From sle-updates at lists.suse.com Tue May 2 10:10:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 May 2017 18:10:14 +0200 (CEST) Subject: SUSE-SU-2017:1143-1: important: Security update for xen Message-ID: <20170502161014.8B28B101BD@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1143-1 Rating: important References: #1022703 #1028655 #1029827 #1030144 #1034843 #1034844 #1034994 #1036146 Cross-References: CVE-2016-9603 CVE-2017-7718 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1029827: Additional xenstore patch - bsc#1036146: Xen VM dumped core to wrong path - bsc#1022703: Prevent Xen HVM guest with OVMF to hang with unattached CDRom Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-663=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-663=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-663=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.2_04-39.1 xen-devel-4.7.2_04-39.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.2_04-39.1 xen-debugsource-4.7.2_04-39.1 xen-doc-html-4.7.2_04-39.1 xen-libs-32bit-4.7.2_04-39.1 xen-libs-4.7.2_04-39.1 xen-libs-debuginfo-32bit-4.7.2_04-39.1 xen-libs-debuginfo-4.7.2_04-39.1 xen-tools-4.7.2_04-39.1 xen-tools-debuginfo-4.7.2_04-39.1 xen-tools-domU-4.7.2_04-39.1 xen-tools-domU-debuginfo-4.7.2_04-39.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.2_04-39.1 xen-debugsource-4.7.2_04-39.1 xen-libs-32bit-4.7.2_04-39.1 xen-libs-4.7.2_04-39.1 xen-libs-debuginfo-32bit-4.7.2_04-39.1 xen-libs-debuginfo-4.7.2_04-39.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-7718.html https://bugzilla.suse.com/1022703 https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1036146 From sle-updates at lists.suse.com Tue May 2 10:11:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 May 2017 18:11:58 +0200 (CEST) Subject: SUSE-SU-2017:1145-1: important: Security update for xen Message-ID: <20170502161158.4FF6A101BD@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1145-1 Rating: important References: #1028655 #1029827 #1030144 #1034843 #1034844 #1034845 #1034994 #1035483 Cross-References: CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1029827: Additional xenstore patch Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13084=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13084=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13084=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_18-57.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_18_3.0.101_97-57.1 xen-libs-4.4.4_18-57.1 xen-tools-domU-4.4.4_18-57.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_18-57.1 xen-doc-html-4.4.4_18-57.1 xen-libs-32bit-4.4.4_18-57.1 xen-tools-4.4.4_18-57.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_18_3.0.101_97-57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_18-57.1 xen-debugsource-4.4.4_18-57.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1035483 From sle-updates at lists.suse.com Tue May 2 10:13:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 May 2017 18:13:28 +0200 (CEST) Subject: SUSE-SU-2017:1146-1: important: Security update for xen Message-ID: <20170502161328.8B027101BD@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1146-1 Rating: important References: #1028655 #1033948 #1034843 #1034844 #1034845 #1034994 #1035483 Cross-References: CVE-2016-9603 CVE-2017-7718 CVE-2017-7980 CVE-2017-7995 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for xen fixes several security issues: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-xen-13085=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-xen-13085=1 - SUSE Manager 2.1: zypper in -t patch sleman21-xen-13085=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13085=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13085=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): xen-4.2.5_21-41.1 xen-doc-html-4.2.5_21-41.1 xen-doc-pdf-4.2.5_21-41.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-32bit-4.2.5_21-41.1 xen-libs-4.2.5_21-41.1 xen-tools-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 - SUSE Manager Proxy 2.1 (x86_64): xen-4.2.5_21-41.1 xen-doc-html-4.2.5_21-41.1 xen-doc-pdf-4.2.5_21-41.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-32bit-4.2.5_21-41.1 xen-libs-4.2.5_21-41.1 xen-tools-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 - SUSE Manager 2.1 (x86_64): xen-4.2.5_21-41.1 xen-doc-html-4.2.5_21-41.1 xen-doc-pdf-4.2.5_21-41.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-32bit-4.2.5_21-41.1 xen-libs-4.2.5_21-41.1 xen-tools-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-41.1 xen-doc-html-4.2.5_21-41.1 xen-doc-pdf-4.2.5_21-41.1 xen-libs-32bit-4.2.5_21-41.1 xen-tools-4.2.5_21-41.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-41.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.99-41.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-41.1 xen-libs-4.2.5_21-41.1 xen-tools-domU-4.2.5_21-41.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://www.suse.com/security/cve/CVE-2017-7995.html https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1033948 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1035483 From sle-updates at lists.suse.com Tue May 2 10:14:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 May 2017 18:14:45 +0200 (CEST) Subject: SUSE-SU-2017:1147-1: important: Security update for xen Message-ID: <20170502161445.68AF6101BD@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1147-1 Rating: important References: #1015348 #1022555 #1026636 #1027519 #1027570 #1028235 #1028655 #1029827 #1030144 #1030442 #1034843 #1034844 #1034845 #1034994 #1035483 Cross-References: CVE-2016-9603 CVE-2017-2633 CVE-2017-6414 CVE-2017-6505 CVE-2017-7718 CVE-2017-7980 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 9 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1027519: Missing upstream bug fixes - bsc#1015348: libvirtd does not start during boot - bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-661=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-661=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-661=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.5_10-22.14.1 xen-devel-4.5.5_10-22.14.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.5_10-22.14.1 xen-debugsource-4.5.5_10-22.14.1 xen-doc-html-4.5.5_10-22.14.1 xen-kmp-default-4.5.5_10_k3.12.69_60.64.35-22.14.1 xen-kmp-default-debuginfo-4.5.5_10_k3.12.69_60.64.35-22.14.1 xen-libs-32bit-4.5.5_10-22.14.1 xen-libs-4.5.5_10-22.14.1 xen-libs-debuginfo-32bit-4.5.5_10-22.14.1 xen-libs-debuginfo-4.5.5_10-22.14.1 xen-tools-4.5.5_10-22.14.1 xen-tools-debuginfo-4.5.5_10-22.14.1 xen-tools-domU-4.5.5_10-22.14.1 xen-tools-domU-debuginfo-4.5.5_10-22.14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.5_10-22.14.1 xen-debugsource-4.5.5_10-22.14.1 xen-kmp-default-4.5.5_10_k3.12.69_60.64.35-22.14.1 xen-kmp-default-debuginfo-4.5.5_10_k3.12.69_60.64.35-22.14.1 xen-libs-32bit-4.5.5_10-22.14.1 xen-libs-4.5.5_10-22.14.1 xen-libs-debuginfo-32bit-4.5.5_10-22.14.1 xen-libs-debuginfo-4.5.5_10-22.14.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-2633.html https://www.suse.com/security/cve/CVE-2017-6414.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://bugzilla.suse.com/1015348 https://bugzilla.suse.com/1022555 https://bugzilla.suse.com/1026636 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1027570 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1030442 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1035483 From sle-updates at lists.suse.com Tue May 2 10:17:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 May 2017 18:17:32 +0200 (CEST) Subject: SUSE-SU-2017:1148-1: important: Security update for xen Message-ID: <20170502161732.717DD101BD@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1148-1 Rating: important References: #1029827 #1034843 #1034844 #1034845 #1034994 #1035483 Cross-References: CVE-2017-7718 CVE-2017-7980 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035483). - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - Incorrect checks when handling exceptions allowed a malicious or buggy 64-bit PV guest to modify part of a physical memory page not belonging to it, potentially allowing for all of privilege escalation, host or other guest crashes, and information leaks (XSA-215, bsc#1034845) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). This non-security issue was fixed: - bsc#1029827: Additional xenstore fixes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-665=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-665=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): xen-4.4.4_18-22.39.1 xen-debugsource-4.4.4_18-22.39.1 xen-doc-html-4.4.4_18-22.39.1 xen-kmp-default-4.4.4_18_k3.12.61_52.69-22.39.1 xen-kmp-default-debuginfo-4.4.4_18_k3.12.61_52.69-22.39.1 xen-libs-32bit-4.4.4_18-22.39.1 xen-libs-4.4.4_18-22.39.1 xen-libs-debuginfo-32bit-4.4.4_18-22.39.1 xen-libs-debuginfo-4.4.4_18-22.39.1 xen-tools-4.4.4_18-22.39.1 xen-tools-debuginfo-4.4.4_18-22.39.1 xen-tools-domU-4.4.4_18-22.39.1 xen-tools-domU-debuginfo-4.4.4_18-22.39.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_18-22.39.1 xen-debugsource-4.4.4_18-22.39.1 xen-doc-html-4.4.4_18-22.39.1 xen-kmp-default-4.4.4_18_k3.12.61_52.69-22.39.1 xen-kmp-default-debuginfo-4.4.4_18_k3.12.61_52.69-22.39.1 xen-libs-32bit-4.4.4_18-22.39.1 xen-libs-4.4.4_18-22.39.1 xen-libs-debuginfo-32bit-4.4.4_18-22.39.1 xen-libs-debuginfo-4.4.4_18-22.39.1 xen-tools-4.4.4_18-22.39.1 xen-tools-debuginfo-4.4.4_18-22.39.1 xen-tools-domU-4.4.4_18-22.39.1 xen-tools-domU-debuginfo-4.4.4_18-22.39.1 References: https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1034843 https://bugzilla.suse.com/1034844 https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1034994 https://bugzilla.suse.com/1035483 From sle-updates at lists.suse.com Tue May 2 13:08:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 May 2017 21:08:53 +0200 (CEST) Subject: SUSE-SU-2017:1149-1: important: Security update for graphite2 Message-ID: <20170502190853.74FD9101BD@maintenance.suse.de> SUSE Security Update: Security update for graphite2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1149-1 Rating: important References: #1035204 Cross-References: CVE-2017-5436 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphite2 fixes one issue. This security issues was fixed: - CVE-2017-5436: An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution (bsc#1035204). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-668=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-668=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-668=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-668=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-668=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-668=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-668=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 graphite2-devel-1.3.1-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 graphite2-devel-1.3.1-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): graphite2-debuginfo-1.3.1-9.1 graphite2-debugsource-1.3.1-9.1 libgraphite2-3-1.3.1-9.1 libgraphite2-3-32bit-1.3.1-9.1 libgraphite2-3-debuginfo-1.3.1-9.1 libgraphite2-3-debuginfo-32bit-1.3.1-9.1 References: https://www.suse.com/security/cve/CVE-2017-5436.html https://bugzilla.suse.com/1035204 From sle-updates at lists.suse.com Wed May 3 07:09:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 15:09:03 +0200 (CEST) Subject: SUSE-SU-2017:1151-1: moderate: Security update for apparmor Message-ID: <20170503130903.69CCB101BD@maintenance.suse.de> SUSE Security Update: Security update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1151-1 Rating: moderate References: #1000201 #1016259 #1022610 #1029696 #1031529 Cross-References: CVE-2017-6507 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for apparmor provides the following fixes: This security issue was fixed: - CVE-2017-6507: Preserve unknown profiles when reloading apparmor.service (bsc#1029696) These non-security issues were fixed: - Add tunables/kernelvars abstraction. (bsc#1031529) - Update flags of ntpd profile. (bsc#1022610) - Force AppArmor to start after /var/lib mounts. (bsc#1016259) - Update mlmmj profiles. (bsc#1000201) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-669=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-669=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-669=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-669=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-669=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-669=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-669=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-669=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.8.2-54.1 libapparmor-devel-2.8.2-54.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): apparmor-debugsource-2.8.2-54.1 libapparmor-devel-2.8.2-54.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): apache2-mod_apparmor-2.8.2-54.1 apache2-mod_apparmor-debuginfo-2.8.2-54.1 apparmor-debugsource-2.8.2-54.1 apparmor-parser-2.8.2-54.1 apparmor-parser-debuginfo-2.8.2-54.1 libapparmor1-2.8.2-54.1 libapparmor1-debuginfo-2.8.2-54.1 pam_apparmor-2.8.2-54.1 perl-apparmor-2.8.2-54.1 perl-apparmor-debuginfo-2.8.2-54.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): apparmor-docs-2.8.2-54.1 apparmor-profiles-2.8.2-54.1 apparmor-utils-2.8.2-54.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): apache2-mod_apparmor-2.8.2-54.1 apache2-mod_apparmor-debuginfo-2.8.2-54.1 apparmor-debugsource-2.8.2-54.1 apparmor-parser-2.8.2-54.1 apparmor-parser-debuginfo-2.8.2-54.1 libapparmor1-2.8.2-54.1 libapparmor1-debuginfo-2.8.2-54.1 pam_apparmor-2.8.2-54.1 perl-apparmor-2.8.2-54.1 perl-apparmor-debuginfo-2.8.2-54.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): pam_apparmor-debuginfo-2.8.2-54.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): apparmor-docs-2.8.2-54.1 apparmor-profiles-2.8.2-54.1 apparmor-utils-2.8.2-54.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libapparmor1-32bit-2.8.2-54.1 libapparmor1-debuginfo-32bit-2.8.2-54.1 pam_apparmor-32bit-2.8.2-54.1 pam_apparmor-debuginfo-32bit-2.8.2-54.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-54.1 apache2-mod_apparmor-debuginfo-2.8.2-54.1 apparmor-debugsource-2.8.2-54.1 apparmor-parser-2.8.2-54.1 apparmor-parser-debuginfo-2.8.2-54.1 libapparmor1-2.8.2-54.1 libapparmor1-debuginfo-2.8.2-54.1 pam_apparmor-2.8.2-54.1 pam_apparmor-debuginfo-2.8.2-54.1 perl-apparmor-2.8.2-54.1 perl-apparmor-debuginfo-2.8.2-54.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libapparmor1-32bit-2.8.2-54.1 libapparmor1-debuginfo-32bit-2.8.2-54.1 pam_apparmor-32bit-2.8.2-54.1 pam_apparmor-debuginfo-32bit-2.8.2-54.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): apparmor-docs-2.8.2-54.1 apparmor-profiles-2.8.2-54.1 apparmor-utils-2.8.2-54.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): apparmor-docs-2.8.2-54.1 apparmor-profiles-2.8.2-54.1 apparmor-utils-2.8.2-54.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): apparmor-debugsource-2.8.2-54.1 apparmor-parser-2.8.2-54.1 apparmor-parser-debuginfo-2.8.2-54.1 libapparmor1-2.8.2-54.1 libapparmor1-32bit-2.8.2-54.1 libapparmor1-debuginfo-2.8.2-54.1 libapparmor1-debuginfo-32bit-2.8.2-54.1 pam_apparmor-2.8.2-54.1 pam_apparmor-32bit-2.8.2-54.1 pam_apparmor-debuginfo-2.8.2-54.1 pam_apparmor-debuginfo-32bit-2.8.2-54.1 perl-apparmor-2.8.2-54.1 perl-apparmor-debuginfo-2.8.2-54.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): apparmor-docs-2.8.2-54.1 apparmor-profiles-2.8.2-54.1 apparmor-utils-2.8.2-54.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): apparmor-debugsource-2.8.2-54.1 apparmor-parser-2.8.2-54.1 apparmor-parser-debuginfo-2.8.2-54.1 libapparmor1-2.8.2-54.1 libapparmor1-32bit-2.8.2-54.1 libapparmor1-debuginfo-2.8.2-54.1 libapparmor1-debuginfo-32bit-2.8.2-54.1 pam_apparmor-2.8.2-54.1 pam_apparmor-32bit-2.8.2-54.1 pam_apparmor-debuginfo-2.8.2-54.1 pam_apparmor-debuginfo-32bit-2.8.2-54.1 perl-apparmor-2.8.2-54.1 perl-apparmor-debuginfo-2.8.2-54.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): apparmor-debugsource-2.8.2-54.1 apparmor-parser-2.8.2-54.1 apparmor-parser-debuginfo-2.8.2-54.1 libapparmor1-2.8.2-54.1 libapparmor1-debuginfo-2.8.2-54.1 References: https://www.suse.com/security/cve/CVE-2017-6507.html https://bugzilla.suse.com/1000201 https://bugzilla.suse.com/1016259 https://bugzilla.suse.com/1022610 https://bugzilla.suse.com/1029696 https://bugzilla.suse.com/1031529 From sle-updates at lists.suse.com Wed May 3 07:10:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 15:10:10 +0200 (CEST) Subject: SUSE-SU-2017:1153-1: important: Security update for ghostscript-library Message-ID: <20170503131010.BEFE9101BD@maintenance.suse.de> SUSE Security Update: Security update for ghostscript-library ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1153-1 Rating: important References: #1036453 Cross-References: CVE-2017-8291 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ghostscript-library-13086=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ghostscript-library-13086=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ghostscript-library-13086=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.44.1 ghostscript-ijs-devel-8.62-32.44.1 libgimpprint-devel-4.2.7-32.44.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.44.1 ghostscript-fonts-rus-8.62-32.44.1 ghostscript-fonts-std-8.62-32.44.1 ghostscript-library-8.62-32.44.1 ghostscript-omni-8.62-32.44.1 ghostscript-x11-8.62-32.44.1 libgimpprint-4.2.7-32.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-library-debuginfo-8.62-32.44.1 ghostscript-library-debugsource-8.62-32.44.1 References: https://www.suse.com/security/cve/CVE-2017-8291.html https://bugzilla.suse.com/1036453 From sle-updates at lists.suse.com Wed May 3 13:08:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:08:59 +0200 (CEST) Subject: SUSE-RU-2017:1154-1: moderate: Recommended update for crowbar-openstack Message-ID: <20170503190859.36379FC39@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-openstack ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1154-1 Rating: moderate References: #1015324 #1025040 #1027791 #1029442 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crowbar-openstack fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. - crowbar_openstack_wsgi: Reload apache configuration. - magnum: Validate barbican barclamp in magnum. (bsc#1025040) - magnum: Expose trust/cluster_user_trust. - magnum: Stop encoding spaces into image URL. - barbican, ceilometer, ec2-api: Add SSL support. - database: Add ability to log slow queries in postgresql. - cinder: Fix typo in eternus backend configuration. - cinder: Disable snapshots in tempest when using the nfs backend. - cinder: Set backups_enabled to false. - nova: Remove non-existing connection_type option. - nova: Remove duplicate connection_type option. - nova: Disable image_cache_manager_interval. (bsc#1015324) - nova: Don't set my_ip in default attributes. - keystone: Enable domain specific configuration. - glance: Reintroduce VSphere insecure API option. (bsc#1027791) - glance: Fix typo in the expression for vmware_api_insecure. - horizon: Show the group in the WSGI process. - horizon: Create a dummy service for reload. (bsc#1029442) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-675=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): crowbar-openstack-4.0+git.1491457979.cfaad6bd-3.1 References: https://bugzilla.suse.com/1015324 https://bugzilla.suse.com/1025040 https://bugzilla.suse.com/1027791 https://bugzilla.suse.com/1029442 From sle-updates at lists.suse.com Wed May 3 13:09:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:09:49 +0200 (CEST) Subject: SUSE-RU-2017:1155-1: Recommended update for crowbar-ha Message-ID: <20170503190949.B2B78101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1155-1 Rating: low References: #1033225 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-ha fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. - haproxy: Configure stats interface through unix sockets. - pacemaker: Move set_maintenance_mode into pacemaker helper. - pacemaker: Improve remote primitive existence test. