=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1063=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1063=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1063=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gvim-7.4.326-16.1 gvim-debuginfo-7.4.326-16.1 vim-7.4.326-16.1 vim-debuginfo-7.4.326-16.1 vim-debugsource-7.4.326-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): vim-data-7.4.326-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gvim-7.4.326-16.1 gvim-debuginfo-7.4.326-16.1 vim-7.4.326-16.1 vim-debuginfo-7.4.326-16.1 vim-debugsource-7.4.326-16.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): vim-data-7.4.326-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gvim-7.4.326-16.1 gvim-debuginfo-7.4.326-16.1 vim-7.4.326-16.1 vim-debuginfo-7.4.326-16.1 vim-debugsource-7.4.326-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): vim-data-7.4.326-16.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): vim-7.4.326-16.1 vim-debuginfo-7.4.326-16.1 vim-debugsource-7.4.326-16.1 References: https://www.suse.com/security/cve/CVE-2017-5953.html https://www.suse.com/security/cve/CVE-2017-6349.html https://www.suse.com/security/cve/CVE-2017-6350.html https://bugzilla.suse.com/1018870 https://bugzilla.suse.com/1024724 https://bugzilla.suse.com/1027053 https://bugzilla.suse.com/1027057 From sle-updates at lists.suse.com Wed Jun 28 19:10:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 03:10:17 +0200 (CEST) Subject: SUSE-RU-2017:1713-1: moderate: Recommended update for dovecot22 Message-ID: <20170629011017.6D8C8FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1713-1 Rating: moderate References: #1044110 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Dovecot 2.2.30.2, which brings many fixes and enhancements: - Multiple failed authentications within short time caused crashes. - Use timing safe comparisons for everything related to passwords. - Master process now sends SIGQUIT to all running children at shutdown, which instructs them to close all the socket listeners immediately. Restarting Dovecot should no longer fail due to some processes keeping the listeners open for a long time. - Add passdb { mechanisms=none } to match separate passdb lookup. - Add passdb { username_filter } to use passdb only if user matches the filter. - Add dsync_commit_msgs_interval setting. It attempts to commit the transaction after saving this many new messages. - Support imapc_features=search without ESEARCH extension. - Add imapc_features=fetch-bodystructure to pass through remote server's FETCH BODY and BODYSTRUCTURE. - Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the remote server. - Add allow_invalid_cert and ssl_ca_file parameters. - If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file. - Add "firstsaved" field to doveadm mailbox status. - Add old host's up/down and vhost count as parameters to director_flush_socket. - More fixes to automatically fix corruption in dovecot.list.index. - Fix support for dsync_features=empty-header-workaround. - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC. - Fix fts-lucene it to work again with mbox format. - Some internal error messages may have contained garbage in v2.2.29. - Re-encrypt when copying/moving mails and per-mailbox keys are used, otherwise the copied mails can't be opened. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1064=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1064=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1064=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.30.2-14.2 dovecot22-debugsource-2.2.30.2-14.2 dovecot22-devel-2.2.30.2-14.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dovecot22-2.2.30.2-14.2 dovecot22-backend-mysql-2.2.30.2-14.2 dovecot22-backend-mysql-debuginfo-2.2.30.2-14.2 dovecot22-backend-pgsql-2.2.30.2-14.2 dovecot22-backend-pgsql-debuginfo-2.2.30.2-14.2 dovecot22-backend-sqlite-2.2.30.2-14.2 dovecot22-backend-sqlite-debuginfo-2.2.30.2-14.2 dovecot22-debuginfo-2.2.30.2-14.2 dovecot22-debugsource-2.2.30.2-14.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dovecot22-2.2.30.2-14.2 dovecot22-backend-mysql-2.2.30.2-14.2 dovecot22-backend-mysql-debuginfo-2.2.30.2-14.2 dovecot22-backend-pgsql-2.2.30.2-14.2 dovecot22-backend-pgsql-debuginfo-2.2.30.2-14.2 dovecot22-backend-sqlite-2.2.30.2-14.2 dovecot22-backend-sqlite-debuginfo-2.2.30.2-14.2 dovecot22-debuginfo-2.2.30.2-14.2 dovecot22-debugsource-2.2.30.2-14.2 References: https://bugzilla.suse.com/1044110 From sle-updates at lists.suse.com Wed Jun 28 19:10:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 03:10:48 +0200 (CEST) Subject: SUSE-SU-2017:1714-1: moderate: Security update for apache2 Message-ID: <20170629011048.66ECEFFD7@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1714-1 