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-678=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): crowbar-ha-4.0+git.1490798515.6e09554-3.1 References: https://bugzilla.suse.com/1033225 From sle-updates at lists.suse.com Wed May 3 13:10:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:10:11 +0200 (CEST) Subject: SUSE-SU-2017:1156-1: moderate: Security update for firebird Message-ID: <20170503191011.58237101BF@maintenance.suse.de> SUSE Security Update: Security update for firebird ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1156-1 Rating: moderate References: #1023990 Cross-References: CVE-2017-6369 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for firebird fixes the following security issues: - CVE-2017-6369: Insufficient checks in the UDF subsystem in Firebird allowed remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so (bsc#1023990). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-671=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-671=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-671=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-671=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-671=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-671=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): firebird-classic-debuginfo-2.5.2.26539-15.1 firebird-classic-debugsource-2.5.2.26539-15.1 libfbembed2_5-2.5.2.26539-15.1 libfbembed2_5-debuginfo-2.5.2.26539-15.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): firebird-classic-debuginfo-2.5.2.26539-15.1 firebird-classic-debugsource-2.5.2.26539-15.1 libfbembed2_5-2.5.2.26539-15.1 libfbembed2_5-debuginfo-2.5.2.26539-15.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): firebird-classic-debuginfo-2.5.2.26539-15.1 firebird-classic-debugsource-2.5.2.26539-15.1 libfbembed-devel-2.5.2.26539-15.1 libfbembed2_5-2.5.2.26539-15.1 libfbembed2_5-debuginfo-2.5.2.26539-15.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): firebird-classic-debuginfo-2.5.2.26539-15.1 firebird-classic-debugsource-2.5.2.26539-15.1 firebird-debuginfo-2.5.2.26539-15.1 firebird-debugsource-2.5.2.26539-15.1 firebird-devel-2.5.2.26539-15.1 libfbembed-devel-2.5.2.26539-15.1 libfbembed2_5-2.5.2.26539-15.1 libfbembed2_5-debuginfo-2.5.2.26539-15.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): firebird-classic-debuginfo-2.5.2.26539-15.1 firebird-classic-debugsource-2.5.2.26539-15.1 libfbembed2_5-2.5.2.26539-15.1 libfbembed2_5-debuginfo-2.5.2.26539-15.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): firebird-classic-debuginfo-2.5.2.26539-15.1 firebird-classic-debugsource-2.5.2.26539-15.1 libfbembed2_5-2.5.2.26539-15.1 libfbembed2_5-debuginfo-2.5.2.26539-15.1 References: https://www.suse.com/security/cve/CVE-2017-6369.html https://bugzilla.suse.com/1023990 From sle-updates at lists.suse.com Wed May 3 13:10:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:10:36 +0200 (CEST) Subject: SUSE-RU-2017:1157-1: moderate: Recommended update for rubygem-crowbar-client Message-ID: <20170503191036.269AC101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-crowbar-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1157-1 Rating: moderate References: #1025206 #1025309 #1026111 #1029682 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rubygem-crowbar-client fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. - Fix for backup upload subcommand options. (bsc#1026111) - Check for file existence before uploading backup. (bsc#1025309) - Improve node reset command. (bsc#1025206) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-677=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 x86_64): ruby2.1-rubygem-crowbar-client-3.3.1-3.1 References: https://bugzilla.suse.com/1025206 https://bugzilla.suse.com/1025309 https://bugzilla.suse.com/1026111 https://bugzilla.suse.com/1029682 From sle-updates at lists.suse.com Wed May 3 13:11:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:11:26 +0200 (CEST) Subject: SUSE-RU-2017:1158-1: Recommended update for openstack-neutron Message-ID: <20170503191126.82439101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1158-1 Rating: low References: #1033225 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-neutron fixes the following issues: - Update to latest code from OpenStack Newton - Update neutron-ha-tool Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-681=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-neutron-9.3.1~a0~dev11-3.1 openstack-neutron-dhcp-agent-9.3.1~a0~dev11-3.1 openstack-neutron-doc-9.3.1~a0~dev11-3.3 openstack-neutron-ha-tool-9.3.1~a0~dev11-3.1 openstack-neutron-l3-agent-9.3.1~a0~dev11-3.1 openstack-neutron-linuxbridge-agent-9.3.1~a0~dev11-3.1 openstack-neutron-macvtap-agent-9.3.1~a0~dev11-3.1 openstack-neutron-metadata-agent-9.3.1~a0~dev11-3.1 openstack-neutron-metering-agent-9.3.1~a0~dev11-3.1 openstack-neutron-openvswitch-agent-9.3.1~a0~dev11-3.1 openstack-neutron-server-9.3.1~a0~dev11-3.1 python-neutron-9.3.1~a0~dev11-3.1 References: https://bugzilla.suse.com/1033225 From sle-updates at lists.suse.com Wed May 3 13:11:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:11:46 +0200 (CEST) Subject: SUSE-RU-2017:1159-1: Recommended update for crowbar Message-ID: <20170503191146.D6AEA101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1159-1 Rating: low References: #1015312 #1033160 #1035005 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-687=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-3.0+git.1492611393.d6af5ea2-23.1 crowbar-devel-3.0+git.1492611393.d6af5ea2-23.1 References: https://bugzilla.suse.com/1015312 https://bugzilla.suse.com/1033160 https://bugzilla.suse.com/1035005 From sle-updates at lists.suse.com Wed May 3 13:12:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:12:27 +0200 (CEST) Subject: SUSE-RU-2017:1160-1: Recommended update for crowbar-ha Message-ID: <20170503191227.354E5101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1160-1 Rating: low References: #1033225 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-ha fixes the following issues: - corosync: Write node's address into corosync.conf instead of subnet IP. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-686=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-ha-3.0+git.1491205908.0efc4c3-13.1 References: https://bugzilla.suse.com/1033225 From sle-updates at lists.suse.com Wed May 3 13:12:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:12:48 +0200 (CEST) Subject: SUSE-RU-2017:1161-1: Recommended update for crowbar-init Message-ID: <20170503191248.475EE101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1161-1 Rating: low References: #1033225 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-init fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. - Improve database migration error handling. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-680=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): crowbar-init-4.0+git.1491479307.eab11fc-4.1 References: https://bugzilla.suse.com/1033225 From sle-updates at lists.suse.com Wed May 3 13:13:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:13:10 +0200 (CEST) Subject: SUSE-RU-2017:1162-1: Recommended update for crowbar Message-ID: <20170503191310.E0895101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1162-1 Rating: low References: #1033225 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-672=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): crowbar-4.0+git.1491915678.e59707d1-3.1 crowbar-devel-4.0+git.1491915678.e59707d1-3.1 References: https://bugzilla.suse.com/1033225 From sle-updates at lists.suse.com Wed May 3 13:13:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:13:32 +0200 (CEST) Subject: SUSE-RU-2017:1163-1: moderate: Recommended update for openstack-keystone Message-ID: <20170503191332.223D7101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1163-1 Rating: moderate References: #1026326 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-keystone fixes the following issues: - Fix domain specific configuration. (bsc#1026326) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-673=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-keystone-10.0.2~a0~dev1-3.1 openstack-keystone-doc-10.0.2~a0~dev1-3.2 python-keystone-10.0.2~a0~dev1-3.1 References: https://bugzilla.suse.com/1026326 From sle-updates at lists.suse.com Wed May 3 13:13:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:13:59 +0200 (CEST) Subject: SUSE-RU-2017:1164-1: moderate: Recommended update for crowbar-core Message-ID: <20170503191359.0FB47101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1164-1 Rating: moderate References: #1011889 #1020914 #1020957 #1023972 #1024279 #1025194 #1026837 #1027230 #1027259 #1029179 #1029180 #1030462 #1033488 #1033632 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update for crowbar-core fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. - apache: Set timeout to 3600 to sync with the common crowbar timeout. - apply_role: Add progress logging. - crowbar: Do not crash on non-existing proposals. (bsc#1020957) - crowbar: Show real status of proposals in deployment queue page. - crowbar: Use new helpers for getting real status of a proposal. - crowbar: Log puma std{out,err}. - crowbar: Add missing translation for unready state. (bsc#1027230) - crowbar: Improve remote psql integration. - provisioner: Set blocksize option on tftp server to 1024. - provisioner: Stop storing the output of transitions to /var/log/crowbar. - provisioner: Stop calling crowbar_join with --debug. (bsc#1023972) - provisioner: Define nameservers in autoyast.xml. (bsc#1026837) - backup: Fix backup upload. (bsc#1025194) - dhcp: Don't send restart notifications to dhcp server if PXE is disabled. - dns: Add ability to configure additional search domains in resolv.conf. - network: Set MTU for VLAN parent interface. (bsc#1024279) - network: Fix undefined variable. (bsc#1027259) - updater: Refresh PTF repository. (bsc#1030462) - upgrade: Fix for lbaasv2 migration. (bsc#1033632) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-674=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 x86_64): crowbar-core-4.0+git.1492083732.54b34558-5.1 crowbar-core-branding-upstream-4.0+git.1492083732.54b34558-5.1 References: https://bugzilla.suse.com/1011889 https://bugzilla.suse.com/1020914 https://bugzilla.suse.com/1020957 https://bugzilla.suse.com/1023972 https://bugzilla.suse.com/1024279 https://bugzilla.suse.com/1025194 https://bugzilla.suse.com/1026837 https://bugzilla.suse.com/1027230 https://bugzilla.suse.com/1027259 https://bugzilla.suse.com/1029179 https://bugzilla.suse.com/1029180 https://bugzilla.suse.com/1030462 https://bugzilla.suse.com/1033488 https://bugzilla.suse.com/1033632 From sle-updates at lists.suse.com Wed May 3 13:16:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:16:43 +0200 (CEST) Subject: SUSE-RU-2017:1165-1: moderate: Recommended update for rubygem-crowbar-client Message-ID: <20170503191643.175A9101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-crowbar-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1165-1 Rating: moderate References: #1011581 #1023834 #1024907 #1025206 #1025309 #1026111 #1029682 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for rubygem-crowbar-client fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. - Catch error 406 when node alias is not unique. (bsc#1011581) - Fix for proposal edit subcommand. (bsc#1023834) - Fix for backup upload subcommand options. (bsc#1026111) - Check for file existence before uploading backup. (bsc#1025309) - Improve node reset command. (bsc#1025206) - Catch error 406 when node alias is not unique. (bsc#1011581) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-685=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-crowbar-client-3.3.1-9.1 References: https://bugzilla.suse.com/1011581 https://bugzilla.suse.com/1023834 https://bugzilla.suse.com/1024907 https://bugzilla.suse.com/1025206 https://bugzilla.suse.com/1025309 https://bugzilla.suse.com/1026111 https://bugzilla.suse.com/1029682 From sle-updates at lists.suse.com Wed May 3 13:18:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:18:13 +0200 (CEST) Subject: SUSE-RU-2017:1166-1: moderate: Recommended update for crowbar-ceph Message-ID: <20170503191813.F1A63101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1166-1 Rating: moderate References: #1022259 #1023801 #1025674 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar-ceph fixes the following issues: - ceph: Fix integration with external ceph clusters. (bsc#1025674) - ceph: Fix rgw and mds role search when calculating default pg_num. (bsc#1023801) - ceph: Improve node assignment validation. (bsc#1022259) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-676=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): crowbar-ceph-4.0+git.1489057041.f723a9f-3.1 References: https://bugzilla.suse.com/1022259 https://bugzilla.suse.com/1023801 https://bugzilla.suse.com/1025674 From sle-updates at lists.suse.com Wed May 3 13:18:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:18:57 +0200 (CEST) Subject: SUSE-RU-2017:1167-1: moderate: Recommended update for crowbar-core Message-ID: <20170503191857.318A4101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1167-1 Rating: moderate References: #1011889 #1012587 #1014835 #1016033 #1018110 #1021106 #1021596 #1022302 #1026112 #1028950 #1029179 #1032751 #840255 #985422 #989958 #990745 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has 16 recommended fixes can now be installed. Description: This update for crowbar-core fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. - Use World Wide Name as most persistent name for disks. (bsc#1022302) - proposal: Response with something useful when proposal commit fails. (bsc#1014835) - network_service: Log backtrace in error case. - cookbooks, utils: Remove unnecessary searches and cache. - crowbar: Mark the proposal as not applied on saving. - crowbar: Catch exceptions in apply_role. (partially fixes bsc#840255) - crowbar: Fix queue message when applying a proposal. (bsc#989958) - crowbar: Log current batch during apply_proposal. - ohai: common ohai attribute for libvirt guest uuid. - apache2: Do not define apache2 service twice. (bsc#1021106) - dns: Allow defining custom CNAME records. (bsc#1016033) - dns: Add ability to configure additional search domains in resolv.conf. - provisioner: Use correct attributes for autoyast profile. (bsc#1021596) - provisioner: Ensure /srv/tftpboot/validation.pem is correct. - provisioner: Avoid crash with incomplete network mappings. (bsc#990745) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-684=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-core-3.0+git.1491569331.d0a3ff28-20.1 crowbar-core-branding-upstream-3.0+git.1491569331.d0a3ff28-20.1 References: https://bugzilla.suse.com/1011889 https://bugzilla.suse.com/1012587 https://bugzilla.suse.com/1014835 https://bugzilla.suse.com/1016033 https://bugzilla.suse.com/1018110 https://bugzilla.suse.com/1021106 https://bugzilla.suse.com/1021596 https://bugzilla.suse.com/1022302 https://bugzilla.suse.com/1026112 https://bugzilla.suse.com/1028950 https://bugzilla.suse.com/1029179 https://bugzilla.suse.com/1032751 https://bugzilla.suse.com/840255 https://bugzilla.suse.com/985422 https://bugzilla.suse.com/989958 https://bugzilla.suse.com/990745 From sle-updates at lists.suse.com Wed May 3 13:21:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:21:32 +0200 (CEST) Subject: SUSE-RU-2017:1168-1: Recommended update for the SUSE OpenStack Cloud 7 documentation Message-ID: <20170503192132.A080B101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE OpenStack Cloud 7 documentation ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1168-1 Rating: low References: #1011885 #1019226 #1023171 #1023758 #1025232 #1025238 #1025240 #1025894 #1026168 #1026688 #1027029 #1027077 #1027684 #1028120 #1028441 #1028453 #1028663 #1028870 #1029851 #1029896 #1029929 #1030490 #1030676 #1031467 #1031469 #1031608 #1031615 #958678 #969537 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has 29 recommended fixes can now be installed. Description: This update for suse-openstack-cloud-user_en, suse-openstack-cloud-supplement_en, suse-openstack-cloud-deployment_en and suse-openstack-cloud-admin_en fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. - Improve general documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-682=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): suse-openstack-cloud-admin_en-7-8.1 suse-openstack-cloud-admin_en-pdf-7-8.1 suse-openstack-cloud-deployment_en-7-5.1 suse-openstack-cloud-deployment_en-pdf-7-5.1 suse-openstack-cloud-supplement_en-7-5.1 suse-openstack-cloud-supplement_en-pdf-7-5.1 suse-openstack-cloud-user_en-7-4.1 suse-openstack-cloud-user_en-pdf-7-4.1 References: https://bugzilla.suse.com/1011885 https://bugzilla.suse.com/1019226 https://bugzilla.suse.com/1023171 https://bugzilla.suse.com/1023758 https://bugzilla.suse.com/1025232 https://bugzilla.suse.com/1025238 https://bugzilla.suse.com/1025240 https://bugzilla.suse.com/1025894 https://bugzilla.suse.com/1026168 https://bugzilla.suse.com/1026688 https://bugzilla.suse.com/1027029 https://bugzilla.suse.com/1027077 https://bugzilla.suse.com/1027684 https://bugzilla.suse.com/1028120 https://bugzilla.suse.com/1028441 https://bugzilla.suse.com/1028453 https://bugzilla.suse.com/1028663 https://bugzilla.suse.com/1028870 https://bugzilla.suse.com/1029851 https://bugzilla.suse.com/1029896 https://bugzilla.suse.com/1029929 https://bugzilla.suse.com/1030490 https://bugzilla.suse.com/1030676 https://bugzilla.suse.com/1031467 https://bugzilla.suse.com/1031469 https://bugzilla.suse.com/1031608 https://bugzilla.suse.com/1031615 https://bugzilla.suse.com/958678 https://bugzilla.suse.com/969537 From sle-updates at lists.suse.com Wed May 3 13:25:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:25:43 +0200 (CEST) Subject: SUSE-RU-2017:1169-1: Recommended update for crowbar-ui and patterns-cloud Message-ID: <20170503192543.99BF2101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-ui and patterns-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1169-1 Rating: low References: #1033170 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds crowbar-ui to SUSE OpenStack Cloud 6 and patterns-cloud. This new package adds an new UI for the full workflow to upgrade the SUSE OpenStack Cloud 6 without interruption. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-683=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): patterns-cloud-admin-20150804-0.21.1 patterns-cloud-compute-20150804-0.21.1 patterns-cloud-controller-20150804-0.21.1 patterns-cloud-network-20150804-0.21.1 patterns-cloud-user-20150804-0.21.1 - SUSE OpenStack Cloud 6 (noarch): crowbar-ui-1.0.0+git.1491482439.8d5bd46-2.1 References: https://bugzilla.suse.com/1033170 From sle-updates at lists.suse.com Wed May 3 13:26:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 May 2017 21:26:07 +0200 (CEST) Subject: SUSE-RU-2017:1170-1: Recommended update for crowbar-ui Message-ID: <20170503192607.D7EEA101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-ui ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1170-1 Rating: low References: #1033225 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-ui fixes the following issues: - Enable upgrade from Cloud 6 to Cloud 7. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-679=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): crowbar-ui-1.0.0+git.1491482439.8d5bd46-3.1 References: https://bugzilla.suse.com/1033225 From sle-updates at lists.suse.com Wed May 3 16:08:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 May 2017 00:08:55 +0200 (CEST) Subject: SUSE-RU-2017:1171-1: Recommended update for release-notes-sles Message-ID: <20170503220855.58840101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1171-1 Rating: low References: #1027264 #1028467 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 11 SP4 have been updated to document: - Availability of libssh2_org version update. (bsc#1027264, fate#320942) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-release-notes-sles-13087=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): release-notes-sles-11.4.27-0.38.2 References: https://bugzilla.suse.com/1027264 https://bugzilla.suse.com/1028467 From sle-updates at lists.suse.com Wed May 3 16:09:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 May 2017 00:09:25 +0200 (CEST) Subject: SUSE-RU-2017:1172-1: Recommended update for boost Message-ID: <20170503220925.3BA5A101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for boost ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1172-1 Rating: low References: #1035216 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for boost fixes the following issues: - Backport upstream fix for a change in how Python interpreter handles __doc__ section in compiled modules. (bsc#1035216) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-boost-13088=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-boost-13088=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-boost-13088=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): boost-devel-1.36.0-12.8.1 boost-doc-1.36.0-12.8.1 libboost_date_time1_36_0-1.36.0-12.8.1 libboost_filesystem1_36_0-1.36.0-12.8.1 libboost_graph1_36_0-1.36.0-12.8.1 libboost_iostreams1_36_0-1.36.0-12.8.1 libboost_math1_36_0-1.36.0-12.8.1 libboost_program_options1_36_0-1.36.0-12.8.1 libboost_python1_36_0-1.36.0-12.8.1 libboost_serialization1_36_0-1.36.0-12.8.1 libboost_system1_36_0-1.36.0-12.8.1 libboost_test1_36_0-1.36.0-12.8.1 libboost_thread1_36_0-1.36.0-12.8.1 libboost_wave1_36_0-1.36.0-12.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 x86_64): libboost_mpi1_36_0-1.36.0-12.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libboost_regex1_36_0-1.36.0-12.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): boost-devel-32bit-1.36.0-12.8.1 libboost_date_time1_36_0-32bit-1.36.0-12.8.1 libboost_filesystem1_36_0-32bit-1.36.0-12.8.1 libboost_graph1_36_0-32bit-1.36.0-12.8.1 libboost_iostreams1_36_0-32bit-1.36.0-12.8.1 libboost_math1_36_0-32bit-1.36.0-12.8.1 libboost_program_options1_36_0-32bit-1.36.0-12.8.1 libboost_python1_36_0-32bit-1.36.0-12.8.1 libboost_regex1_36_0-32bit-1.36.0-12.8.1 libboost_serialization1_36_0-32bit-1.36.0-12.8.1 libboost_signals1_36_0-32bit-1.36.0-12.8.1 libboost_system1_36_0-32bit-1.36.0-12.8.1 libboost_test1_36_0-32bit-1.36.0-12.8.1 libboost_thread1_36_0-32bit-1.36.0-12.8.1 libboost_wave1_36_0-32bit-1.36.0-12.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): boost-license-1.36.0-12.8.1 libboost_program_options1_36_0-1.36.0-12.8.1 libboost_regex1_36_0-1.36.0-12.8.1 libboost_signals1_36_0-1.36.0-12.8.1 libboost_thread1_36_0-1.36.0-12.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): boost-debuginfo-1.36.0-12.8.1 boost-debugsource-1.36.0-12.8.1 References: https://bugzilla.suse.com/1035216 From sle-updates at lists.suse.com Wed May 3 16:09:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 May 2017 00:09:52 +0200 (CEST) Subject: SUSE-RU-2017:1173-1: Recommended update for evolution Message-ID: <20170503220952.47471101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for evolution ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1173-1 Rating: low References: #1015898 #990206 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for evolution provides the following fixes: - Improve performance with very large contact lists (bsc#990206) - Fix evolution sending email EPortEntry too large (bsc#1015898) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-690=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-690=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-690=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): evolution-3.20.5-17.22 evolution-debuginfo-3.20.5-17.22 evolution-debugsource-3.20.5-17.22 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): evolution-lang-3.20.5-17.22 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): evolution-debuginfo-3.20.5-17.22 evolution-debugsource-3.20.5-17.22 evolution-devel-3.20.5-17.22 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): evolution-3.20.5-17.22 evolution-debuginfo-3.20.5-17.22 evolution-debugsource-3.20.5-17.22 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): evolution-lang-3.20.5-17.22 References: https://bugzilla.suse.com/1015898 https://bugzilla.suse.com/990206 From sle-updates at lists.suse.com Thu May 4 07:09:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 May 2017 15:09:27 +0200 (CEST) Subject: SUSE-SU-2017:1174-1: moderate: Security update for wireshark Message-ID: <20170504130927.9A14BF7A6@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1174-1 Rating: moderate References: #1002981 #1010735 #1010740 #1010752 #1010754 #1010911 #1021739 #1025913 #1027998 #1033936 #1033937 #1033938 #1033939 #1033940 #1033941 #1033942 #1033943 #1033944 #1033945 #998761 #998762 #998763 #998800 #998963 #998964 Cross-References: CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-5596 CVE-2017-5597 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 23 vulnerabilities and has two fixes is now available. Description: Wireshark was updated to version 2.0.12, which brings several new features, enhancements and bug fixes. These security issues were fixed: - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936). - CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type (bsc#1033937). - CVE-2017-7702: In Wireshark the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation (bsc#1033938). - CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly (bsc#1033939). - CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value (bsc#1033940). - CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset (bsc#1033941). - CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check (bsc#1033942). - CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length (bsc#1033943). - CVE-2017-7747: In Wireshark the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree (bsc#1033944). - CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check (bsc#1033945). - CVE-2016-7179: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#998963). - CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large (bsc#1010735). - CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful (bsc#1010740). - CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable (bsc#1010752). - CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings (bsc#1010754). - CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark mishandled MAC address data, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet (bsc#998761). - CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark called snprintf with one of its input buffers as the output buffer, which allowed remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet (bsc#998762). - CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark did not restrict the number of channels, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet (bsc#998763). - CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark did not properly consider whether a string is constant, which allowed remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet (bsc#998800). - CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark did not ensure that memory is allocated for certain data structures, which allowed remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet (bsc#998964). - CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory (bsc#1025913). - CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow (bsc#1021739). - CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow (bsc#1021739). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13089=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13089=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13089=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-2.0.12-36.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): wireshark-2.0.12-36.1 wireshark-gtk-2.0.12-36.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-2.0.12-36.1 wireshark-gtk-2.0.12-36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-2.0.12-36.1 wireshark-debugsource-2.0.12-36.1 References: https://www.suse.com/security/cve/CVE-2016-7175.html https://www.suse.com/security/cve/CVE-2016-7176.html https://www.suse.com/security/cve/CVE-2016-7177.html https://www.suse.com/security/cve/CVE-2016-7178.html https://www.suse.com/security/cve/CVE-2016-7179.html https://www.suse.com/security/cve/CVE-2016-7180.html https://www.suse.com/security/cve/CVE-2016-9373.html https://www.suse.com/security/cve/CVE-2016-9374.html https://www.suse.com/security/cve/CVE-2016-9375.html https://www.suse.com/security/cve/CVE-2016-9376.html https://www.suse.com/security/cve/CVE-2017-5596.html https://www.suse.com/security/cve/CVE-2017-5597.html https://www.suse.com/security/cve/CVE-2017-6014.html https://www.suse.com/security/cve/CVE-2017-7700.html https://www.suse.com/security/cve/CVE-2017-7701.html https://www.suse.com/security/cve/CVE-2017-7702.html https://www.suse.com/security/cve/CVE-2017-7703.html https://www.suse.com/security/cve/CVE-2017-7704.html https://www.suse.com/security/cve/CVE-2017-7705.html https://www.suse.com/security/cve/CVE-2017-7745.html https://www.suse.com/security/cve/CVE-2017-7746.html https://www.suse.com/security/cve/CVE-2017-7747.html https://www.suse.com/security/cve/CVE-2017-7748.html https://bugzilla.suse.com/1002981 https://bugzilla.suse.com/1010735 https://bugzilla.suse.com/1010740 https://bugzilla.suse.com/1010752 https://bugzilla.suse.com/1010754 https://bugzilla.suse.com/1010911 https://bugzilla.suse.com/1021739 https://bugzilla.suse.com/1025913 https://bugzilla.suse.com/1027998 https://bugzilla.suse.com/1033936 https://bugzilla.suse.com/1033937 https://bugzilla.suse.com/1033938 https://bugzilla.suse.com/1033939 https://bugzilla.suse.com/1033940 https://bugzilla.suse.com/1033941 https://bugzilla.suse.com/1033942 https://bugzilla.suse.com/1033943 https://bugzilla.suse.com/1033944 https://bugzilla.suse.com/1033945 https://bugzilla.suse.com/998761 https://bugzilla.suse.com/998762 https://bugzilla.suse.com/998763 https://bugzilla.suse.com/998800 https://bugzilla.suse.com/998963 https://bugzilla.suse.com/998964 From sle-updates at lists.suse.com Thu May 4 07:13:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 May 2017 15:13:57 +0200 (CEST) Subject: SUSE-SU-2017:1175-1: important: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr Message-ID: <20170504131357.AC1A5101BF@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1175-1 Rating: important References: #1015499 #1015547 #1021636 #1030071 #1035082 #983639 Cross-References: CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for "export" grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a "slot" into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-13090=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-13090=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-13090=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-13090=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-13090=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-13090=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-13090=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-13090=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-13090=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libfreebl3-32bit-3.29.5-46.1 libsoftokn3-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-32bit-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libfreebl3-32bit-3.29.5-46.1 libsoftokn3-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-32bit-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libfreebl3-32bit-3.29.5-46.1 libsoftokn3-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-32bit-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.9.0esr-71.2 mozilla-nspr-devel-4.13.1-32.1 mozilla-nss-devel-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libsoftokn3-3.29.5-46.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libfreebl3-32bit-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nss-32bit-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.29.5-46.1 libsoftokn3-x86-3.29.5-46.1 mozilla-nspr-x86-4.13.1-32.1 mozilla-nss-x86-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libsoftokn3-3.29.5-46.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.29.5-46.1 libsoftokn3-32bit-3.29.5-46.1 mozilla-nspr-32bit-4.13.1-32.1 mozilla-nss-32bit-3.29.5-46.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.9.0esr-71.2 MozillaFirefox-translations-45.9.0esr-71.2 libfreebl3-3.29.5-46.1 libsoftokn3-3.29.5-46.1 mozilla-nspr-4.13.1-32.1 mozilla-nss-3.29.5-46.1 mozilla-nss-tools-3.29.5-46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-71.2 MozillaFirefox-debugsource-45.9.0esr-71.2 mozilla-nspr-debuginfo-4.13.1-32.1 mozilla-nspr-debugsource-4.13.1-32.1 mozilla-nss-debuginfo-3.29.5-46.1 mozilla-nss-debugsource-3.29.5-46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.13.1-32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): mozilla-nspr-debuginfo-x86-4.13.1-32.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-71.2 MozillaFirefox-debugsource-45.9.0esr-71.2 mozilla-nspr-debuginfo-4.13.1-32.1 mozilla-nspr-debugsource-4.13.1-32.1 mozilla-nss-debuginfo-3.29.5-46.1 mozilla-nss-debugsource-3.29.5-46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): mozilla-nspr-debuginfo-32bit-4.13.1-32.1 References: https://www.suse.com/security/cve/CVE-2016-1950.html https://www.suse.com/security/cve/CVE-2016-2834.html https://www.suse.com/security/cve/CVE-2016-8635.html https://www.suse.com/security/cve/CVE-2016-9574.html https://www.suse.com/security/cve/CVE-2017-5429.html https://www.suse.com/security/cve/CVE-2017-5432.html https://www.suse.com/security/cve/CVE-2017-5433.html https://www.suse.com/security/cve/CVE-2017-5434.html https://www.suse.com/security/cve/CVE-2017-5435.html https://www.suse.com/security/cve/CVE-2017-5436.html https://www.suse.com/security/cve/CVE-2017-5437.html https://www.suse.com/security/cve/CVE-2017-5438.html https://www.suse.com/security/cve/CVE-2017-5439.html https://www.suse.com/security/cve/CVE-2017-5440.html https://www.suse.com/security/cve/CVE-2017-5441.html https://www.suse.com/security/cve/CVE-2017-5442.html https://www.suse.com/security/cve/CVE-2017-5443.html https://www.suse.com/security/cve/CVE-2017-5444.html https://www.suse.com/security/cve/CVE-2017-5445.html https://www.suse.com/security/cve/CVE-2017-5446.html https://www.suse.com/security/cve/CVE-2017-5447.html https://www.suse.com/security/cve/CVE-2017-5448.html https://www.suse.com/security/cve/CVE-2017-5459.html https://www.suse.com/security/cve/CVE-2017-5460.html https://www.suse.com/security/cve/CVE-2017-5461.html https://www.suse.com/security/cve/CVE-2017-5462.html https://www.suse.com/security/cve/CVE-2017-5464.html https://www.suse.com/security/cve/CVE-2017-5465.html https://www.suse.com/security/cve/CVE-2017-5469.html https://bugzilla.suse.com/1015499 https://bugzilla.suse.com/1015547 https://bugzilla.suse.com/1021636 https://bugzilla.suse.com/1030071 https://bugzilla.suse.com/1035082 https://bugzilla.suse.com/983639 From sle-updates at lists.suse.com Thu May 4 10:11:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 May 2017 18:11:11 +0200 (CEST) Subject: SUSE-RU-2017:1178-1: moderate: Recommended update for SuSEfirewall2 Message-ID: <20170504161111.B5631101BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for SuSEfirewall2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1178-1 Rating: moderate References: #1014987 #785299 #841046 #847193 #906136 #938727 #961258 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for SuSEfirewall2 fixes the following issues: - Install symlink to SuSEfirewall2 with the updated SUSE spelling. (bsc#938727, fate#316521) - Remove basic.target to avoid loop with SuSEfirewall2. (bsc#961258) - Ignore the bootlock when incremental updates for hotplugged or virtual devices are coming in during boot. This prevents lockups for example when drbd is used with FW_BOOT_FULL_INIT. (bsc#785299) - Support for IPv6 in FW_TRUSTED_NETS config variable. (bsc#841046) - Don't log dropped broadcast IPv6 broadcast/multicast packets by default to avoid cluttering the kernel log. (bsc#847193) - Only apply FW_KERNEL_SECURITY proc settings, if not overriden by the administrator in /etc/sysctl.conf. This allows you to benefit from some of the kernel security settings, while overwriting others. (bsc#906136) - Fix a race condition in systemd unit files that could cause the SuSEfirewall2_init unit to sporadically fail, because /tmp was not there/writable yet. (bsc#1014987) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-693=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-693=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-693=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-693=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-693=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): SuSEfirewall2-3.6.312-2.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): SuSEfirewall2-3.6.312-2.3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): SuSEfirewall2-3.6.312-2.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): SuSEfirewall2-3.6.312-2.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): SuSEfirewall2-3.6.312-2.3.1 References: https://bugzilla.suse.com/1014987 https://bugzilla.suse.com/785299 https://bugzilla.suse.com/841046 https://bugzilla.suse.com/847193 https://bugzilla.suse.com/906136 https://bugzilla.suse.com/938727 https://bugzilla.suse.com/961258 From sle-updates at lists.suse.com Thu May 4 13:08:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 May 2017 21:08:56 +0200 (CEST) Subject: SUSE-RU-2017:1179-1: Recommended update for python-azure-agent Message-ID: <20170504190856.997BD101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1179-1 Rating: low References: #1035419 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent provides version 2.2.10 and brings the following fixes and improvements: - Clean up extension directories. - Provisioning logging improvements. - Override decode custom data. - Networking logging cleanup. - Keygen logging cleanup. - Reduce the monitoring loop wait time. - Improve host plugin failure handling. - Add telemetry for put status failures. - Improve extension handler logging. - Reduce guest agent update logging. - Add basic 32-bit support to interface detection. - Better heartbeat exception handling. - Better unhandled exception logging. - Improve NSG state management. - Better handling and cleanup of old events. - Pass environment variables to subprocess. - Improve RDMA package matching. - Better handling of resource disk mounting. - Data disks udev rule. - Enabled PageBlob support through HostGAPlugin. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-python-azure-agent-13091=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (x86_64): python-azure-agent-2.2.10-24.1 References: https://bugzilla.suse.com/1035419 From sle-updates at lists.suse.com Thu May 4 13:09:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 May 2017 21:09:22 +0200 (CEST) Subject: SUSE-RU-2017:1180-1: Recommended update for python-azure-agent Message-ID: <20170504190922.63E39101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1180-1 Rating: low References: #1035418 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent provides version 2.2.10 and brings the following fixes and improvements: - Clean up extension directories. - Provisioning logging improvements. - Override decode custom data. - Networking logging cleanup. - Keygen logging cleanup. - Reduce the monitoring loop wait time. - Improve host plugin failure handling. - Add telemetry for put status failures. - Improve extension handler logging. - Reduce guest agent update logging. - Add basic 32-bit support to interface detection. - Better heartbeat exception handling. - Better unhandled exception logging. - Improve NSG state management. - Better handling and cleanup of old events. - Pass environment variables to subprocess. - Improve RDMA package matching. - Better handling of resource disk mounting. - Data disks udev rule. - Enabled PageBlob support through HostGAPlugin. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-695=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.2.10-30.1 References: https://bugzilla.suse.com/1035418 From sle-updates at lists.suse.com Thu May 4 19:08:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 May 2017 03:08:57 +0200 (CEST) Subject: SUSE-RU-2017:1181-1: Recommended update for xorg-x11-driver-video Message-ID: <20170505010857.BA6E1101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-driver-video ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1181-1 Rating: low References: #1019348 #995542 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xorg-x11-driver-video provides the following fixes: - Add freqless profile that removes HorizSync and Vertrefrsh lines from xorg.conf for G200 SE rev. 4 cards; used by all G200 SE cards by now. (bsc#995542) - Add support for G200e rev 4 chipset. (bsc#995542) - Add support for the new deviceID for G200eW3. (bsc#1019348) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-driver-video-13092=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-driver-video-13092=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): xorg-x11-driver-video-7.4.0.1-0.99.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64): xorg-x11-driver-video-debuginfo-7.4.0.1-0.99.1 xorg-x11-driver-video-debugsource-7.4.0.1-0.99.1 References: https://bugzilla.suse.com/1019348 https://bugzilla.suse.com/995542 From sle-updates at lists.suse.com Fri May 5 07:09:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 May 2017 15:09:16 +0200 (CEST) Subject: SUSE-SU-2017:1182-1: moderate: Security update for audiofile Message-ID: <20170505130916.A8FEE101C1@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1182-1 Rating: moderate References: #1026978 #1026979 #1026980 #1026981 #1026982 #1026983 #1026984 #1026985 #1026986 #1026987 #1026988 Cross-References: CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for audiofile fixes the following issues: Security issues fixed: - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-audiofile-13093=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-audiofile-13093=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-audiofile-13093=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): audiofile-devel-0.2.6-142.17.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): audiofile-0.2.6-142.17.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): audiofile-32bit-0.2.6-142.17.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): audiofile-x86-0.2.6-142.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): audiofile-debuginfo-0.2.6-142.17.1 audiofile-debugsource-0.2.6-142.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): audiofile-debuginfo-32bit-0.2.6-142.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): audiofile-debuginfo-x86-0.2.6-142.17.1 References: https://www.suse.com/security/cve/CVE-2017-6827.html https://www.suse.com/security/cve/CVE-2017-6828.html https://www.suse.com/security/cve/CVE-2017-6829.html https://www.suse.com/security/cve/CVE-2017-6830.html https://www.suse.com/security/cve/CVE-2017-6831.html https://www.suse.com/security/cve/CVE-2017-6832.html https://www.suse.com/security/cve/CVE-2017-6833.html https://www.suse.com/security/cve/CVE-2017-6834.html https://www.suse.com/security/cve/CVE-2017-6835.html https://www.suse.com/security/cve/CVE-2017-6836.html https://www.suse.com/security/cve/CVE-2017-6837.html https://www.suse.com/security/cve/CVE-2017-6838.html https://www.suse.com/security/cve/CVE-2017-6839.html https://bugzilla.suse.com/1026978 https://bugzilla.suse.com/1026979 https://bugzilla.suse.com/1026980 https://bugzilla.suse.com/1026981 https://bugzilla.suse.com/1026982 https://bugzilla.suse.com/1026983 https://bugzilla.suse.com/1026984 https://bugzilla.suse.com/1026985 https://bugzilla.suse.com/1026986 https://bugzilla.suse.com/1026987 https://bugzilla.suse.com/1026988 From sle-updates at lists.suse.com Fri May 5 07:11:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 May 2017 15:11:30 +0200 (CEST) Subject: SUSE-SU-2017:1183-1: important: Security update for the Linux Kernel Message-ID: <20170505131130.21DEE101C1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1183-1 Rating: important References: #1007959 #1007962 #1008842 #1010032 #1011913 #1012382 #1012910 #1013994 #1014136 #1015609 #1017461 #1017641 #1018263 #1018419 #1019163 #1019614 #1019618 #1020048 #1021762 #1022340 #1022785 #1023866 #1024015 #1025683 #1026024 #1026405 #1026462 #1026505 #1026509 #1026692 #1026722 #1027054 #1027066 #1027153 #1027179 #1027189 #1027190 #1027195 #1027273 #1027616 #1028017 #1028027 #1028041 #1028158 #1028217 #1028325 #1028415 #1028819 #1028895 #1029220 #1029514 #1029634 #1029986 #1030118 #1030213 #1031003 #1031052 #1031200 #1031206 #1031208 #1031440 #1031481 #1031579 #1031660 #1031662 #1031717 #1031831 #1032006 #1032673 #1032681 #897662 #951844 #968697 #969755 #970083 #977572 #977860 #978056 #980892 #981634 #982783 #987899 #988281 #991173 #998106 Cross-References: CVE-2016-10200 CVE-2016-2117 CVE-2016-9191 CVE-2017-2596 CVE-2017-2671 CVE-2017-6074 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6353 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7374 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 69 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive various security and bugfixes. Notable new/improved features: - Improved support for Hyper-V - Support for Matrox G200eH3 - Support for tcp_westwood The following security bugs were fixed: - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely (bnc#1032006). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel had incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179). - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application (bnc#1008842). - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulated the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). The following non-security bugs were fixed: - ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819). - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819). - ACPI: Remove platform devices from a bus on removal (bsc#1028819). - HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL (bsc#1022340). - NFS: do not try to cross a mountpount when there isn't one there (bsc#1028041). - NFS: flush out dirty data on file fput() (bsc#1021762). - PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal (bug#1028217). - PCI: hv: Use device serial number as PCI domain (bug#1028217). - RAID1: a new I/O barrier implementation to remove resync window (bsc#998106,bsc#1020048,bsc#982783). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#998106,bsc#1020048,bsc#982783). - Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi). - Revert "give up on gcc ilog2() constant optimizations" (kabi). - Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow" (bsc#1028017). - Revert "net: introduce device min_header_len" (kabi). - Revert "nfit, libnvdimm: fix interleave set cookie calculation" (kabi). - Revert "target: Fix NULL dereference during LUN lookup + active I/O shutdown" (kabi). - acpi, nfit: fix acpi_nfit_flush_probe() crash (bsc#1031717). - acpi, nfit: fix extended status translations for ACPI DSMs (bsc#1031717). - arm64: Use full path in KBUILD_IMAGE definition (bsc#1010032). - arm64: hugetlb: fix the wrong address for several functions (bsc#1032681). - arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags (bsc#1032681). - arm64: hugetlb: remove the wrong pmd check in find_num_contig() (bsc#1032681). - arm: Use full path in KBUILD_IMAGE definition (bsc#1010032). - bnx2x: allow adding VLANs while interface is down (bsc#1027273). - bonding: fix 802.3ad aggregator reselection (bsc#1029514). - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614). - btrfs: allow unlink to exceed subvolume quota (bsc#1019614). - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641). - btrfs: incremental send, do not delay rename when parent inode is new (bsc#1028325). - btrfs: incremental send, do not issue invalid rmdir operations (bsc#1028325). - btrfs: qgroup: Move half of the qgroup accounting time out of commit trans (bsc#1017461). - btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1019614). - btrfs: send, fix failure to rename top level inode due to name collision (bsc#1028325). - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844 bsc#1024015) - cgroup/pids: remove spurious suspicious RCU usage warning (bnc#1031831). - crypto: algif_hash - avoid zero-sized array (bnc#1007962). - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692). - device-dax: fix private mapping restriction, permit read-only (bsc#1031717). - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913). - drm/i915: Fix crash after S3 resume with DP MST mode change (bsc#1029634). - drm/i915: Listen for PMIC bus access notifications (bsc#1011913). - drm/i915: Only enable hotplug interrupts if the display interrupts are enabled (bsc#1031717). - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959) - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755). - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755). - hv: export current Hyper-V clocksource (bsc#1031206). - hv: util: do not forget to init host_ts.lock (bsc#1031206). - hv: vmbus: Prevent sending data on a rescinded channel (bug#1028217). - hv_utils: implement Hyper-V PTP source (bsc#1031206). - i2c-designware: increase timeout (bsc#1011913). - i2c: designware-baytrail: Acquire P-Unit access on bus acquire (bsc#1011913). - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain (bsc#1011913). - i2c: designware-baytrail: Fix race when resetting the semaphore (bsc#1011913). - i2c: designware-baytrail: Only check iosf_mbi_available() for shared hosts (bsc#1011913). - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM method (bsc#1011913). - i2c: designware: Never suspend i2c-busses used for accessing the system PMIC (bsc#1011913). - i2c: designware: Rename accessor_flags to flags (bsc#1011913). - iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off (bsc#1031208). - kABI: protect struct iscsi_conn (kabi). - kABI: protect struct se_node_acl (kabi). - kABI: restore can_rx_register parameters (kabi). - kgr/module: make a taint flag module-specific - kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662). - kgr: remove all arch-specific kgraft header files - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415). - libnvdimm, pfn: fix memmap reservation size versus 4K alignment (bsc#1031717). - locking/semaphore: Add down_interruptible_timeout() (bsc#1031662). - md/raid1: Refactor raid1_make_request (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: add rcu protection to rdev in fix_read_error (References: bsc#998106,bsc#1020048,bsc#982783). - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: handle flush request correctly (bsc#998106,bsc#1020048,bsc#982783). - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118). - mm/memblock.c: fix memblock_next_valid_pfn() (bnc#1031200). - mm/page_alloc: Remove useless parameter of __free_pages_boot_core (bnc#1027195). - mm: fix set pageblock migratetype in deferred struct page init (bnc#1027195). - mm: page_alloc: skip over regions of invalid pfns where possible (bnc#1031200). - module: move add_taint_module() to a header file - net/ena: change condition for host attribute configuration (bsc#1026509). - net/ena: change driver's default timeouts (bsc#1026509). - net/ena: fix NULL dereference when removing the driver after device reset failed (bsc#1026509). - net/ena: fix RSS default hash configuration (bsc#1026509). - net/ena: fix ethtool RSS flow configuration (bsc#1026509). - net/ena: fix potential access to freed memory during device reset (bsc#1026509). - net/ena: fix queues number calculation (bsc#1026509). - net/ena: reduce the severity of ena printouts (bsc#1026509). - net/ena: refactor ena_get_stats64 to be atomic context safe (bsc#1026509). - net/ena: remove ntuple filter support from device feature list (bsc#1026509). - net/ena: update driver version to 1.1.2 (bsc#1026509). - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509). - net/mlx4_core: Avoid command timeouts during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Avoid delays during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#1028017). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#1028017). - net/mlx4_en: Fix bad WQE issue (bsc#1028017). - net: ena: Fix error return code in ena_device_init() (bsc#1026509). - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509). - net: ena: change the return type of ena_set_push_mode() to be void (bsc#1026509). - net: ena: remove superfluous check in ena_remove() (bsc#1026509). - net: ena: use setup_timer() and mod_timer() (bsc#1026509). - netfilter: allow logging from non-init namespaces (bsc#970083). - nvme: Do not suspend admin queue that wasn't created (bsc#1026505). - nvme: Suspend all queues before deletion (bsc#1026505). - ping: implement proper locking (bsc#1031003). - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895). - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data (bsc#1026462). - s390/kmsg: add missing kmsg descriptions (bnc#1025683). - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683). - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting (bsc#1018419). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#1027054). - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910). - softirq: Let ksoftirqd do its job (bsc#1019618). - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405). - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866). - x86/ioapic: Change prototype of acpi_ioapic_add() (bsc#1027153, bsc#1027616). - x86/ioapic: Fix IOAPIC failing to request resource (bsc#1027153, bsc#1027616). - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() (bsc#1027153, bsc#1027616). - x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd (bsc#1027153, bsc#1027616). - x86/ioapic: Fix setup_res() failing to get resource (bsc#1027153, bsc#1027616). - x86/ioapic: Ignore root bridges without a companion ACPI device (bsc#1027153, bsc#1027616). - x86/ioapic: Simplify ioapic_setup_resources() (bsc#1027153, bsc#1027616). - x86/ioapic: Support hot-removal of IOAPICs present during boot (bsc#1027153, bsc#1027616). - x86/ioapic: fix kABI (hide added include) (bsc#1027153, bsc#1027616). - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994). - x86/mce: Fix copy/paste error in exception table entries - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405). - x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866). - x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866). - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866). - x86/platform/UV: Clean up the NMI code to match current coding style (bsc#1023866). - x86/platform/UV: Clean up the UV APIC code (bsc#1023866). - x86/platform/UV: Ensure uv_system_init is called when necessary (bsc#1023866). - x86/platform/UV: Fix 2 socket config problem (bsc#1023866). - x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866). - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source (bsc#1023866). - x86/platform/UV: Verify NMI action is valid, default is standard (bsc#1023866). - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier (bsc#1011913). - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913). - x86/platform: Remove warning message for duplicate NMI handlers (bsc#1029220). - x86/ras/therm_throt: Do not log a fake MCE for thermal events (bsc#1028027). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xen/blkfront: Fix crash if backend does not follow the right states. - xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xen: Use machine addresses in /sys/kernel/vmcoreinfo when PV (bsc#1014136) - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation (bsc#1015609). - xgene_enet: remove bogus forward declarations (bsc#1032673). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-697=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-697=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-697=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-697=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-697=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-697=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-697=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-697=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.59-92.17.3 kernel-default-debugsource-4.4.59-92.17.3 kernel-default-extra-4.4.59-92.17.3 kernel-default-extra-debuginfo-4.4.59-92.17.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.59-92.17.3 kernel-obs-build-debugsource-4.4.59-92.17.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.59-92.17.8 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.59-92.17.3 kernel-default-base-4.4.59-92.17.3 kernel-default-base-debuginfo-4.4.59-92.17.3 kernel-default-debuginfo-4.4.59-92.17.3 kernel-default-debugsource-4.4.59-92.17.3 kernel-default-devel-4.4.59-92.17.3 kernel-syms-4.4.59-92.17.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.59-92.17.2 kernel-macros-4.4.59-92.17.2 kernel-source-4.4.59-92.17.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.59-92.17.3 kernel-default-base-4.4.59-92.17.3 kernel-default-base-debuginfo-4.4.59-92.17.3 kernel-default-debuginfo-4.4.59-92.17.3 kernel-default-debugsource-4.4.59-92.17.3 kernel-default-devel-4.4.59-92.17.3 kernel-syms-4.4.59-92.17.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.59-92.17.2 kernel-macros-4.4.59-92.17.2 kernel-source-4.4.59-92.17.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_17-default-1-2.3 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.59-92.17.3 cluster-md-kmp-default-debuginfo-4.4.59-92.17.3 cluster-network-kmp-default-4.4.59-92.17.3 cluster-network-kmp-default-debuginfo-4.4.59-92.17.3 dlm-kmp-default-4.4.59-92.17.3 dlm-kmp-default-debuginfo-4.4.59-92.17.3 gfs2-kmp-default-4.4.59-92.17.3 gfs2-kmp-default-debuginfo-4.4.59-92.17.3 kernel-default-debuginfo-4.4.59-92.17.3 kernel-default-debugsource-4.4.59-92.17.3 ocfs2-kmp-default-4.4.59-92.17.3 ocfs2-kmp-default-debuginfo-4.4.59-92.17.