Rating: moderate References: #1035829 #1041830 #1045060 #1045062 #1045065 Cross-References: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for apache2 provides the following fixes: Security issues fixed: - CVE-2017-3167: In Apache use of httpd ap_get_basic_auth_pw() outside of the authentication phase could lead to authentication requirements bypass (bsc#1045065) - CVE-2017-3169: In mod_ssl may have a dereference NULL pointer issue which could lead to denial of service (bsc#1045062) - CVE-2017-7679: In mod_mime can buffer over-read by 1 byte, potentially leading to a crash or information disclosure (bsc#1045060) Non-Security issues fixed: - Remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade. (bsc#1041830) - In gensslcert, use hostname when fqdn is too long. (bsc#1035829) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1062=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1062=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1062=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-28.1 apache2-debugsource-2.4.23-28.1 apache2-devel-2.4.23-28.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): apache2-2.4.23-28.1 apache2-debuginfo-2.4.23-28.1 apache2-debugsource-2.4.23-28.1 apache2-example-pages-2.4.23-28.1 apache2-prefork-2.4.23-28.1 apache2-prefork-debuginfo-2.4.23-28.1 apache2-utils-2.4.23-28.1 apache2-utils-debuginfo-2.4.23-28.1 apache2-worker-2.4.23-28.1 apache2-worker-debuginfo-2.4.23-28.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): apache2-doc-2.4.23-28.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): apache2-2.4.23-28.1 apache2-debuginfo-2.4.23-28.1 apache2-debugsource-2.4.23-28.1 apache2-example-pages-2.4.23-28.1 apache2-prefork-2.4.23-28.1 apache2-prefork-debuginfo-2.4.23-28.1 apache2-utils-2.4.23-28.1 apache2-utils-debuginfo-2.4.23-28.1 apache2-worker-2.4.23-28.1 apache2-worker-debuginfo-2.4.23-28.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): apache2-doc-2.4.23-28.1 References: https://www.suse.com/security/cve/CVE-2017-3167.html https://www.suse.com/security/cve/CVE-2017-3169.html https://www.suse.com/security/cve/CVE-2017-7679.html https://bugzilla.suse.com/1035829 https://bugzilla.suse.com/1041830 https://bugzilla.suse.com/1045060 https://bugzilla.suse.com/1045062 https://bugzilla.suse.com/1045065 From sle-updates at lists.suse.com Thu Jun 29 07:14:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 15:14:46 +0200 (CEST) Subject: SUSE-SU-2017:1715-1: important: Security update for xen Message-ID: <20170629131446.D5823FFD7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1715-1 Rating: important References: #1034845 #1037243 #1042160 #1042863 #1042882 #1042893 #1042915 #1042931 #1042938 Cross-References: CVE-2017-8309 CVE-2017-8905 CVE-2017-9330 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 6 fixes is now available. Description: This update for xen fixes the following security issues: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863) - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13181=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13181=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-13181=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.102-44.1 xen-libs-4.2.5_21-44.1 xen-tools-domU-4.2.5_21-44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-44.1 xen-doc-html-4.2.5_21-44.1 xen-doc-pdf-4.2.5_21-44.1 xen-libs-32bit-4.2.5_21-44.1 xen-tools-4.2.5_21-44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.102-44.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.102-44.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.102-44.1 xen-libs-4.2.5_21-44.1 xen-tools-domU-4.2.5_21-44.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-44.1 xen-debugsource-4.2.5_21-44.1 References: https://www.suse.com/security/cve/CVE-2017-8309.html https://www.suse.com/security/cve/CVE-2017-8905.html https://www.suse.com/security/cve/CVE-2017-9330.html https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1037243 https://bugzilla.suse.com/1042160 https://bugzilla.suse.com/1042863 https://bugzilla.suse.com/1042882 https://bugzilla.suse.com/1042893 https://bugzilla.suse.com/1042915 https://bugzilla.suse.com/1042931 https://bugzilla.suse.com/1042938 From sle-updates at lists.suse.com Thu Jun 29 10:10:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 18:10:45 +0200 (CEST) Subject: SUSE-SU-2017:1716-1: important: Security update for clamav Message-ID: <20170629161045.4A82EFFD7@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1716-1 Rating: important References: #1040662 #1045490 Cross-References: CVE-2012-6706 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in libclamunrar (bsc#1045490) Non security issues fixed: - Provide and