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.59-92.17.2 kernel-macros-4.4.59-92.17.2 kernel-source-4.4.59-92.17.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.59-92.17.3 kernel-default-debuginfo-4.4.59-92.17.3 kernel-default-debugsource-4.4.59-92.17.3 kernel-default-devel-4.4.59-92.17.3 kernel-default-extra-4.4.59-92.17.3 kernel-default-extra-debuginfo-4.4.59-92.17.3 kernel-syms-4.4.59-92.17.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.59-92.17.3 kernel-default-debuginfo-4.4.59-92.17.3 kernel-default-debugsource-4.4.59-92.17.3 References: https://www.suse.com/security/cve/CVE-2016-10200.html https://www.suse.com/security/cve/CVE-2016-2117.html https://www.suse.com/security/cve/CVE-2016-9191.html https://www.suse.com/security/cve/CVE-2017-2596.html https://www.suse.com/security/cve/CVE-2017-2671.html https://www.suse.com/security/cve/CVE-2017-6074.html https://www.suse.com/security/cve/CVE-2017-6214.html https://www.suse.com/security/cve/CVE-2017-6345.html https://www.suse.com/security/cve/CVE-2017-6346.html https://www.suse.com/security/cve/CVE-2017-6347.html https://www.suse.com/security/cve/CVE-2017-6353.html https://www.suse.com/security/cve/CVE-2017-7187.html https://www.suse.com/security/cve/CVE-2017-7261.html https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://www.suse.com/security/cve/CVE-2017-7374.html https://bugzilla.suse.com/1007959 https://bugzilla.suse.com/1007962 https://bugzilla.suse.com/1008842 https://bugzilla.suse.com/1010032 https://bugzilla.suse.com/1011913 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012910 https://bugzilla.suse.com/1013994 https://bugzilla.suse.com/1014136 https://bugzilla.suse.com/1015609 https://bugzilla.suse.com/1017461 https://bugzilla.suse.com/1017641 https://bugzilla.suse.com/1018263 https://bugzilla.suse.com/1018419 https://bugzilla.suse.com/1019163 https://bugzilla.suse.com/1019614 https://bugzilla.suse.com/1019618 https://bugzilla.suse.com/1020048 https://bugzilla.suse.com/1021762 https://bugzilla.suse.com/1022340 https://bugzilla.suse.com/1022785 https://bugzilla.suse.com/1023866 https://bugzilla.suse.com/1024015 https://bugzilla.suse.com/1025683 https://bugzilla.suse.com/1026024 https://bugzilla.suse.com/1026405 https://bugzilla.suse.com/1026462 https://bugzilla.suse.com/1026505 https://bugzilla.suse.com/1026509 https://bugzilla.suse.com/1026692 https://bugzilla.suse.com/1026722 https://bugzilla.suse.com/1027054 https://bugzilla.suse.com/1027066 https://bugzilla.suse.com/1027153 https://bugzilla.suse.com/1027179 https://bugzilla.suse.com/1027189 https://bugzilla.suse.com/1027190 https://bugzilla.suse.com/1027195 https://bugzilla.suse.com/1027273 https://bugzilla.suse.com/1027616 https://bugzilla.suse.com/1028017 https://bugzilla.suse.com/1028027 https://bugzilla.suse.com/1028041 https://bugzilla.suse.com/1028158 https://bugzilla.suse.com/1028217 https://bugzilla.suse.com/1028325 https://bugzilla.suse.com/1028415 https://bugzilla.suse.com/1028819 https://bugzilla.suse.com/1028895 https://bugzilla.suse.com/1029220 https://bugzilla.suse.com/1029514 https://bugzilla.suse.com/1029634 https://bugzilla.suse.com/1029986 https://bugzilla.suse.com/1030118 https://bugzilla.suse.com/1030213 https://bugzilla.suse.com/1031003 https://bugzilla.suse.com/1031052 https://bugzilla.suse.com/1031200 https://bugzilla.suse.com/1031206 https://bugzilla.suse.com/1031208 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031579 https://bugzilla.suse.com/1031660 https://bugzilla.suse.com/1031662 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1031831 https://bugzilla.suse.com/1032006 https://bugzilla.suse.com/1032673 https://bugzilla.suse.com/1032681 https://bugzilla.suse.com/897662 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/968697 https://bugzilla.suse.com/969755 https://bugzilla.suse.com/970083 https://bugzilla.suse.com/977572 https://bugzilla.suse.com/977860 https://bugzilla.suse.com/978056 https://bugzilla.suse.com/980892 https://bugzilla.suse.com/981634 https://bugzilla.suse.com/982783 https://bugzilla.suse.com/987899 https://bugzilla.suse.com/988281 https://bugzilla.suse.com/991173 https://bugzilla.suse.com/998106 From sle-updates at lists.suse.com Fri May 5 10:09:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 May 2017 18:09:57 +0200 (CEST) Subject: SUSE-RU-2017:1184-1: Recommended update for libvirt Message-ID: <20170505160957.D2CAA101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1184-1 Rating: low References: #1003379 #1015348 #1017762 #1019969 #987002 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libvirt provides the following fixes: - Add Conflicts=xendomains.service to libvirtd service (bsc#1015348) - libxl: more fixes for dom0 maxmem setting (bsc#1017762) - libxl: fix reporting of domain maximum memory and vcpus (bsc#1017762) - libxl: fix build when treating warnings as error - libxl: set disk format to raw if not specified and fix disk detach (bsc#1003379) - libxl: fix timer configurations (bsc#1019969) - libxl: always enable pae for x86_64 HVM (bsc#987002) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-699=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-699=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-699=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-699=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libvirt-client-32bit-1.2.18.4-21.1 libvirt-client-debuginfo-32bit-1.2.18.4-21.1 libvirt-debugsource-1.2.18.4-21.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libvirt-debugsource-1.2.18.4-21.1 libvirt-devel-1.2.18.4-21.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libvirt-1.2.18.4-21.1 libvirt-client-1.2.18.4-21.1 libvirt-client-debuginfo-1.2.18.4-21.1 libvirt-daemon-1.2.18.4-21.1 libvirt-daemon-config-network-1.2.18.4-21.1 libvirt-daemon-config-nwfilter-1.2.18.4-21.1 libvirt-daemon-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-interface-1.2.18.4-21.1 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-lxc-1.2.18.4-21.1 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-network-1.2.18.4-21.1 libvirt-daemon-driver-network-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-nodedev-1.2.18.4-21.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-nwfilter-1.2.18.4-21.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-qemu-1.2.18.4-21.1 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-secret-1.2.18.4-21.1 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-storage-1.2.18.4-21.1 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-21.1 libvirt-daemon-lxc-1.2.18.4-21.1 libvirt-daemon-qemu-1.2.18.4-21.1 libvirt-debugsource-1.2.18.4-21.1 libvirt-doc-1.2.18.4-21.1 libvirt-lock-sanlock-1.2.18.4-21.1 libvirt-lock-sanlock-debuginfo-1.2.18.4-21.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libvirt-daemon-driver-libxl-1.2.18.4-21.1 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-21.1 libvirt-daemon-xen-1.2.18.4-21.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libvirt-1.2.18.4-21.1 libvirt-client-1.2.18.4-21.1 libvirt-client-32bit-1.2.18.4-21.1 libvirt-client-debuginfo-1.2.18.4-21.1 libvirt-client-debuginfo-32bit-1.2.18.4-21.1 libvirt-daemon-1.2.18.4-21.1 libvirt-daemon-config-network-1.2.18.4-21.1 libvirt-daemon-config-nwfilter-1.2.18.4-21.1 libvirt-daemon-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-interface-1.2.18.4-21.1 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-libxl-1.2.18.4-21.1 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-lxc-1.2.18.4-21.1 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-network-1.2.18.4-21.1 libvirt-daemon-driver-network-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-nodedev-1.2.18.4-21.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-nwfilter-1.2.18.4-21.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-qemu-1.2.18.4-21.1 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-secret-1.2.18.4-21.1 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-21.1 libvirt-daemon-driver-storage-1.2.18.4-21.1 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-21.1 libvirt-daemon-lxc-1.2.18.4-21.1 libvirt-daemon-qemu-1.2.18.4-21.1 libvirt-daemon-xen-1.2.18.4-21.1 libvirt-debugsource-1.2.18.4-21.1 libvirt-doc-1.2.18.4-21.1 References: https://bugzilla.suse.com/1003379 https://bugzilla.suse.com/1015348 https://bugzilla.suse.com/1017762 https://bugzilla.suse.com/1019969 https://bugzilla.suse.com/987002 From sle-updates at lists.suse.com Fri May 5 10:11:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 May 2017 18:11:28 +0200 (CEST) Subject: SUSE-RU-2017:1185-1: Recommended update for autoyast2 Message-ID: <20170505161128.87A4A101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1185-1 Rating: low References: #986049 #986124 #990494 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for autoyast2 fixes the following issues: - Added missed flag "install_recommended" in software section. (bsc#990494) - Check if AutoYaST "script" elements are hashes. Other entries will be ignored. (bsc#986049) - Exporting NFS root partition correctly. (bsc#986124) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-700=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-700=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): autoyast2-3.1.101.18-15.10 autoyast2-installation-3.1.101.18-15.10 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): autoyast2-3.1.101.18-15.10 autoyast2-installation-3.1.101.18-15.10 References: https://bugzilla.suse.com/986049 https://bugzilla.suse.com/986124 https://bugzilla.suse.com/990494 From sle-updates at lists.suse.com Fri May 5 16:08:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2017 00:08:40 +0200 (CEST) Subject: SUSE-RU-2017:1186-1: Recommended update for smt Message-ID: <20170505220840.31DC110049@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1186-1 Rating: low References: #1025898 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for smt provides the following fixes: - Share the product data with the sibling server. (bsc#1025898) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-701=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-701=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-701=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-701=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): res-signingkeys-3.0.24-45.4 smt-3.0.24-45.4 smt-debuginfo-3.0.24-45.4 smt-debugsource-3.0.24-45.4 smt-support-3.0.24-45.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): res-signingkeys-3.0.24-45.4 smt-3.0.24-45.4 smt-debuginfo-3.0.24-45.4 smt-debugsource-3.0.24-45.4 smt-support-3.0.24-45.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): res-signingkeys-3.0.24-45.4 smt-3.0.24-45.4 smt-debuginfo-3.0.24-45.4 smt-debugsource-3.0.24-45.4 smt-support-3.0.24-45.4 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.24-45.4 References: https://bugzilla.suse.com/1025898 From sle-updates at lists.suse.com Fri May 5 22:09:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2017 06:09:43 +0200 (CEST) Subject: SUSE-SU-2017:1187-1: moderate: Security update for libosip2 Message-ID: <20170506040943.BC049101C1@maintenance.suse.de> SUSE Security Update: Security update for libosip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1187-1 Rating: moderate References: #1034570 #1034571 #1034572 #1034574 Cross-References: CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libosip2 fixes several issues. These security issues were fixed: - CVE-2017-7853: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS (bsc#1034570). - CVE-2016-10326: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS (bsc#1034571). - CVE-2016-10325: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS (bsc#1034572). - CVE-2016-10324: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c (bsc#1034574). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-704=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-704=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-704=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-704=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-704=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-704=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libosip2-3.5.0-20.1 libosip2-debuginfo-3.5.0-20.1 libosip2-debugsource-3.5.0-20.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libosip2-3.5.0-20.1 libosip2-debuginfo-3.5.0-20.1 libosip2-debugsource-3.5.0-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libosip2-3.5.0-20.1 libosip2-debuginfo-3.5.0-20.1 libosip2-debugsource-3.5.0-20.1 libosip2-devel-3.5.0-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libosip2-3.5.0-20.1 libosip2-debuginfo-3.5.0-20.1 libosip2-debugsource-3.5.0-20.1 libosip2-devel-3.5.0-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libosip2-3.5.0-20.1 libosip2-debuginfo-3.5.0-20.1 libosip2-debugsource-3.5.0-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libosip2-3.5.0-20.1 libosip2-debuginfo-3.5.0-20.1 libosip2-debugsource-3.5.0-20.1 References: https://www.suse.com/security/cve/CVE-2016-10324.html https://www.suse.com/security/cve/CVE-2016-10325.html https://www.suse.com/security/cve/CVE-2016-10326.html https://www.suse.com/security/cve/CVE-2017-7853.html https://bugzilla.suse.com/1034570 https://bugzilla.suse.com/1034571 https://bugzilla.suse.com/1034572 https://bugzilla.suse.com/1034574 From sle-updates at lists.suse.com Fri May 5 22:10:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 May 2017 06:10:44 +0200 (CEST) Subject: SUSE-SU-2017:1188-1: moderate: Security update for libosip2 Message-ID: <20170506041044.566DB101C1@maintenance.suse.de> SUSE Security Update: Security update for libosip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1188-1 Rating: moderate References: #1034570 #1034571 #1034572 #1034574 Cross-References: CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libosip2 fixes several issues. These security issues were fixed: - CVE-2017-7853: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS (bsc#1034570) - CVE-2016-10326: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS (bsc#1034571) - CVE-2016-10325: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS (bsc#1034572) - CVE-2016-10324: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c (bsc#1034574) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libosip2-13095=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libosip2-13095=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libosip2-3.1.0-3.1 libosip2-devel-3.1.0-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libosip2-debuginfo-3.1.0-3.1 libosip2-debugsource-3.1.0-3.1 References: https://www.suse.com/security/cve/CVE-2016-10324.html https://www.suse.com/security/cve/CVE-2016-10325.html https://www.suse.com/security/cve/CVE-2016-10326.html https://www.suse.com/security/cve/CVE-2017-7853.html https://bugzilla.suse.com/1034570 https://bugzilla.suse.com/1034571 https://bugzilla.suse.com/1034572 https://bugzilla.suse.com/1034574 From sle-updates at lists.suse.com Mon May 8 10:11:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 May 2017 18:11:50 +0200 (CEST) Subject: SUSE-RU-2017:1198-1: Recommended update for hwinfo Message-ID: <20170508161150.C7A28101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1198-1 Rating: low References: #1031676 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwinfo adds support for ibmvnic network interfaces. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-709=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-709=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-709=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-709=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-709=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): hwinfo-debuginfo-21.39-15.10.2 hwinfo-debugsource-21.39-15.10.2 hwinfo-devel-21.39-15.10.2 hwinfo-devel-debuginfo-21.39-15.10.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): hwinfo-21.39-15.10.2 hwinfo-debuginfo-21.39-15.10.2 hwinfo-debugsource-21.39-15.10.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): hwinfo-21.39-15.10.2 hwinfo-debuginfo-21.39-15.10.2 hwinfo-debugsource-21.39-15.10.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): hwinfo-21.39-15.10.2 hwinfo-debuginfo-21.39-15.10.2 hwinfo-debugsource-21.39-15.10.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): hwinfo-21.39-15.10.2 hwinfo-debuginfo-21.39-15.10.2 hwinfo-debugsource-21.39-15.10.2 References: https://bugzilla.suse.com/1031676 From sle-updates at lists.suse.com Mon May 8 10:17:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 May 2017 18:17:19 +0200 (CEST) Subject: SUSE-RU-2017:1206-1: Recommended update for gtk3 Message-ID: <20170508161719.6CA71101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1206-1 Rating: low References: #1007453 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gtk3 provides the following fixes: - Add dependency on "gdk-pixbuf-loader-rsvg", required to load SVG icons included in adwaita-icon-theme. (bsc#1007453) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-708=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-708=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-708=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-708=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gtk3-debugsource-3.20.10-16.2 gtk3-devel-3.20.10-16.2 gtk3-devel-debuginfo-3.20.10-16.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gtk3-debugsource-3.20.10-16.2 gtk3-tools-3.20.10-16.2 gtk3-tools-debuginfo-3.20.10-16.2 libgtk-3-0-3.20.10-16.2 libgtk-3-0-debuginfo-3.20.10-16.2 typelib-1_0-Gtk-3_0-3.20.10-16.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gtk3-data-3.20.10-16.2 gtk3-lang-3.20.10-16.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gtk3-debugsource-3.20.10-16.2 gtk3-tools-3.20.10-16.2 gtk3-tools-debuginfo-3.20.10-16.2 libgtk-3-0-3.20.10-16.2 libgtk-3-0-debuginfo-3.20.10-16.2 typelib-1_0-Gtk-3_0-3.20.10-16.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): gtk3-data-3.20.10-16.2 gtk3-lang-3.20.10-16.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gtk3-tools-32bit-3.20.10-16.2 gtk3-tools-debuginfo-32bit-3.20.10-16.2 libgtk-3-0-32bit-3.20.10-16.2 libgtk-3-0-debuginfo-32bit-3.20.10-16.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gtk3-data-3.20.10-16.2 gtk3-lang-3.20.10-16.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gtk3-debugsource-3.20.10-16.2 gtk3-tools-3.20.10-16.2 gtk3-tools-32bit-3.20.10-16.2 gtk3-tools-debuginfo-3.20.10-16.2 gtk3-tools-debuginfo-32bit-3.20.10-16.2 libgtk-3-0-3.20.10-16.2 libgtk-3-0-32bit-3.20.10-16.2 libgtk-3-0-debuginfo-3.20.10-16.2 libgtk-3-0-debuginfo-32bit-3.20.10-16.2 typelib-1_0-Gtk-3_0-3.20.10-16.2 References: https://bugzilla.suse.com/1007453 From sle-updates at lists.suse.com Mon May 8 10:17:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 May 2017 18:17:47 +0200 (CEST) Subject: SUSE-RU-2017:1207-1: Recommended update for gtk3 Message-ID: <20170508161747.C569A101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1207-1 Rating: low References: #1007453 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gtk3 provides the following fixes: - Add dependency on "gdk-pixbuf-loader-rsvg", required to load SVG icons included in adwaita-icon-theme. (bsc#1007453) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-707=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-707=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-707=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gtk3-debugsource-3.10.9-11.1 gtk3-devel-3.10.9-11.1 gtk3-devel-debuginfo-3.10.9-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gtk3-debugsource-3.10.9-11.1 gtk3-tools-3.10.9-11.1 gtk3-tools-debuginfo-3.10.9-11.1 libgtk-3-0-3.10.9-11.1 libgtk-3-0-debuginfo-3.10.9-11.1 typelib-1_0-Gtk-3_0-3.10.9-11.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gtk3-tools-32bit-3.10.9-11.1 gtk3-tools-debuginfo-32bit-3.10.9-11.1 libgtk-3-0-32bit-3.10.9-11.1 libgtk-3-0-debuginfo-32bit-3.10.9-11.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gtk3-data-3.10.9-11.1 gtk3-lang-3.10.9-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gtk3-debugsource-3.10.9-11.1 gtk3-tools-3.10.9-11.1 gtk3-tools-32bit-3.10.9-11.1 gtk3-tools-debuginfo-3.10.9-11.1 gtk3-tools-debuginfo-32bit-3.10.9-11.1 libgtk-3-0-3.10.9-11.1 libgtk-3-0-32bit-3.10.9-11.1 libgtk-3-0-debuginfo-3.10.9-11.1 libgtk-3-0-debuginfo-32bit-3.10.9-11.1 typelib-1_0-Gtk-3_0-3.10.9-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gtk3-data-3.10.9-11.1 gtk3-lang-3.10.9-11.1 References: https://bugzilla.suse.com/1007453 From sle-updates at lists.suse.com Mon May 8 13:12:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 May 2017 21:12:01 +0200 (CEST) Subject: SUSE-SU-2017:1216-1: important: Security update for samba Message-ID: <20170508191201.2C345101C1@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1216-1 Rating: important References: #1027147 #1036283 Cross-References: CVE-2017-2619 Affected Products: SUSE OpenStack Cloud 5 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). For SUSE Linux Enterprise 11 SP4 this is a re-issue of the update, a regression in the fix has been addressed (bsc#1036283, bso#12721). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-samba-13096=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-samba-13096=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-samba-13096=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-samba-13096=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-13096=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-13096=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-13096=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ldapsmb-1.34b-90.1 libldb1-3.6.3-90.1 libsmbclient0-3.6.3-90.1 libsmbclient0-32bit-3.6.3-90.1 libtalloc2-3.6.3-90.1 libtalloc2-32bit-3.6.3-90.1 libtdb1-3.6.3-90.1 libtdb1-32bit-3.6.3-90.1 libtevent0-3.6.3-90.1 libtevent0-32bit-3.6.3-90.1 libwbclient0-3.6.3-90.1 libwbclient0-32bit-3.6.3-90.1 samba-3.6.3-90.1 samba-32bit-3.6.3-90.1 samba-client-3.6.3-90.1 samba-client-32bit-3.6.3-90.1 samba-krb-printing-3.6.3-90.1 samba-winbind-3.6.3-90.1 samba-winbind-32bit-3.6.3-90.1 - SUSE OpenStack Cloud 5 (noarch): samba-doc-3.6.3-90.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-90.1 libnetapi-devel-3.6.3-90.1 libnetapi0-3.6.3-90.1 libsmbclient-devel-3.6.3-90.1 libsmbsharemodes-devel-3.6.3-90.1 libsmbsharemodes0-3.6.3-90.1 libtalloc-devel-3.6.3-90.1 libtdb-devel-3.6.3-90.1 libtevent-devel-3.6.3-90.1 libwbclient-devel-3.6.3-90.1 samba-devel-3.6.3-90.1 samba-test-3.6.3-90.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-90.1 libldb1-3.6.3-90.1 libsmbclient0-3.6.3-90.1 libtalloc2-3.6.3-90.1 libtdb1-3.6.3-90.1 libtevent0-3.6.3-90.1 libwbclient0-3.6.3-90.1 samba-3.6.3-90.1 samba-client-3.6.3-90.1 samba-krb-printing-3.6.3-90.1 samba-winbind-3.6.3-90.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-90.1 libtalloc2-32bit-3.6.3-90.1 libtdb1-32bit-3.6.3-90.1 libtevent0-32bit-3.6.3-90.1 libwbclient0-32bit-3.6.3-90.1 samba-32bit-3.6.3-90.1 samba-client-32bit-3.6.3-90.1 samba-winbind-32bit-3.6.3-90.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): samba-doc-3.6.3-90.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsmbclient0-x86-3.6.3-90.1 libtalloc2-x86-3.6.3-90.1 libtdb1-x86-3.6.3-90.1 libtevent0-x86-3.6.3-90.1 libwbclient0-x86-3.6.3-90.1 samba-client-x86-3.6.3-90.1 samba-winbind-x86-3.6.3-90.1 samba-x86-3.6.3-90.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ldapsmb-1.34b-90.1 libldb1-3.6.3-90.1 libsmbclient0-3.6.3-90.1 libtalloc2-3.6.3-90.1 libtdb1-3.6.3-90.1 libtevent0-3.6.3-90.1 libwbclient0-3.6.3-90.1 samba-3.6.3-90.1 samba-client-3.6.3-90.1 samba-krb-printing-3.6.3-90.1 samba-winbind-3.6.3-90.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-90.1 libtalloc2-32bit-3.6.3-90.1 libtdb1-32bit-3.6.3-90.1 libtevent0-32bit-3.6.3-90.1 libwbclient0-32bit-3.6.3-90.1 samba-32bit-3.6.3-90.1 samba-client-32bit-3.6.3-90.1 samba-winbind-32bit-3.6.3-90.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): samba-doc-3.6.3-90.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-90.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-90.1 libldb1-3.6.3-90.1 libsmbclient0-3.6.3-90.1 libtalloc2-3.6.3-90.1 libtdb1-3.6.3-90.1 libtevent0-3.6.3-90.1 libwbclient0-3.6.3-90.1 samba-3.6.3-90.1 samba-client-3.6.3-90.1 samba-krb-printing-3.6.3-90.1 samba-winbind-3.6.3-90.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-90.1 samba-debugsource-3.6.3-90.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-90.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): samba-debuginfo-x86-3.6.3-90.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-90.1 samba-debugsource-3.6.3-90.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-90.1 References: https://www.suse.com/security/cve/CVE-2017-2619.html https://bugzilla.suse.com/1027147 https://bugzilla.suse.com/1036283 From sle-updates at lists.suse.com Mon May 8 13:12:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 May 2017 21:12:36 +0200 (CEST) Subject: SUSE-RU-2017:1217-1: moderate: Recommended update for samba Message-ID: <20170508191236.808AE101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1217-1 Rating: moderate References: #1036283 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - Fix CVE-2017-2619 regression with "follow symlinks = no"; (bsc#1036283, bso#12721). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-711=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-711=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): samba-doc-4.2.4-18.38.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): ctdb-4.2.4-18.38.1 ctdb-debuginfo-4.2.4-18.38.1 libdcerpc-binding0-32bit-4.2.4-18.38.1 libdcerpc-binding0-4.2.4-18.38.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.38.1 libdcerpc-binding0-debuginfo-4.2.4-18.38.1 libdcerpc0-32bit-4.2.4-18.38.1 libdcerpc0-4.2.4-18.38.1 libdcerpc0-debuginfo-32bit-4.2.4-18.38.1 libdcerpc0-debuginfo-4.2.4-18.38.1 libgensec0-32bit-4.2.4-18.38.1 libgensec0-4.2.4-18.38.1 libgensec0-debuginfo-32bit-4.2.4-18.38.1 libgensec0-debuginfo-4.2.4-18.38.1 libndr-krb5pac0-32bit-4.2.4-18.38.1 libndr-krb5pac0-4.2.4-18.38.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.38.1 libndr-krb5pac0-debuginfo-4.2.4-18.38.1 libndr-nbt0-32bit-4.2.4-18.38.1 libndr-nbt0-4.2.4-18.38.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.38.1 libndr-nbt0-debuginfo-4.2.4-18.38.1 libndr-standard0-32bit-4.2.4-18.38.1 libndr-standard0-4.2.4-18.38.1 libndr-standard0-debuginfo-32bit-4.2.4-18.38.1 libndr-standard0-debuginfo-4.2.4-18.38.1 libndr0-32bit-4.2.4-18.38.1 libndr0-4.2.4-18.38.1 libndr0-debuginfo-32bit-4.2.4-18.38.1 libndr0-debuginfo-4.2.4-18.38.1 libnetapi0-32bit-4.2.4-18.38.1 libnetapi0-4.2.4-18.38.1 libnetapi0-debuginfo-32bit-4.2.4-18.38.1 libnetapi0-debuginfo-4.2.4-18.38.1 libregistry0-4.2.4-18.38.1 libregistry0-debuginfo-4.2.4-18.38.1 libsamba-credentials0-32bit-4.2.4-18.38.1 libsamba-credentials0-4.2.4-18.38.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.38.1 libsamba-credentials0-debuginfo-4.2.4-18.38.1 libsamba-hostconfig0-32bit-4.2.4-18.38.1 libsamba-hostconfig0-4.2.4-18.38.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.38.1 libsamba-hostconfig0-debuginfo-4.2.4-18.38.1 libsamba-passdb0-32bit-4.2.4-18.38.1 libsamba-passdb0-4.2.4-18.38.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.38.1 libsamba-passdb0-debuginfo-4.2.4-18.38.1 libsamba-util0-32bit-4.2.4-18.38.1 libsamba-util0-4.2.4-18.38.1 libsamba-util0-debuginfo-32bit-4.2.4-18.38.1 libsamba-util0-debuginfo-4.2.4-18.38.1 libsamdb0-32bit-4.2.4-18.38.1 libsamdb0-4.2.4-18.38.1 libsamdb0-debuginfo-32bit-4.2.4-18.38.1 libsamdb0-debuginfo-4.2.4-18.38.1 libsmbclient-raw0-32bit-4.2.4-18.38.1 libsmbclient-raw0-4.2.4-18.38.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.38.1 libsmbclient-raw0-debuginfo-4.2.4-18.38.1 libsmbclient0-32bit-4.2.4-18.38.1 libsmbclient0-4.2.4-18.38.1 libsmbclient0-debuginfo-32bit-4.2.4-18.38.1 libsmbclient0-debuginfo-4.2.4-18.38.1 libsmbconf0-32bit-4.2.4-18.38.1 libsmbconf0-4.2.4-18.38.1 libsmbconf0-debuginfo-32bit-4.2.4-18.38.1 libsmbconf0-debuginfo-4.2.4-18.38.1 libsmbldap0-32bit-4.2.4-18.38.1 libsmbldap0-4.2.4-18.38.1 libsmbldap0-debuginfo-32bit-4.2.4-18.38.1 libsmbldap0-debuginfo-4.2.4-18.38.1 libtevent-util0-32bit-4.2.4-18.38.1 libtevent-util0-4.2.4-18.38.1 libtevent-util0-debuginfo-32bit-4.2.4-18.38.1 libtevent-util0-debuginfo-4.2.4-18.38.1 libwbclient0-32bit-4.2.4-18.38.1 libwbclient0-4.2.4-18.38.1 libwbclient0-debuginfo-32bit-4.2.4-18.38.1 libwbclient0-debuginfo-4.2.4-18.38.1 samba-32bit-4.2.4-18.38.1 samba-4.2.4-18.38.1 samba-client-32bit-4.2.4-18.38.1 samba-client-4.2.4-18.38.1 samba-client-debuginfo-32bit-4.2.4-18.38.1 samba-client-debuginfo-4.2.4-18.38.1 samba-debuginfo-32bit-4.2.4-18.38.1 samba-debuginfo-4.2.4-18.38.1 samba-debugsource-4.2.4-18.38.1 samba-libs-32bit-4.2.4-18.38.1 samba-libs-4.2.4-18.38.1 samba-libs-debuginfo-32bit-4.2.4-18.38.1 samba-libs-debuginfo-4.2.4-18.38.1 samba-winbind-32bit-4.2.4-18.38.1 samba-winbind-4.2.4-18.38.1 samba-winbind-debuginfo-32bit-4.2.4-18.38.1 samba-winbind-debuginfo-4.2.4-18.38.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-18.38.1 ctdb-debuginfo-4.2.4-18.38.1 libdcerpc-binding0-4.2.4-18.38.1 libdcerpc-binding0-debuginfo-4.2.4-18.38.1 libdcerpc0-4.2.4-18.38.1 libdcerpc0-debuginfo-4.2.4-18.38.1 libgensec0-4.2.4-18.38.1 libgensec0-debuginfo-4.2.4-18.38.1 libndr-krb5pac0-4.2.4-18.38.1 libndr-krb5pac0-debuginfo-4.2.4-18.38.1 libndr-nbt0-4.2.4-18.38.1 libndr-nbt0-debuginfo-4.2.4-18.38.1 libndr-standard0-4.2.4-18.38.1 libndr-standard0-debuginfo-4.2.4-18.38.1 libndr0-4.2.4-18.38.1 libndr0-debuginfo-4.2.4-18.38.1 libnetapi0-4.2.4-18.38.1 libnetapi0-debuginfo-4.2.4-18.38.1 libregistry0-4.2.4-18.38.1 libregistry0-debuginfo-4.2.4-18.38.1 libsamba-credentials0-4.2.4-18.38.1 libsamba-credentials0-debuginfo-4.2.4-18.38.1 libsamba-hostconfig0-4.2.4-18.38.1 libsamba-hostconfig0-debuginfo-4.2.4-18.38.1 libsamba-passdb0-4.2.4-18.38.1 libsamba-passdb0-debuginfo-4.2.4-18.38.1 libsamba-util0-4.2.4-18.38.1 libsamba-util0-debuginfo-4.2.4-18.38.1 libsamdb0-4.2.4-18.38.1 libsamdb0-debuginfo-4.2.4-18.38.1 libsmbclient-raw0-4.2.4-18.38.1 libsmbclient-raw0-debuginfo-4.2.4-18.38.1 libsmbclient0-4.2.4-18.38.1 libsmbclient0-debuginfo-4.2.4-18.38.1 libsmbconf0-4.2.4-18.38.1 libsmbconf0-debuginfo-4.2.4-18.38.1 libsmbldap0-4.2.4-18.38.1 libsmbldap0-debuginfo-4.2.4-18.38.1 libtevent-util0-4.2.4-18.38.1 libtevent-util0-debuginfo-4.2.4-18.38.1 libwbclient0-4.2.4-18.38.1 libwbclient0-debuginfo-4.2.4-18.38.1 samba-4.2.4-18.38.1 samba-client-4.2.4-18.38.1 samba-client-debuginfo-4.2.4-18.38.1 samba-debuginfo-4.2.4-18.38.1 samba-debugsource-4.2.4-18.38.1 samba-libs-4.2.4-18.38.1 samba-libs-debuginfo-4.2.4-18.38.1 samba-winbind-4.2.4-18.38.1 samba-winbind-debuginfo-4.2.4-18.38.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.38.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.38.1 libdcerpc0-32bit-4.2.4-18.38.1 libdcerpc0-debuginfo-32bit-4.2.4-18.38.1 libgensec0-32bit-4.2.4-18.38.1 libgensec0-debuginfo-32bit-4.2.4-18.38.1 libndr-krb5pac0-32bit-4.2.4-18.38.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.38.1 libndr-nbt0-32bit-4.2.4-18.38.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.38.1 libndr-standard0-32bit-4.2.4-18.38.1 libndr-standard0-debuginfo-32bit-4.2.4-18.38.1 libndr0-32bit-4.2.4-18.38.1 libndr0-debuginfo-32bit-4.2.4-18.38.1 libnetapi0-32bit-4.2.4-18.38.1 libnetapi0-debuginfo-32bit-4.2.4-18.38.1 libsamba-credentials0-32bit-4.2.4-18.38.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.38.1 libsamba-hostconfig0-32bit-4.2.4-18.38.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.38.1 libsamba-passdb0-32bit-4.2.4-18.38.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.38.1 libsamba-util0-32bit-4.2.4-18.38.1 libsamba-util0-debuginfo-32bit-4.2.4-18.38.1 libsamdb0-32bit-4.2.4-18.38.1 libsamdb0-debuginfo-32bit-4.2.4-18.38.1 libsmbclient-raw0-32bit-4.2.4-18.38.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.38.1 libsmbclient0-32bit-4.2.4-18.38.1 libsmbclient0-debuginfo-32bit-4.2.4-18.38.1 libsmbconf0-32bit-4.2.4-18.38.1 libsmbconf0-debuginfo-32bit-4.2.4-18.38.1 libsmbldap0-32bit-4.2.4-18.38.1 libsmbldap0-debuginfo-32bit-4.2.4-18.38.1 libtevent-util0-32bit-4.2.4-18.38.1 libtevent-util0-debuginfo-32bit-4.2.4-18.38.1 libwbclient0-32bit-4.2.4-18.38.1 libwbclient0-debuginfo-32bit-4.2.4-18.38.1 samba-32bit-4.2.4-18.38.1 samba-client-32bit-4.2.4-18.38.1 samba-client-debuginfo-32bit-4.2.4-18.38.1 samba-debuginfo-32bit-4.2.4-18.38.1 samba-libs-32bit-4.2.4-18.38.1 samba-libs-debuginfo-32bit-4.2.4-18.38.1 samba-winbind-32bit-4.2.4-18.38.1 samba-winbind-debuginfo-32bit-4.2.4-18.38.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): samba-doc-4.2.4-18.38.1 References: https://www.suse.com/security/cve/CVE-2017-2619.html https://bugzilla.suse.com/1036283 From sle-updates at lists.suse.com Mon May 8 13:13:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 May 2017 21:13:02 +0200 (CEST) Subject: SUSE-RU-2017:1218-1: moderate: Recommended update for samba Message-ID: <20170508191302.D9808101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1218-1 Rating: moderate References: #1036283 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - Fix CVE-2017-2619 regression with "follow symlinks = no"; (bsc#1036283, bso#12721). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-716=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-716=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-716=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-716=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-716=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-716=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-716=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-716=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): samba-test-devel-4.2.4-28.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ctdb-debuginfo-4.2.4-28.11.1 ctdb-devel-4.2.4-28.11.1 libdcerpc-atsvc-devel-4.2.4-28.11.1 libdcerpc-atsvc0-4.2.4-28.11.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.11.1 libdcerpc-devel-4.2.4-28.11.1 libdcerpc-samr-devel-4.2.4-28.11.1 libdcerpc-samr0-4.2.4-28.11.1 libdcerpc-samr0-debuginfo-4.2.4-28.11.1 libgensec-devel-4.2.4-28.11.1 libndr-devel-4.2.4-28.11.1 libndr-krb5pac-devel-4.2.4-28.11.1 libndr-nbt-devel-4.2.4-28.11.1 libndr-standard-devel-4.2.4-28.11.1 libnetapi-devel-4.2.4-28.11.1 libregistry-devel-4.2.4-28.11.1 libsamba-credentials-devel-4.2.4-28.11.1 libsamba-hostconfig-devel-4.2.4-28.11.1 libsamba-passdb-devel-4.2.4-28.11.1 libsamba-policy-devel-4.2.4-28.11.1 libsamba-policy0-4.2.4-28.11.1 libsamba-policy0-debuginfo-4.2.4-28.11.1 libsamba-util-devel-4.2.4-28.11.1 libsamdb-devel-4.2.4-28.11.1 libsmbclient-devel-4.2.4-28.11.1 libsmbclient-raw-devel-4.2.4-28.11.1 libsmbconf-devel-4.2.4-28.11.1 libsmbldap-devel-4.2.4-28.11.1 libtevent-util-devel-4.2.4-28.11.1 libwbclient-devel-4.2.4-28.11.1 samba-core-devel-4.2.4-28.11.1 samba-debuginfo-4.2.4-28.11.1 samba-debugsource-4.2.4-28.11.1 samba-test-devel-4.2.4-28.11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-atsvc0-4.2.4-28.11.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libdcerpc-atsvc0-4.2.4-28.11.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-28.11.1 libdcerpc-binding0-debuginfo-4.2.4-28.11.1 libdcerpc0-4.2.4-28.11.1 libdcerpc0-debuginfo-4.2.4-28.11.1 libgensec0-4.2.4-28.11.1 libgensec0-debuginfo-4.2.4-28.11.1 libndr-krb5pac0-4.2.4-28.11.1 libndr-krb5pac0-debuginfo-4.2.4-28.11.1 libndr-nbt0-4.2.4-28.11.1 libndr-nbt0-debuginfo-4.2.4-28.11.1 libndr-standard0-4.2.4-28.11.1 libndr-standard0-debuginfo-4.2.4-28.11.1 libndr0-4.2.4-28.11.1 libndr0-debuginfo-4.2.4-28.11.1 libnetapi0-4.2.4-28.11.1 libnetapi0-debuginfo-4.2.4-28.11.1 libregistry0-4.2.4-28.11.1 libregistry0-debuginfo-4.2.4-28.11.1 libsamba-credentials0-4.2.4-28.11.1 libsamba-credentials0-debuginfo-4.2.4-28.11.1 libsamba-hostconfig0-4.2.4-28.11.1 libsamba-hostconfig0-debuginfo-4.2.4-28.11.1 libsamba-passdb0-4.2.4-28.11.1 libsamba-passdb0-debuginfo-4.2.4-28.11.1 libsamba-util0-4.2.4-28.11.1 libsamba-util0-debuginfo-4.2.4-28.11.1 libsamdb0-4.2.4-28.11.1 libsamdb0-debuginfo-4.2.4-28.11.1 libsmbclient-raw0-4.2.4-28.11.1 libsmbclient-raw0-debuginfo-4.2.4-28.11.1 libsmbclient0-4.2.4-28.11.1 libsmbclient0-debuginfo-4.2.4-28.11.1 libsmbconf0-4.2.4-28.11.1 libsmbconf0-debuginfo-4.2.4-28.11.1 libsmbldap0-4.2.4-28.11.1 libsmbldap0-debuginfo-4.2.4-28.11.1 libtevent-util0-4.2.4-28.11.1 libtevent-util0-debuginfo-4.2.4-28.11.1 libwbclient0-4.2.4-28.11.1 libwbclient0-debuginfo-4.2.4-28.11.1 samba-4.2.4-28.11.1 samba-client-4.2.4-28.11.1 samba-client-debuginfo-4.2.4-28.11.1 samba-debuginfo-4.2.4-28.11.1 samba-debugsource-4.2.4-28.11.1 samba-libs-4.2.4-28.11.1 samba-libs-debuginfo-4.2.4-28.11.1 samba-winbind-4.2.4-28.11.1 samba-winbind-debuginfo-4.2.4-28.11.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.11.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.11.1 libdcerpc0-32bit-4.2.4-28.11.1 libdcerpc0-debuginfo-32bit-4.2.4-28.11.1 libgensec0-32bit-4.2.4-28.11.1 libgensec0-debuginfo-32bit-4.2.4-28.11.1 libndr-krb5pac0-32bit-4.2.4-28.11.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.11.1 libndr-nbt0-32bit-4.2.4-28.11.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.11.1 libndr-standard0-32bit-4.2.4-28.11.1 libndr-standard0-debuginfo-32bit-4.2.4-28.11.1 libndr0-32bit-4.2.4-28.11.1 libndr0-debuginfo-32bit-4.2.4-28.11.1 libnetapi0-32bit-4.2.4-28.11.1 libnetapi0-debuginfo-32bit-4.2.4-28.11.1 libsamba-credentials0-32bit-4.2.4-28.11.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.11.1 libsamba-hostconfig0-32bit-4.2.4-28.11.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.11.1 libsamba-passdb0-32bit-4.2.4-28.11.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.11.1 libsamba-util0-32bit-4.2.4-28.11.1 libsamba-util0-debuginfo-32bit-4.2.4-28.11.1 libsamdb0-32bit-4.2.4-28.11.1 libsamdb0-debuginfo-32bit-4.2.4-28.11.1 libsmbclient-raw0-32bit-4.2.4-28.11.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.11.1 libsmbclient0-32bit-4.2.4-28.11.1 libsmbclient0-debuginfo-32bit-4.2.4-28.11.1 libsmbconf0-32bit-4.2.4-28.11.1 libsmbconf0-debuginfo-32bit-4.2.4-28.11.1 libsmbldap0-32bit-4.2.4-28.11.1 libsmbldap0-debuginfo-32bit-4.2.4-28.11.1 libtevent-util0-32bit-4.2.4-28.11.1 libtevent-util0-debuginfo-32bit-4.2.4-28.11.1 libwbclient0-32bit-4.2.4-28.11.1 libwbclient0-debuginfo-32bit-4.2.4-28.11.1 samba-32bit-4.2.4-28.11.1 samba-client-32bit-4.2.4-28.11.1 samba-client-debuginfo-32bit-4.2.4-28.11.1 samba-debuginfo-32bit-4.2.4-28.11.1 samba-libs-32bit-4.2.4-28.11.1 samba-libs-debuginfo-32bit-4.2.4-28.11.1 samba-winbind-32bit-4.2.4-28.11.1 samba-winbind-debuginfo-32bit-4.2.4-28.11.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): samba-doc-4.2.4-28.11.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ctdb-4.2.4-28.11.1 ctdb-debuginfo-4.2.4-28.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-atsvc0-4.2.4-28.11.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.11.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): samba-doc-4.2.4-28.11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-28.11.1 libdcerpc-binding0-4.2.4-28.11.