obsolete clamav-nodb to trigger its removal in openSUSE Leap. (bsc#1040662) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1069=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1069=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1069=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1069=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1069=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1069=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1069=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 References: https://www.suse.com/security/cve/CVE-2012-6706.html https://bugzilla.suse.com/1040662 https://bugzilla.suse.com/1045490 From sle-updates at lists.suse.com Thu Jun 29 10:11:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 18:11:29 +0200 (CEST) Subject: SUSE-SU-2017:1717-1: moderate: Security update for php7 Message-ID: <20170629161129.7E50CFFD7@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1717-1 Rating: moderate References: #1032155 #1035111 #1040883 #1040889 #1040891 Cross-References: CVE-2016-6294 CVE-2017-6441 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for php7 fixes the following security issues: - CVE-2017-9224: stack out-of-bounds read occurs in match_at() could lead to Denial of service (bsc#1040891) - CVE-2017-9226: heap out-of-bounds write orread occurs in next_state_val() could lead to Denial of service(bsc#1040889) - CVE-2017-9227: stack out-of-bounds read in mbc_enc_len() could lead to Denial of service (bsc#1040883) - CVE-2017-6441: The _zval_get_long_func_ex in Zend/zend_operators.c in PHP allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script (bsc#1032155). - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1068=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1068=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-49.1 php7-debugsource-7.0.7-49.1 php7-devel-7.0.7-49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-49.1 apache2-mod_php7-debuginfo-7.0.7-49.1 php7-7.0.7-49.1 php7-bcmath-7.0.7-49.1 php7-bcmath-debuginfo-7.0.7-49.1 php7-bz2-7.0.7-49.1 php7-bz2-debuginfo-7.0.7-49.1 php7-calendar-7.0.7-49.1 php7-calendar-debuginfo-7.0.7-49.1 php7-ctype-7.0.7-49.1 php7-ctype-debuginfo-7.0.7-49.1 php7-curl-7.0.7-49.1 php7-curl-debuginfo-7.0.7-49.1 php7-dba-7.0.7-49.1 php7-dba-debuginfo-7.0.7-49.1 php7-debuginfo-7.0.7-49.1 php7-debugsource-7.0.7-49.1 php7-dom-7.0.7-49.1 php7-dom-debuginfo-7.0.7-49.1 php7-enchant-7.0.7-49.1 php7-enchant-debuginfo-7.0.7-49.1 php7-exif-7.0.7-49.1 php7-exif-debuginfo-7.0.7-49.1 php7-fastcgi-7.0.7-49.1 php7-fastcgi-debuginfo-7.0.7-49.1 php7-fileinfo-7.0.7-49.1 php7-fileinfo-debuginfo-7.0.7-49.1 php7-fpm-7.0.7-49.1 php7-fpm-debuginfo-7.0.7-49.1 php7-ftp-7.0.7-49.1 php7-ftp-debuginfo-7.0.7-49.1 php7-gd-7.0.7-49.1 php7-gd-debuginfo-7.0.7-49.1 php7-gettext-7.0.7-49.1 php7-gettext-debuginfo-7.0.7-49.1 php7-gmp-7.0.7-49.1 php7-gmp-debuginfo-7.0.7-49.1 php7-iconv-7.0.7-49.1 php7-iconv-debuginfo-7.0.7-49.1 php7-imap-7.0.7-49.1 php7-imap-debuginfo-7.0.7-49.1 php7-intl-7.0.7-49.1 php7-intl-debuginfo-7.0.7-49.1 php7-json-7.0.7-49.1 php7-json-debuginfo-7.0.7-49.1 php7-ldap-7.0.7-49.1 php7-ldap-debuginfo-7.0.7-49.1 php7-mbstring-7.0.7-49.1 php7-mbstring-debuginfo-7.0.7-49.1 php7-mcrypt-7.0.7-49.1 php7-mcrypt-debuginfo-7.0.7-49.1 php7-mysql-7.0.7-49.1 php7-mysql-debuginfo-7.0.7-49.1 php7-odbc-7.0.7-49.1 php7-odbc-debuginfo-7.0.7-49.1 php7-opcache-7.0.7-49.1 php7-opcache-debuginfo-7.0.7-49.1 php7-openssl-7.0.7-49.1 php7-openssl-debuginfo-7.0.7-49.1 php7-pcntl-7.0.7-49.1 php7-pcntl-debuginfo-7.0.7-49.1 php7-pdo-7.0.7-49.1 php7-pdo-debuginfo-7.0.7-49.1 php7-pgsql-7.0.7-49.1 php7-pgsql-debuginfo-7.0.7-49.1 php7-phar-7.0.7-49.1 php7-phar-debuginfo-7.0.7-49.1 php7-posix-7.0.7-49.1 php7-posix-debuginfo-7.0.7-49.1 php7-pspell-7.0.7-49.1 php7-pspell-debuginfo-7.0.7-49.1 php7-shmop-7.0.7-49.1 php7-shmop-debuginfo-7.0.7-49.1 php7-snmp-7.0.7-49.1 php7-snmp-debuginfo-7.0.7-49.1 php7-soap-7.0.7-49.1 php7-soap-debuginfo-7.0.7-49.1 php7-sockets-7.0.7-49.1 php7-sockets-debuginfo-7.0.7-49.1 php7-sqlite-7.0.7-49.1 php7-sqlite-debuginfo-7.0.7-49.1 php7-sysvmsg-7.0.7-49.1 php7-sysvmsg-debuginfo-7.0.7-49.1 php7-sysvsem-7.0.7-49.1 php7-sysvsem-debuginfo-7.0.7-49.1 php7-sysvshm-7.0.7-49.1 php7-sysvshm-debuginfo-7.0.7-49.1 php7-tokenizer-7.0.7-49.1 php7-tokenizer-debuginfo-7.0.7-49.1 php7-wddx-7.0.7-49.1 php7-wddx-debuginfo-7.0.7-49.1 php7-xmlreader-7.0.7-49.1 php7-xmlreader-debuginfo-7.0.7-49.1 php7-xmlrpc-7.0.7-49.1 php7-xmlrpc-debuginfo-7.0.7-49.1 php7-xmlwriter-7.0.7-49.1 php7-xmlwriter-debuginfo-7.0.7-49.1 php7-xsl-7.0.7-49.1 php7-xsl-debuginfo-7.0.7-49.1 php7-zip-7.0.7-49.1 php7-zip-debuginfo-7.0.7-49.1 php7-zlib-7.0.7-49.1 php7-zlib-debuginfo-7.0.7-49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-49.1 