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.11.1 libdcerpc-binding0-debuginfo-4.2.4-28.11.1 libdcerpc0-32bit-4.2.4-28.11.1 libdcerpc0-4.2.4-28.11.1 libdcerpc0-debuginfo-32bit-4.2.4-28.11.1 libdcerpc0-debuginfo-4.2.4-28.11.1 libgensec0-32bit-4.2.4-28.11.1 libgensec0-4.2.4-28.11.1 libgensec0-debuginfo-32bit-4.2.4-28.11.1 libgensec0-debuginfo-4.2.4-28.11.1 libndr-krb5pac0-32bit-4.2.4-28.11.1 libndr-krb5pac0-4.2.4-28.11.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.11.1 libndr-krb5pac0-debuginfo-4.2.4-28.11.1 libndr-nbt0-32bit-4.2.4-28.11.1 libndr-nbt0-4.2.4-28.11.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.11.1 libndr-nbt0-debuginfo-4.2.4-28.11.1 libndr-standard0-32bit-4.2.4-28.11.1 libndr-standard0-4.2.4-28.11.1 libndr-standard0-debuginfo-32bit-4.2.4-28.11.1 libndr-standard0-debuginfo-4.2.4-28.11.1 libndr0-32bit-4.2.4-28.11.1 libndr0-4.2.4-28.11.1 libndr0-debuginfo-32bit-4.2.4-28.11.1 libndr0-debuginfo-4.2.4-28.11.1 libnetapi0-32bit-4.2.4-28.11.1 libnetapi0-4.2.4-28.11.1 libnetapi0-debuginfo-32bit-4.2.4-28.11.1 libnetapi0-debuginfo-4.2.4-28.11.1 libregistry0-4.2.4-28.11.1 libregistry0-debuginfo-4.2.4-28.11.1 libsamba-credentials0-32bit-4.2.4-28.11.1 libsamba-credentials0-4.2.4-28.11.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.11.1 libsamba-credentials0-debuginfo-4.2.4-28.11.1 libsamba-hostconfig0-32bit-4.2.4-28.11.1 libsamba-hostconfig0-4.2.4-28.11.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.11.1 libsamba-hostconfig0-debuginfo-4.2.4-28.11.1 libsamba-passdb0-32bit-4.2.4-28.11.1 libsamba-passdb0-4.2.4-28.11.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.11.1 libsamba-passdb0-debuginfo-4.2.4-28.11.1 libsamba-util0-32bit-4.2.4-28.11.1 libsamba-util0-4.2.4-28.11.1 libsamba-util0-debuginfo-32bit-4.2.4-28.11.1 libsamba-util0-debuginfo-4.2.4-28.11.1 libsamdb0-32bit-4.2.4-28.11.1 libsamdb0-4.2.4-28.11.1 libsamdb0-debuginfo-32bit-4.2.4-28.11.1 libsamdb0-debuginfo-4.2.4-28.11.1 libsmbclient-raw0-32bit-4.2.4-28.11.1 libsmbclient-raw0-4.2.4-28.11.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.11.1 libsmbclient-raw0-debuginfo-4.2.4-28.11.1 libsmbclient0-32bit-4.2.4-28.11.1 libsmbclient0-4.2.4-28.11.1 libsmbclient0-debuginfo-32bit-4.2.4-28.11.1 libsmbclient0-debuginfo-4.2.4-28.11.1 libsmbconf0-32bit-4.2.4-28.11.1 libsmbconf0-4.2.4-28.11.1 libsmbconf0-debuginfo-32bit-4.2.4-28.11.1 libsmbconf0-debuginfo-4.2.4-28.11.1 libsmbldap0-32bit-4.2.4-28.11.1 libsmbldap0-4.2.4-28.11.1 libsmbldap0-debuginfo-32bit-4.2.4-28.11.1 libsmbldap0-debuginfo-4.2.4-28.11.1 libtevent-util0-32bit-4.2.4-28.11.1 libtevent-util0-4.2.4-28.11.1 libtevent-util0-debuginfo-32bit-4.2.4-28.11.1 libtevent-util0-debuginfo-4.2.4-28.11.1 libwbclient0-32bit-4.2.4-28.11.1 libwbclient0-4.2.4-28.11.1 libwbclient0-debuginfo-32bit-4.2.4-28.11.1 libwbclient0-debuginfo-4.2.4-28.11.1 samba-32bit-4.2.4-28.11.1 samba-4.2.4-28.11.1 samba-client-32bit-4.2.4-28.11.1 samba-client-4.2.4-28.11.1 samba-client-debuginfo-32bit-4.2.4-28.11.1 samba-client-debuginfo-4.2.4-28.11.1 samba-debuginfo-32bit-4.2.4-28.11.1 samba-debuginfo-4.2.4-28.11.1 samba-debugsource-4.2.4-28.11.1 samba-libs-32bit-4.2.4-28.11.1 samba-libs-4.2.4-28.11.1 samba-libs-debuginfo-32bit-4.2.4-28.11.1 samba-libs-debuginfo-4.2.4-28.11.1 samba-winbind-32bit-4.2.4-28.11.1 samba-winbind-4.2.4-28.11.1 samba-winbind-debuginfo-32bit-4.2.4-28.11.1 samba-winbind-debuginfo-4.2.4-28.11.1 References: https://www.suse.com/security/cve/CVE-2017-2619.html https://bugzilla.suse.com/1036283 From sle-updates at lists.suse.com Mon May 8 13:13:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 May 2017 21:13:29 +0200 (CEST) Subject: SUSE-RU-2017:1219-1: moderate: Recommended update for samba Message-ID: <20170508191329.C2728101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1219-1 Rating: moderate References: #1036283 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - Fix CVE-2017-2619 regression with "follow symlinks = no"; (bsc#1036283, bso#12721). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-710=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-710=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-710=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-710=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-710=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsmbclient-devel-4.4.2-38.3.1 libwbclient-devel-4.4.2-38.3.1 samba-debuginfo-4.4.2-38.3.1 samba-debugsource-4.4.2-38.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-binding0-4.4.2-38.3.1 libdcerpc-binding0-debuginfo-4.4.2-38.3.1 libdcerpc0-4.4.2-38.3.1 libdcerpc0-debuginfo-4.4.2-38.3.1 libndr-krb5pac0-4.4.2-38.3.1 libndr-krb5pac0-debuginfo-4.4.2-38.3.1 libndr-nbt0-4.4.2-38.3.1 libndr-nbt0-debuginfo-4.4.2-38.3.1 libndr-standard0-4.4.2-38.3.1 libndr-standard0-debuginfo-4.4.2-38.3.1 libndr0-4.4.2-38.3.1 libndr0-debuginfo-4.4.2-38.3.1 libnetapi0-4.4.2-38.3.1 libnetapi0-debuginfo-4.4.2-38.3.1 libsamba-credentials0-4.4.2-38.3.1 libsamba-credentials0-debuginfo-4.4.2-38.3.1 libsamba-errors0-4.4.2-38.3.1 libsamba-errors0-debuginfo-4.4.2-38.3.1 libsamba-hostconfig0-4.4.2-38.3.1 libsamba-hostconfig0-debuginfo-4.4.2-38.3.1 libsamba-passdb0-4.4.2-38.3.1 libsamba-passdb0-debuginfo-4.4.2-38.3.1 libsamba-util0-4.4.2-38.3.1 libsamba-util0-debuginfo-4.4.2-38.3.1 libsamdb0-4.4.2-38.3.1 libsamdb0-debuginfo-4.4.2-38.3.1 libsmbclient0-4.4.2-38.3.1 libsmbclient0-debuginfo-4.4.2-38.3.1 libsmbconf0-4.4.2-38.3.1 libsmbconf0-debuginfo-4.4.2-38.3.1 libsmbldap0-4.4.2-38.3.1 libsmbldap0-debuginfo-4.4.2-38.3.1 libtevent-util0-4.4.2-38.3.1 libtevent-util0-debuginfo-4.4.2-38.3.1 libwbclient0-4.4.2-38.3.1 libwbclient0-debuginfo-4.4.2-38.3.1 samba-4.4.2-38.3.1 samba-client-4.4.2-38.3.1 samba-client-debuginfo-4.4.2-38.3.1 samba-debuginfo-4.4.2-38.3.1 samba-debugsource-4.4.2-38.3.1 samba-libs-4.4.2-38.3.1 samba-libs-debuginfo-4.4.2-38.3.1 samba-winbind-4.4.2-38.3.1 samba-winbind-debuginfo-4.4.2-38.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): samba-doc-4.4.2-38.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libdcerpc-binding0-4.4.2-38.3.1 libdcerpc-binding0-debuginfo-4.4.2-38.3.1 libdcerpc0-4.4.2-38.3.1 libdcerpc0-debuginfo-4.4.2-38.3.1 libndr-krb5pac0-4.4.2-38.3.1 libndr-krb5pac0-debuginfo-4.4.2-38.3.1 libndr-nbt0-4.4.2-38.3.1 libndr-nbt0-debuginfo-4.4.2-38.3.1 libndr-standard0-4.4.2-38.3.1 libndr-standard0-debuginfo-4.4.2-38.3.1 libndr0-4.4.2-38.3.1 libndr0-debuginfo-4.4.2-38.3.1 libnetapi0-4.4.2-38.3.1 libnetapi0-debuginfo-4.4.2-38.3.1 libsamba-credentials0-4.4.2-38.3.1 libsamba-credentials0-debuginfo-4.4.2-38.3.1 libsamba-errors0-4.4.2-38.3.1 libsamba-errors0-debuginfo-4.4.2-38.3.1 libsamba-hostconfig0-4.4.2-38.3.1 libsamba-hostconfig0-debuginfo-4.4.2-38.3.1 libsamba-passdb0-4.4.2-38.3.1 libsamba-passdb0-debuginfo-4.4.2-38.3.1 libsamba-util0-4.4.2-38.3.1 libsamba-util0-debuginfo-4.4.2-38.3.1 libsamdb0-4.4.2-38.3.1 libsamdb0-debuginfo-4.4.2-38.3.1 libsmbclient0-4.4.2-38.3.1 libsmbclient0-debuginfo-4.4.2-38.3.1 libsmbconf0-4.4.2-38.3.1 libsmbconf0-debuginfo-4.4.2-38.3.1 libsmbldap0-4.4.2-38.3.1 libsmbldap0-debuginfo-4.4.2-38.3.1 libtevent-util0-4.4.2-38.3.1 libtevent-util0-debuginfo-4.4.2-38.3.1 libwbclient0-4.4.2-38.3.1 libwbclient0-debuginfo-4.4.2-38.3.1 samba-4.4.2-38.3.1 samba-client-4.4.2-38.3.1 samba-client-debuginfo-4.4.2-38.3.1 samba-debuginfo-4.4.2-38.3.1 samba-debugsource-4.4.2-38.3.1 samba-libs-4.4.2-38.3.1 samba-libs-debuginfo-4.4.2-38.3.1 samba-winbind-4.4.2-38.3.1 samba-winbind-debuginfo-4.4.2-38.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): samba-doc-4.4.2-38.3.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.3.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.3.1 libdcerpc0-32bit-4.4.2-38.3.1 libdcerpc0-debuginfo-32bit-4.4.2-38.3.1 libndr-krb5pac0-32bit-4.4.2-38.3.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.3.1 libndr-nbt0-32bit-4.4.2-38.3.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.3.1 libndr-standard0-32bit-4.4.2-38.3.1 libndr-standard0-debuginfo-32bit-4.4.2-38.3.1 libndr0-32bit-4.4.2-38.3.1 libndr0-debuginfo-32bit-4.4.2-38.3.1 libnetapi0-32bit-4.4.2-38.3.1 libnetapi0-debuginfo-32bit-4.4.2-38.3.1 libsamba-credentials0-32bit-4.4.2-38.3.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.3.1 libsamba-errors0-32bit-4.4.2-38.3.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.3.1 libsamba-hostconfig0-32bit-4.4.2-38.3.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.3.1 libsamba-passdb0-32bit-4.4.2-38.3.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.3.1 libsamba-util0-32bit-4.4.2-38.3.1 libsamba-util0-debuginfo-32bit-4.4.2-38.3.1 libsamdb0-32bit-4.4.2-38.3.1 libsamdb0-debuginfo-32bit-4.4.2-38.3.1 libsmbclient0-32bit-4.4.2-38.3.1 libsmbclient0-debuginfo-32bit-4.4.2-38.3.1 libsmbconf0-32bit-4.4.2-38.3.1 libsmbconf0-debuginfo-32bit-4.4.2-38.3.1 libsmbldap0-32bit-4.4.2-38.3.1 libsmbldap0-debuginfo-32bit-4.4.2-38.3.1 libtevent-util0-32bit-4.4.2-38.3.1 libtevent-util0-debuginfo-32bit-4.4.2-38.3.1 libwbclient0-32bit-4.4.2-38.3.1 libwbclient0-debuginfo-32bit-4.4.2-38.3.1 samba-client-32bit-4.4.2-38.3.1 samba-client-debuginfo-32bit-4.4.2-38.3.1 samba-libs-32bit-4.4.2-38.3.1 samba-libs-debuginfo-32bit-4.4.2-38.3.1 samba-winbind-32bit-4.4.2-38.3.1 samba-winbind-debuginfo-32bit-4.4.2-38.3.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.3.1 ctdb-debuginfo-4.4.2-38.3.1 samba-debuginfo-4.4.2-38.3.1 samba-debugsource-4.4.2-38.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): samba-doc-4.4.2-38.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.3.1 libdcerpc-binding0-4.4.2-38.3.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.3.1 libdcerpc-binding0-debuginfo-4.4.2-38.3.1 libdcerpc0-32bit-4.4.2-38.3.1 libdcerpc0-4.4.2-38.3.1 libdcerpc0-debuginfo-32bit-4.4.2-38.3.1 libdcerpc0-debuginfo-4.4.2-38.3.1 libndr-krb5pac0-32bit-4.4.2-38.3.1 libndr-krb5pac0-4.4.2-38.3.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.3.1 libndr-krb5pac0-debuginfo-4.4.2-38.3.1 libndr-nbt0-32bit-4.4.2-38.3.1 libndr-nbt0-4.4.2-38.3.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.3.1 libndr-nbt0-debuginfo-4.4.2-38.3.1 libndr-standard0-32bit-4.4.2-38.3.1 libndr-standard0-4.4.2-38.3.1 libndr-standard0-debuginfo-32bit-4.4.2-38.3.1 libndr-standard0-debuginfo-4.4.2-38.3.1 libndr0-32bit-4.4.2-38.3.1 libndr0-4.4.2-38.3.1 libndr0-debuginfo-32bit-4.4.2-38.3.1 libndr0-debuginfo-4.4.2-38.3.1 libnetapi0-32bit-4.4.2-38.3.1 libnetapi0-4.4.2-38.3.1 libnetapi0-debuginfo-32bit-4.4.2-38.3.1 libnetapi0-debuginfo-4.4.2-38.3.1 libsamba-credentials0-32bit-4.4.2-38.3.1 libsamba-credentials0-4.4.2-38.3.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.3.1 libsamba-credentials0-debuginfo-4.4.2-38.3.1 libsamba-errors0-32bit-4.4.2-38.3.1 libsamba-errors0-4.4.2-38.3.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.3.1 libsamba-errors0-debuginfo-4.4.2-38.3.1 libsamba-hostconfig0-32bit-4.4.2-38.3.1 libsamba-hostconfig0-4.4.2-38.3.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.3.1 libsamba-hostconfig0-debuginfo-4.4.2-38.3.1 libsamba-passdb0-32bit-4.4.2-38.3.1 libsamba-passdb0-4.4.2-38.3.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.3.1 libsamba-passdb0-debuginfo-4.4.2-38.3.1 libsamba-util0-32bit-4.4.2-38.3.1 libsamba-util0-4.4.2-38.3.1 libsamba-util0-debuginfo-32bit-4.4.2-38.3.1 libsamba-util0-debuginfo-4.4.2-38.3.1 libsamdb0-32bit-4.4.2-38.3.1 libsamdb0-4.4.2-38.3.1 libsamdb0-debuginfo-32bit-4.4.2-38.3.1 libsamdb0-debuginfo-4.4.2-38.3.1 libsmbclient0-32bit-4.4.2-38.3.1 libsmbclient0-4.4.2-38.3.1 libsmbclient0-debuginfo-32bit-4.4.2-38.3.1 libsmbclient0-debuginfo-4.4.2-38.3.1 libsmbconf0-32bit-4.4.2-38.3.1 libsmbconf0-4.4.2-38.3.1 libsmbconf0-debuginfo-32bit-4.4.2-38.3.1 libsmbconf0-debuginfo-4.4.2-38.3.1 libsmbldap0-32bit-4.4.2-38.3.1 libsmbldap0-4.4.2-38.3.1 libsmbldap0-debuginfo-32bit-4.4.2-38.3.1 libsmbldap0-debuginfo-4.4.2-38.3.1 libtevent-util0-32bit-4.4.2-38.3.1 libtevent-util0-4.4.2-38.3.1 libtevent-util0-debuginfo-32bit-4.4.2-38.3.1 libtevent-util0-debuginfo-4.4.2-38.3.1 libwbclient0-32bit-4.4.2-38.3.1 libwbclient0-4.4.2-38.3.1 libwbclient0-debuginfo-32bit-4.4.2-38.3.1 libwbclient0-debuginfo-4.4.2-38.3.1 samba-4.4.2-38.3.1 samba-client-32bit-4.4.2-38.3.1 samba-client-4.4.2-38.3.1 samba-client-debuginfo-32bit-4.4.2-38.3.1 samba-client-debuginfo-4.4.2-38.3.1 samba-debuginfo-4.4.2-38.3.1 samba-debugsource-4.4.2-38.3.1 samba-libs-32bit-4.4.2-38.3.1 samba-libs-4.4.2-38.3.1 samba-libs-debuginfo-32bit-4.4.2-38.3.1 samba-libs-debuginfo-4.4.2-38.3.1 samba-winbind-32bit-4.4.2-38.3.1 samba-winbind-4.4.2-38.3.1 samba-winbind-debuginfo-32bit-4.4.2-38.3.1 samba-winbind-debuginfo-4.4.2-38.3.1 References: https://www.suse.com/security/cve/CVE-2017-2619.html https://bugzilla.suse.com/1036283 From sle-updates at lists.suse.com Mon May 8 19:08:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2017 03:08:33 +0200 (CEST) Subject: SUSE-RU-2017:1220-1: Recommended update for grub2 Message-ID: <20170509010833.7DC2C101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1220-1 Rating: low References: #1004324 #1016536 #1027401 #956046 #993274 #998097 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for grub2 provides the following fixes: - Fix out of memory error on lvm detection. (bsc#1016536, bsc#1027401) - Load lvm module to support Xen PV booting from LVM volumes. (bsc#1004324) - Add support for netboot on arm64-efi platforms. (bsc#998097) - Workaround default entry in snapshot menu. (bsc#956046) - Add true(1) command as requirement of grub.efi. (bsc#993274) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-720=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-720=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): grub2-2.02~beta2-91.9.2 grub2-debuginfo-2.02~beta2-91.9.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-91.9.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): grub2-snapper-plugin-2.02~beta2-91.9.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): grub2-i386-pc-2.02~beta2-91.9.2 grub2-x86_64-efi-2.02~beta2-91.9.2 grub2-x86_64-xen-2.02~beta2-91.9.2 - SUSE Linux Enterprise Server 12-SP1 (s390x): grub2-debugsource-2.02~beta2-91.9.2 grub2-s390x-emu-2.02~beta2-91.9.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): grub2-snapper-plugin-2.02~beta2-91.9.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): grub2-2.02~beta2-91.9.2 grub2-debuginfo-2.02~beta2-91.9.2 grub2-i386-pc-2.02~beta2-91.9.2 grub2-x86_64-efi-2.02~beta2-91.9.2 grub2-x86_64-xen-2.02~beta2-91.9.2 References: https://bugzilla.suse.com/1004324 https://bugzilla.suse.com/1016536 https://bugzilla.suse.com/1027401 https://bugzilla.suse.com/956046 https://bugzilla.suse.com/993274 https://bugzilla.suse.com/998097 From sle-updates at lists.suse.com Tue May 9 10:10:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2017 18:10:19 +0200 (CEST) Subject: SUSE-SU-2017:1222-1: moderate: Security update for Botan Message-ID: <20170509161019.E2C9F101C1@maintenance.suse.de> SUSE Security Update: Security update for Botan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1222-1 Rating: moderate References: #1013209 #1033605 #965620 #965621 #968025 #968026 #968030 #974521 #977420 Cross-References: CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 CVE-2016-2195 CVE-2016-2849 CVE-2016-9132 CVE-2017-2801 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for Botan to version 1.10.9 fixes the following issues: These security issues were fixed: - CVE-2015-5726: The BER decoder in Botan 0.10.x allowed remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data (bsc#968025). - CVE-2015-5727: The BER decoder in Botan 1.10.x allowed remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field (bsc#968026). - CVE-2015-7827: Botan make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding (bsc#968030). - CVE-2016-2849: Botan do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allowed remote attackers to obtain ECDSA secret keys via a timing side-channel attack (bsc#977420). - CVE-2016-9132: In Botan 1.8.0 when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later caused memory corruption or other failure (bsc#1013209). - CVE-2016-2194: The ressol function in Botan allowed remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus (bsc#965621). - CVE-2016-2195: Integer overflow in the PointGFp constructor in Botan allowed remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow (bsc#965620). - CVE-2017-2801: Incorrect comparison in X.509 DN strings (bsc#1033605). - CVE-2014-9742: The Miller-Rabin primality check in Botan improperly used a single random base, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group (bsc#974521). These non-security issues were fixed: - Fixed EAX tag verification to run in constant time - The default TLS policy now disables SSLv3. - A crash could have occured when reading from a blocking random device if the device initially indicated that entropy was available but a concurrent process drained the entropy pool before the read was initiated. - Fixed decoding indefinite length BER constructs that contain a context sensitive tag of zero. - The key length limit on HMAC has been raised to 512 bytes, allowing the use of very long passphrases with PBKDF2. - OAEP had two bugs, one of which allowed it to be used even if the key was too small, and the other of which would cause a crash during decryption if the EME data was too large for the associated key. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-723=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-723=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): Botan-debugsource-1.10.9-3.1 libbotan-1_10-0-1.10.9-3.1 libbotan-1_10-0-debuginfo-1.10.9-3.1 libbotan-devel-1.10.9-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): Botan-debugsource-1.10.9-3.1 libbotan-1_10-0-1.10.9-3.1 libbotan-1_10-0-debuginfo-1.10.9-3.1 libbotan-devel-1.10.9-3.1 References: https://www.suse.com/security/cve/CVE-2014-9742.html https://www.suse.com/security/cve/CVE-2015-5726.html https://www.suse.com/security/cve/CVE-2015-5727.html https://www.suse.com/security/cve/CVE-2015-7827.html https://www.suse.com/security/cve/CVE-2016-2194.html https://www.suse.com/security/cve/CVE-2016-2195.html https://www.suse.com/security/cve/CVE-2016-2849.html https://www.suse.com/security/cve/CVE-2016-9132.html https://www.suse.com/security/cve/CVE-2017-2801.html https://bugzilla.suse.com/1013209 https://bugzilla.suse.com/1033605 https://bugzilla.suse.com/965620 https://bugzilla.suse.com/965621 https://bugzilla.suse.com/968025 https://bugzilla.suse.com/968026 https://bugzilla.suse.com/968030 https://bugzilla.suse.com/974521 https://bugzilla.suse.com/977420 From sle-updates at lists.suse.com Tue May 9 13:08:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2017 21:08:44 +0200 (CEST) Subject: SUSE-RU-2017:1223-1: moderate: Recommended update for multipath-tools Message-ID: <20170509190844.1A4F0101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1223-1 Rating: moderate References: #1003972 #1005255 #1005414 #1005546 #1006118 #1006469 #1008691 #1015310 #1017009 #1019181 #1019798 #1022996 #1033541 #984669 #986734 #986838 #991432 #999522 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 18 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Fix sanitize delete partitions. (bsc#1033541) - Fix check for new path states. (bsc#1019798) - Use existing alias from bindings file. (bsc#1005255) - Fix memory corruption problem in multipathd. (bsc#1022996) - Sanitize how kpartx delete partitions. (bsc#1008691) - Issue systemd READY after initial configuration. (bsc#1006469, bsc#1006118) - Re-add 'Before: lvm2-activation-early.service' to multipathd.service. (bsc#1019181) - Fix filtering of device-mapper devices. (bsc#1017009) - Do not load invalid maps. (bsc#1005546) - Calculate priority even for ghost paths. (bsc#1005546) - Skip conf==NULL check in socket listener thread. (bsc#1005414) - Set DI_SERIAL in 'multipath -ll' output. (bsc#991432) - Fall back to search paths by devt. (bsc#1003972) - Add new "find_multipaths" configuration option. (bsc#999522) - Add "need_suspend" parameter. (bsc#986838) - Check partitions unused before removing. (bsc#986838) - Start daemon after udev trigger. (bsc#986734) - Fix check from udev rules. (bsc#986734) - Remove calls to dm_udev_complete. (bsc#986838) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-728=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-728=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-728=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): multipath-tools-debuginfo-0.5.0-62.1 multipath-tools-debugsource-0.5.0-62.1 multipath-tools-devel-0.5.0-62.