php7-pear-Archive_Tar-7.0.7-49.1 References: https://www.suse.com/security/cve/CVE-2016-6294.html https://www.suse.com/security/cve/CVE-2017-6441.html https://www.suse.com/security/cve/CVE-2017-9224.html https://www.suse.com/security/cve/CVE-2017-9226.html https://www.suse.com/security/cve/CVE-2017-9227.html https://bugzilla.suse.com/1032155 https://bugzilla.suse.com/1035111 https://bugzilla.suse.com/1040883 https://bugzilla.suse.com/1040889 https://bugzilla.suse.com/1040891 From sle-updates at lists.suse.com Thu Jun 29 10:12:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 18:12:39 +0200 (CEST) Subject: SUSE-SU-2017:1718-1: important: Security update for openvpn-openssl1 Message-ID: <20170629161239.41BE1FFD7@maintenance.suse.de> SUSE Security Update: Security update for openvpn-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1718-1 Rating: important References: #1038709 #1038711 #1038713 #1044947 #959511 #988522 Cross-References: CVE-2017-7478 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for openvpn-openssl1 fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a (quite inefficient) DoS attack on the server. [bsc#1044947, CVE-2017-7521] - The ASN1 parsing code contained a bug that could have resulted in some buffers being free()d twice, and this issue could have potentially been triggered remotely by a VPN peer. [bsc#1044947, CVE-2017-7521] - If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker between client and proxy could cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory was likely to contain the proxy password. If the proxy password had not been reused, this was unlikely to compromise the security of the OpenVPN tunnel itself. Clients who did not use the --http-proxy option with ntlm2 authentication were not affected. [bsc#1044947, CVE-2017-7520] - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] - The installed sample configuration file was updated to comply to FIPS requirements. [bsc#988522] - Remedy large latencies on the openVPN server during authentication process. [bsc#959511] - Fix potential denial-of-service attacks found during independent audits. [bsc#1038713, bsc#1038709, CVE-2017-7478, bsc#1038711, CVE-2017-7479] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openvpn-openssl1-13182=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openvpn-openssl1-2.3.2-0.9.1 openvpn-openssl1-down-root-plugin-2.3.2-0.9.1 References: https://www.suse.com/security/cve/CVE-2017-7478.html https://www.suse.com/security/cve/CVE-2017-7479.html https://www.suse.com/security/cve/CVE-2017-7508.html https://www.suse.com/security/cve/CVE-2017-7520.html https://www.suse.com/security/cve/CVE-2017-7521.html https://bugzilla.suse.com/1038709 https://bugzilla.suse.com/1038711 https://bugzilla.suse.com/1038713 https://bugzilla.suse.com/1044947 https://bugzilla.suse.com/959511 https://bugzilla.suse.com/988522 From sle-updates at lists.suse.com Thu Jun 29 13:10:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 21:10:42 +0200 (CEST) Subject: SUSE-OU-2017:1720-1: Security update for net-snmp Message-ID: <20170629191042.5D286FFD7@maintenance.suse.de> SUSE Optional Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1720-1 Rating: low References: #1011601 #1019450 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This update for net-snmp ships an additional library package built against openssl1 to allow linking libsnmp against other binaries that link against openssl1. (bsc#1011601 fate#322032) The Net-SNMP server and commandline clients themselves do not use TLS, so are not duplicated with openssl1 builds. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-net-snmp-13183=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-net-snmp-13183=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-net-snmp-13183=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-net-snmp-13183=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): net-snmp-devel-5.4.2.1-8.12.31.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.31.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): net-snmp-devel-32bit-5.4.2.1-8.12.31.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsnmp15-5.4.2.1-8.12.31.1 net-snmp-5.4.2.1-8.12.31.1 perl-SNMP-5.4.2.1-8.12.31.1 snmp-mibs-5.4.2.1-8.12.31.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsnmp15-32bit-5.4.2.1-8.12.31.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsnmp15-x86-5.4.2.1-8.12.31.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libsnmp15-openssl1-5.4.2.1-8.12.31.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libsnmp15-openssl1-32bit-5.4.2.1-8.12.31.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libsnmp15-openssl1-x86-5.4.2.1-8.12.31.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): net-snmp-debuginfo-5.4.2.1-8.12.31.1 net-snmp-debugsource-5.4.2.1-8.12.31.1 net-snmp-openssl1-debuginfo-5.4.2.1-8.12.31.1 net-snmp-openssl1-debugsource-5.4.2.1-8.12.31.1 References: https://bugzilla.suse.com/1011601 https://bugzilla.suse.com/1019450 From sle-updates at lists.suse.com Thu Jun 29 13:11:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 21:11:20 +0200 (CEST) Subject: SUSE-RU-2017:1721-1: Recommended update for release-notes-susemanager Message-ID: <20170629191120.5D50EFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1721-1 Rating: low References: #1046334 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: SUSE Manager 3.1 Release Notes have been updated to document: - Document automatic product installation when a child channel is added. - Some general clean-up of the documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1072=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): release-notes-susemanager-3.1.0-4.1 References: https://bugzilla.suse.com/1046334 From sle-updates at lists.suse.com Thu Jun 29 13:12:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2017 21:12:33 +0200 (CEST) Subject: SUSE-RU-2017:1723-1: Recommended update for susemanager-docs_en Message-ID: <20170629191233.8899BFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-docs_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1723-1 Rating: low References: #1043080 #1045266 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for the SUSE Manager Documentation fixes the following issues: - Updated documentation for LivePatching with SUSE Manager 3.1 (bsc#1043080) - Fixed some Reference Guide issues in Documentation. (bsc#1045266) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1071=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (noarch): susemanager-advanced-topics_en-pdf-3-9.1 susemanager-best-practices_en-pdf-3-9.1 susemanager-docs_en-3-9.1 susemanager-getting-started_en-pdf-3-9.1 susemanager-jsp_en-3-9.1 susemanager-reference_en-pdf-3-9.1 References: https://bugzilla.suse.com/1043080 https://bugzilla.suse.com/1045266 From sle-updates at lists.suse.com Thu Jun 29 16:13:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 00:13:25 +0200 (CEST) Subject: SUSE-RU-2017:1726-1: Recommended update for python-funcsigs Message-ID: <20170629221325.8023AFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-funcsigs ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1726-1 Rating: low References: #1002895 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-funcsigs 1.0.2, which brings mostly packaging and documentation improvements. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1074=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1074=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): python-funcsigs-1.0.2-5.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-funcsigs-1.0.2-5.1 References: https://bugzilla.suse.com/1002895 From sle-updates at lists.suse.com Thu Jun 29 16:14:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 00:14:35 +0200 (CEST) Subject: SUSE-RU-2017:1729-1: Recommended update for python-PyYAML Message-ID: <20170629221435.A4655FFD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-PyYAML ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1729-1 Rating: low References: #1002895 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 SUSE Enterprise Storage 3 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-PyYAML fixes the following issues: - Adding an implicit resolver to a derived loader should not affect the base loader. - Uniform representation for OrderedDict? across different versions of Python. - Fixed comparison to None warning. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1075=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1075=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-1075=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1075=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-1075=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2017-1075=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1075=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1075=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-1075=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1075=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1075=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-1075=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1075=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE OpenStack Cloud 6 (x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Manager Server 3.0 (x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Manager Proxy 3.0 (x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Linux Enterprise Module for Containers 12 (x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): python-PyYAML-3.12-25.1 python-PyYAML-debuginfo-3.12-25.1 python-PyYAML-debugsource-3.12-25.1 References: https://bugzilla.suse.com/1002895 From sle-updates at lists.suse.com Thu Jun 29 16:15:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 00:15:15 +0200 (CEST) Subject: SUSE-OU-2017:1731-1: Initial release of python-urllib3 Message-ID: <20170629221515.11DF5FFD7@maintenance.suse.de> SUSE Optional Update: Initial release of python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1731-1 Rating: low References: #1002895 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds python-urllib3 to the Public Cloud 12 Module. This is a new runtime requirement of recent versions of the Google Cloud SDK. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1073=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1073=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): python-httpretty-0.8.8-2.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-httpretty-0.8.8-2.1 python-urllib3-1.16-2.1 References: https://bugzilla.suse.com/1002895 From sle-updates at lists.suse.com Thu Jun 29 16:15:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 00:15:40 +0200 (CEST) Subject: SUSE-RU-2017:1732-1: Recommended update for sap-installation-wizard Message-ID: <20170629221540.00F0AFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sap-installation-wizard ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1732-1 Rating: low References: #1002571 #1004294 #1004303 #1005715 #1007507 #1010485 #1010523 #1012565 #1016602 #1030463 #1031106 #1031115 #1034878 #1038503 #1040398 #1045167 #962757 #966751 #987525 #988044 #988750 #989314 #991238 #992197 #992365 #992754 #993727 #996501 #997177 #997843 #999617 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has 31 recommended fixes can now be installed. Description: This update for sap-installation-wizard provides several fixes and enhancements: - Add SUSE Connect icon on desktop. (fate#321142) - Support new B1 HANA media structure at https://support.sap.com/b1software. - Prevent warning about non-existent xdg-desktop-icon during installation. (bsc#1031106) - Install yast2-sap-scp by default. (bsc#989314) - Do not install SAP HANA SR Scale Out by default. - Introduce new packages to software patterns. (bsc#988750) - Enhance SAP installation wizard for compatibility with SUSE Manager. (fate#320405) - Fix TREX installation. (bsc#997843) - Add B1H 9.2 support. - Generic HANA partitioning for new Dell servers. - Lenovo partition size adjustments. - Adjustments in Huawei server detection. Additionally. the following packages have been added to SLES for SAP 12 SP1 for x86_64: - sap-netscape-link - saprouter-systemd - saptune - yast2-saptune - yast2-hana-firewall Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1076=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): SLES_SAP-release-12.1-2.1 sap-installation-wizard-3.1.76-42.1 yast2-hana-firewall-1.1.5-2.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): saptune-1.0.5-2.4 saptune-debuginfo-1.0.5-2.4 saptune-debugsource-1.0.5-2.4 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): sap-netscape-link-0.1-2.3 saprouter-systemd-0.2-2.3 yast2-saptune-1.2-2.3 References: https://bugzilla.suse.com/1002571 https://bugzilla.suse.com/1004294 https://bugzilla.suse.com/1004303 https://bugzilla.suse.com/1005715 https://bugzilla.suse.com/1007507 https://bugzilla.suse.com/1010485 https://bugzilla.suse.com/1010523 https://bugzilla.suse.com/1012565 https://bugzilla.suse.com/1016602 https://bugzilla.suse.com/1030463 https://bugzilla.suse.com/1031106 https://bugzilla.suse.com/1031115 https://bugzilla.suse.com/1034878 https://bugzilla.suse.com/1038503 https://bugzilla.suse.com/1040398 https://bugzilla.suse.com/1045167 https://bugzilla.suse.com/962757 https://bugzilla.suse.com/966751 https://bugzilla.suse.com/987525 https://bugzilla.suse.com/988044 https://bugzilla.suse.com/988750 https://bugzilla.suse.com/989314 https://bugzilla.suse.com/991238 https://bugzilla.suse.com/992197 https://bugzilla.suse.com/992365 https://bugzilla.suse.com/992754 https://bugzilla.suse.com/993727 https://bugzilla.suse.com/996501 https://bugzilla.suse.com/997177 https://bugzilla.suse.com/997843 https://bugzilla.suse.com/999617 From sle-updates at lists.suse.com Thu Jun 29 16:21:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 00:21:04 +0200 (CEST) Subject: SUSE-SU-2017:1735-1: important: Security update for the Linux kernel Message-ID: <20170629222104.67C95FFD7@maintenance.suse.de> SUSE Security Update: Security update for the Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1735-1 Rating: important References: #1045340 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Linux kernel update for SUSE Linux Enterprise 12 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1077=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1077=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1077=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.80.1 kernel-macros-3.12.61-52.80.1 kernel-source-3.12.61-52.80.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.80.1 kernel-default-base-3.12.61-52.80.1 kernel-default-base-debuginfo-3.12.61-52.80.1 kernel-default-debuginfo-3.12.61-52.80.1 kernel-default-debugsource-3.12.61-52.80.1 kernel-default-devel-3.12.61-52.80.1 kernel-syms-3.12.61-52.80.1 kernel-xen-3.12.61-52.80.1 kernel-xen-base-3.12.61-52.80.1 kernel-xen-base-debuginfo-3.12.61-52.80.1 kernel-xen-debuginfo-3.12.61-52.80.1 kernel-xen-debugsource-3.12.61-52.80.1 kernel-xen-devel-3.12.61-52.80.1 kgraft-patch-3_12_61-52_80-default-1-2.1 kgraft-patch-3_12_61-52_80-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.80.1 kernel-default-base-3.12.61-52.80.1 kernel-default-base-debuginfo-3.12.61-52.80.1 kernel-default-debuginfo-3.12.61-52.80.1 kernel-default-debugsource-3.12.61-52.80.1 kernel-default-devel-3.12.61-52.80.1 kernel-syms-3.12.61-52.80.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.80.1 kernel-macros-3.12.61-52.80.1 kernel-source-3.12.61-52.80.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.80.1 kernel-xen-base-3.12.61-52.80.1 kernel-xen-base-debuginfo-3.12.61-52.80.1 kernel-xen-debuginfo-3.12.61-52.80.1 kernel-xen-debugsource-3.12.61-52.80.1 kernel-xen-devel-3.12.61-52.80.1 kgraft-patch-3_12_61-52_80-default-1-2.1 kgraft-patch-3_12_61-52_80-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.80.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.80.1 kernel-ec2-debuginfo-3.12.61-52.80.1 kernel-ec2-debugsource-3.12.61-52.80.1 kernel-ec2-devel-3.12.61-52.80.1 kernel-ec2-extra-3.12.61-52.80.1 kernel-ec2-extra-debuginfo-3.12.61-52.80.1 References: https://bugzilla.suse.com/1045340 From sle-updates at lists.suse.com Thu Jun 29 19:09:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 03:09:32 +0200 (CEST) Subject: SUSE-SU-2017:1736-1: important: Security update for bind Message-ID: <20170630010932.98920FFD7@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1736-1 Rating: important References: #1046554 #1046555 Cross-References: CVE-2017-3142 CVE-2017-3143 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1080=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1080=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1080=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1080=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1080=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1080=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1080=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): bind-doc-9.9.9P1-62.1 - SUSE OpenStack Cloud 6 (x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 bind-libs-32bit-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): bind-libs-32bit-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-libs-32bit-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 References: https://www.suse.com/security/cve/CVE-2017-3142.html https://www.suse.com/security/cve/CVE-2017-3143.html https://bugzilla.suse.com/1046554 https://bugzilla.suse.com/1046555 From sle-updates at lists.suse.com Thu Jun 29 19:10:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 03:10:12 +0200 (CEST) Subject: SUSE-SU-2017:1737-1: important: Security update for bind Message-ID: <20170630011012.92B97FFD7@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1737-1 Rating: important References: #1046554 #1046555 Cross-References: CVE-2017-3142 CVE-2017-3143 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13185=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13185=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-13185=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-13185=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13185=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-13185=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.50.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.50.1 bind-chrootenv-9.9.6P1-0.50.1 bind-doc-9.9.6P1-0.50.1 bind-libs-9.9.6P1-0.50.1 bind-utils-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.50.1 bind-chrootenv-9.9.6P1-0.50.1 bind-devel-9.9.6P1-0.50.1 bind-doc-9.9.6P1-0.50.1 bind-libs-9.9.6P1-0.50.1 bind-utils-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.50.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.50.1 bind-chrootenv-9.9.6P1-0.50.1 bind-devel-9.9.6P1-0.50.1 bind-doc-9.9.6P1-0.50.1 bind-libs-9.9.6P1-0.50.1 bind-utils-9.9.6P1-0.50.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.50.1 bind-debugsource-9.9.6P1-0.50.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.50.1 bind-debugsource-9.9.6P1-0.50.1 References: https://www.suse.com/security/cve/CVE-2017-3142.html https://www.suse.com/security/cve/CVE-2017-3143.html https://bugzilla.suse.com/1046554 https://bugzilla.suse.com/1046555 From sle-updates at lists.suse.com Thu Jun 29 19:10:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 03:10:50 +0200 (CEST) Subject: SUSE-SU-2017:1738-1: important: Security update for bind Message-ID: <20170630011050.2457EFFD7@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1738-1 Rating: important References: #1046554 #1046555 Cross-References: CVE-2017-3142 CVE-2017-3143 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1078=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1078=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): bind-doc-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): bind-9.9.9P1-28.37.1 bind-chrootenv-9.9.9P1-28.37.1 bind-debuginfo-9.9.9P1-28.37.1 bind-debugsource-9.9.9P1-28.37.1 bind-devel-9.9.9P1-28.37.1 bind-libs-32bit-9.9.9P1-28.37.1 bind-libs-9.9.9P1-28.37.1 bind-libs-debuginfo-32bit-9.9.9P1-28.37.1 bind-libs-debuginfo-9.9.9P1-28.37.1 bind-utils-9.9.9P1-28.37.1 bind-utils-debuginfo-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.37.1 bind-chrootenv-9.9.9P1-28.37.1 bind-debuginfo-9.9.9P1-28.37.1 bind-debugsource-9.9.9P1-28.37.1 bind-devel-9.9.9P1-28.37.1 bind-libs-9.9.9P1-28.37.1 bind-libs-debuginfo-9.9.9P1-28.37.1 bind-utils-9.9.9P1-28.37.1 bind-utils-debuginfo-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.37.1 bind-libs-debuginfo-32bit-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.37.1 References: https://www.suse.com/security/cve/CVE-2017-3142.html https://www.suse.com/security/cve/CVE-2017-3143.html https://bugzilla.suse.com/1046554 https://bugzilla.suse.com/1046555 From sle-updates at lists.suse.com Fri Jun 30 07:09:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 15:09:40 +0200 (CEST) Subject: SUSE-RU-2017:1739-1: Recommended update for dirmngr Message-ID: <20170630130940.93798FFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for dirmngr ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1739-1 Rating: low References: #1045943 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dirmngr provides the following fix: - Change logrotate from Requires to Recommends (bsc#1045943) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1082=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1082=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1082=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1082=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dirmngr-1.1.1-13.1 dirmngr-debuginfo-1.1.1-13.1 dirmngr-debugsource-1.1.1-13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dirmngr-1.1.1-13.1 dirmngr-debuginfo-1.1.1-13.1 dirmngr-debugsource-1.1.1-13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dirmngr-1.1.1-13.1 dirmngr-debuginfo-1.1.1-13.1 dirmngr-debugsource-1.1.1-13.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): dirmngr-1.1.1-13.1 dirmngr-debuginfo-1.1.1-13.1 dirmngr-debugsource-1.1.1-13.1 References: https://bugzilla.suse.com/1045943 From sle-updates at lists.suse.com Fri Jun 30 07:10:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2017 15:10:04 +0200 (CEST) Subject: SUSE-RU-2017:1740-1: Recommended update for OpenIPMI Message-ID: <20170630131004.B969EFFD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for OpenIPMI ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1740-1 Rating: low References: #1046174 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for OpenIPMI provides the following fix: - Fix pthread requirements in OpenIPMIpthread pkg-config settings. (bsc#1046174) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1083=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1083=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1083=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1083=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): OpenIPMI-debuginfo-2.0.21-9.1 OpenIPMI-debugsource-2.0.21-9.1 OpenIPMI-devel-2.0.21-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): OpenIPMI-2.0.21-9.1 OpenIPMI-debuginfo-2.0.21-9.1 OpenIPMI-debugsource-2.0.21-9.1 OpenIPMI-python-2.0.21-9.1 OpenIPMI-python-debuginfo-2.0.21-9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): OpenIPMI-2.0.21-9.1 OpenIPMI-debuginfo-2.0.21-9.1 OpenIPMI-debugsource-2.0.21-9.1 OpenIPMI-python-2.0.21-9.1 OpenIPMI-python-debuginfo-2.0.21-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): OpenIPMI-2.0.21-9.1 OpenIPMI-debuginfo-2.0.21-9.1 OpenIPMI-debugsource-2.0.21-9.1 References: https://bugzilla.suse.com/1046174