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kpartx-0.5.0-62.1 kpartx-debuginfo-0.5.0-62.1 multipath-tools-0.5.0-62.1 multipath-tools-debuginfo-0.5.0-62.1 multipath-tools-debugsource-0.5.0-62.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kpartx-0.5.0-62.1 kpartx-debuginfo-0.5.0-62.1 multipath-tools-0.5.0-62.1 multipath-tools-debuginfo-0.5.0-62.1 multipath-tools-debugsource-0.5.0-62.1 References: https://bugzilla.suse.com/1003972 https://bugzilla.suse.com/1005255 https://bugzilla.suse.com/1005414 https://bugzilla.suse.com/1005546 https://bugzilla.suse.com/1006118 https://bugzilla.suse.com/1006469 https://bugzilla.suse.com/1008691 https://bugzilla.suse.com/1015310 https://bugzilla.suse.com/1017009 https://bugzilla.suse.com/1019181 https://bugzilla.suse.com/1019798 https://bugzilla.suse.com/1022996 https://bugzilla.suse.com/1033541 https://bugzilla.suse.com/984669 https://bugzilla.suse.com/986734 https://bugzilla.suse.com/986838 https://bugzilla.suse.com/991432 https://bugzilla.suse.com/999522 From sle-updates at lists.suse.com Tue May 9 13:13:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2017 21:13:11 +0200 (CEST) Subject: SUSE-RU-2017:1224-1: Recommended update for yast2-registration Message-ID: <20170509191311.D01E0101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1224-1 Rating: low References: #1035084 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-registration provides fixes required to support online migration to SUSE Linux Enterprise 12 SP3. - Added a step for checking registered but not installed addons to the migration workflow. In case of existence, allow the user to install the release package or deactivate the products. - In case of abort, only registered products are downgraded and synced. - Added to the migration summary information about products not offering migrations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-725=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-725=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-725=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-registration-3.1.192-24.9.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-registration-3.1.192-24.9.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): yast2-registration-3.1.192-24.9.3 References: https://bugzilla.suse.com/1035084 From sle-updates at lists.suse.com Tue May 9 13:13:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2017 21:13:33 +0200 (CEST) Subject: SUSE-RU-2017:1225-1: Recommended update for yast2-registration Message-ID: <20170509191333.7A624101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1225-1 Rating: low References: #1035084 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-registration provides fixes required to support online migration to SUSE Linux Enterprise 12 SP3. - Added a step for checking registered but not installed addons to the migration workflow. In case of existence, allow the user to install the release package or deactivate the products. - In case of abort, only registered products are downgraded and synced. - Added to the migration summary information about products not offering migrations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-727=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-727=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): yast2-registration-3.1.166.5-15.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): yast2-registration-3.1.166.5-15.1 References: https://bugzilla.suse.com/1035084 From sle-updates at lists.suse.com Tue May 9 13:13:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2017 21:13:57 +0200 (CEST) Subject: SUSE-RU-2017:1226-1: Recommended update for yast2-registration Message-ID: <20170509191357.8C49B101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1226-1 Rating: low References: #1035084 #941403 #941739 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-registration provides fixes required to support online migration to SUSE Linux Enterprise 12 SP3. - Added a step for checking registered but not installed addons to the migration workflow. In case of existence, allow the user to install the release package or deactivate the products. - In case of abort, only registered products are downgraded and synced. - Added to the migration summary information about products not offering migrations. - Fix user messages when registration does not happen during installation. (bsc#941403, bsc#941739) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-726=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-726=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): yast2-registration-3.1.129.18-31.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): yast2-registration-3.1.129.18-31.1 References: https://bugzilla.suse.com/1035084 https://bugzilla.suse.com/941403 https://bugzilla.suse.com/941739 From sle-updates at lists.suse.com Tue May 9 13:14:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2017 21:14:42 +0200 (CEST) Subject: SUSE-RU-2017:1227-1: Recommended update for SuSEfirewall2 Message-ID: <20170509191442.30597101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SuSEfirewall2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1227-1 Rating: low References: #785299 #798468 #906136 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SuSEfirewall2 provides the following fixes: - No longer call fillup during postinstall to prevent multiline configuration values being broken. (bsc#798468) - Ignore the bootlock when incremental updates for hotplugged or virtual devices are coming in during boot. This prevents lockups for example when drbd is used with FB_BOOT_FULL_INIT. (bsc#785299) - Only apply FW_KERNEL_SECURITY proc settings, if not overriden by the administrator in /etc/sysctl.conf. This allows you to benefit from some of the kernel security settings, while overwriting others. (bsc#906136) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-SuSEfirewall2-13097=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): SuSEfirewall2-3.6_SVNr208-2.14.1 References: https://bugzilla.suse.com/785299 https://bugzilla.suse.com/798468 https://bugzilla.suse.com/906136 From sle-updates at lists.suse.com Tue May 9 13:15:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 May 2017 21:15:36 +0200 (CEST) Subject: SUSE-RU-2017:1228-1: Recommended update for release-notes-sles Message-ID: <20170509191536.2B498101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1228-1 Rating: low References: #1035086 #1035284 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP2 have been updated to document: - Package Hub and SDK support status. - SELinux Enablement. (fate#317116, bsc#1035086) - Support for intel_idle and hardware P states on Intel Skylake processors can lead to decreased performance. (fate#323248) - Docker Orchestration support status. (fate#321136) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-729=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-729=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): release-notes-sles-12.2.20170508-5.19.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): release-notes-sles-12.2.20170508-5.19.1 References: https://bugzilla.suse.com/1035086 https://bugzilla.suse.com/1035284 From sle-updates at lists.suse.com Wed May 10 10:10:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2017 18:10:02 +0200 (CEST) Subject: SUSE-SU-2017:1229-1: important: Security update for tomcat Message-ID: <20170510161002.E52E0101C1@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1229-1 Rating: important References: #1015119 #1033447 #1033448 Cross-References: CVE-2016-8745 CVE-2017-5647 CVE-2017-5648 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448) - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447) - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-733=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-733=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): tomcat-8.0.43-23.1 tomcat-admin-webapps-8.0.43-23.1 tomcat-docs-webapp-8.0.43-23.1 tomcat-el-3_0-api-8.0.43-23.1 tomcat-javadoc-8.0.43-23.1 tomcat-jsp-2_3-api-8.0.43-23.1 tomcat-lib-8.0.43-23.1 tomcat-servlet-3_1-api-8.0.43-23.1 tomcat-webapps-8.0.43-23.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): tomcat-8.0.43-23.1 tomcat-admin-webapps-8.0.43-23.1 tomcat-docs-webapp-8.0.43-23.1 tomcat-el-3_0-api-8.0.43-23.1 tomcat-javadoc-8.0.43-23.1 tomcat-jsp-2_3-api-8.0.43-23.1 tomcat-lib-8.0.43-23.1 tomcat-servlet-3_1-api-8.0.43-23.1 tomcat-webapps-8.0.43-23.1 References: https://www.suse.com/security/cve/CVE-2016-8745.html https://www.suse.com/security/cve/CVE-2017-5647.html https://www.suse.com/security/cve/CVE-2017-5648.html https://bugzilla.suse.com/1015119 https://bugzilla.suse.com/1033447 https://bugzilla.suse.com/1033448 From sle-updates at lists.suse.com Wed May 10 10:11:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2017 18:11:05 +0200 (CEST) Subject: SUSE-RU-2017:1231-1: Recommended update for procps Message-ID: <20170510161105.AE306101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for procps ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1231-1 Rating: low References: #1030621 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for procps fixes the following issues: - Command w(1) with option -n doesn't work. (bsc#1030621) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-732=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-732=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-732=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-732=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-732=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-732=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-732=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-732=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): procps-debuginfo-3.3.9-10.1 procps-debugsource-3.3.9-10.1 procps-devel-3.3.9-10.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): procps-debuginfo-3.3.9-10.1 procps-debugsource-3.3.9-10.1 procps-devel-3.3.9-10.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libprocps3-3.3.9-10.1 libprocps3-debuginfo-3.3.9-10.1 procps-3.3.9-10.1 procps-debuginfo-3.3.9-10.1 procps-debugsource-3.3.9-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libprocps3-3.3.9-10.1 libprocps3-debuginfo-3.3.9-10.1 procps-3.3.9-10.1 procps-debuginfo-3.3.9-10.1 procps-debugsource-3.3.9-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libprocps3-3.3.9-10.1 libprocps3-debuginfo-3.3.9-10.1 procps-3.3.9-10.1 procps-debuginfo-3.3.9-10.1 procps-debugsource-3.3.9-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libprocps3-3.3.9-10.1 libprocps3-debuginfo-3.3.9-10.1 procps-3.3.9-10.1 procps-debuginfo-3.3.9-10.1 procps-debugsource-3.3.9-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libprocps3-3.3.9-10.1 libprocps3-debuginfo-3.3.9-10.1 procps-3.3.9-10.1 procps-debuginfo-3.3.9-10.1 procps-debugsource-3.3.9-10.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libprocps3-3.3.9-10.1 libprocps3-debuginfo-3.3.9-10.1 procps-3.3.9-10.1 procps-debuginfo-3.3.9-10.1 procps-debugsource-3.3.9-10.1 References: https://bugzilla.suse.com/1030621 From sle-updates at lists.suse.com Wed May 10 10:11:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2017 18:11:36 +0200 (CEST) Subject: SUSE-SU-2017:1233-1: moderate: Security update for openstack-magnum Message-ID: <20170510161136.CE488101C1@maintenance.suse.de> SUSE Security Update: Security update for openstack-magnum ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1233-1 Rating: moderate References: #998182 Cross-References: CVE-2016-7404 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openstack-magnum fixes the following issues: Security issues fixed: - CVE-2016-7404: Magnum created instances have full API access to creating user's OpenStack account (bsc#998182). Bugfixes: - Fixed exception for InvalidParameterValue. - Updated patches have been tested against magnum-3.1.2.dev20 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-730=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-magnum-3.1.2~a0~dev20-9.4 openstack-magnum-api-3.1.2~a0~dev20-9.4 openstack-magnum-conductor-3.1.2~a0~dev20-9.4 openstack-magnum-doc-3.1.2~a0~dev20-9.3 python-magnum-3.1.2~a0~dev20-9.4 References: https://www.suse.com/security/cve/CVE-2016-7404.html https://bugzilla.suse.com/998182 From sle-updates at lists.suse.com Wed May 10 10:12:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2017 18:12:01 +0200 (CEST) Subject: SUSE-RU-2017:1234-1: Recommended update for SUSEConnect Message-ID: <20170510161201.B88A5101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1234-1 Rating: low References: #1018190 #975484 #982630 #990475 #998583 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for SUSEConnect provides the following fixes: - Better error message for network request failure (bsc#982630) - Fix error message for --product with malformed identifier (bsc#1018190) - Fix some errors and formatting in manpages and help output - Better error message for --list-extensions on unregistered systems - Update man page to include the --list-extensions option (bsc#998583) - Support for aarch64 hardware info (bsc#990475) - Better error message if SMT is too old (bsc#975484) - Add method to YaST class to get Installer-Updates repositories (fate#319716) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-731=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-731=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): SUSEConnect-0.2.42-9.22.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): SUSEConnect-0.2.42-9.22.2 References: https://bugzilla.suse.com/1018190 https://bugzilla.suse.com/975484 https://bugzilla.suse.com/982630 https://bugzilla.suse.com/990475 https://bugzilla.suse.com/998583 From sle-updates at lists.suse.com Wed May 10 13:09:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 May 2017 21:09:15 +0200 (CEST) Subject: SUSE-RU-2017:1235-1: Recommended update for gpg2 Message-ID: <20170510190915.02A28101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1235-1 Rating: low References: #1036736 #986783 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gpg2 provides the following fixes: - Do not install CAcert and other root certificates which are not needed with Let's Encrypt. (bsc#1036736) - Initialize the trustdb before import attempt. (bsc#986783) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-735=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-735=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-735=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-735=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-735=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-735=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gpg2-2.0.24-8.1 gpg2-debuginfo-2.0.24-8.1 gpg2-debugsource-2.0.24-8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gpg2-lang-2.0.24-8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gpg2-2.0.24-8.1 gpg2-debuginfo-2.0.24-8.1 gpg2-debugsource-2.0.24-8.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): gpg2-lang-2.0.24-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gpg2-2.0.24-8.1 gpg2-debuginfo-2.0.24-8.1 gpg2-debugsource-2.0.24-8.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gpg2-lang-2.0.24-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gpg2-lang-2.0.24-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gpg2-2.0.24-8.1 gpg2-debuginfo-2.0.24-8.1 gpg2-debugsource-2.0.24-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gpg2-lang-2.0.24-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gpg2-2.0.24-8.1 gpg2-debuginfo-2.0.24-8.1 gpg2-debugsource-2.0.24-8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): gpg2-2.0.24-8.1 gpg2-debuginfo-2.0.24-8.1 gpg2-debugsource-2.0.24-8.1 References: https://bugzilla.suse.com/1036736 https://bugzilla.suse.com/986783 From sle-updates at lists.suse.com Wed May 10 16:09:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 00:09:17 +0200 (CEST) Subject: SUSE-SU-2017:1236-1: moderate: Security update for libsndfile Message-ID: <20170510220917.2258A101C1@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1236-1 Rating: moderate References: #1033054 #1033914 #1033915 #1036943 #1036944 #1036945 #1036946 Cross-References: CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: - CVE-2017-8362: invalid memory read in flac_buffer_copy (flac.c) (bsc#1036943) - CVE-2017-8365: global buffer overflow in i2les_array (pcm.c) (bsc#1036946) - CVE-2017-8361: global buffer overflow in flac_buffer_copy (flac.c) (bsc#1036944) - CVE-2017-8363: heap-based buffer overflow in flac_buffer_copy (flac.c) (bsc#1036945) - CVE-2017-7585: stack-based buffer overflow via a specially crafted FLAC file (bsc#1033054) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libsndfile-13099=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libsndfile-13099=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libsndfile-13099=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-devel-1.0.20-2.18.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-1.0.20-2.18.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsndfile-32bit-1.0.20-2.18.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsndfile-x86-1.0.20-2.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-debuginfo-1.0.20-2.18.1 libsndfile-debugsource-1.0.20-2.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libsndfile-debuginfo-32bit-1.0.20-2.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libsndfile-debuginfo-x86-1.0.20-2.18.1 References: https://www.suse.com/security/cve/CVE-2017-7585.html https://www.suse.com/security/cve/CVE-2017-7741.html https://www.suse.com/security/cve/CVE-2017-7742.html https://www.suse.com/security/cve/CVE-2017-8361.html https://www.suse.com/security/cve/CVE-2017-8362.html https://www.suse.com/security/cve/CVE-2017-8363.html https://www.suse.com/security/cve/CVE-2017-8365.html https://bugzilla.suse.com/1033054 https://bugzilla.suse.com/1033914 https://bugzilla.suse.com/1033915 https://bugzilla.suse.com/1036943 https://bugzilla.suse.com/1036944 https://bugzilla.suse.com/1036945 https://bugzilla.suse.com/1036946 From sle-updates at lists.suse.com Wed May 10 16:10:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 00:10:36 +0200 (CEST) Subject: SUSE-RU-2017:1237-1: Recommended update for openldap2 Message-ID: <20170510221036.2019A101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1237-1 Rating: low References: #1012894 #1033210 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openldap2 provides the following feature and bug fix: A new openldap2-openssl1 package is added for the SECURITY Module, which contains a TLS 1.2 enabled slapd. The openldap2-openssl1 package can be additionally installed and starting the "ldap" sysvinit service will then use this. (FATE#320397 bsc#1033210) Bug fixed: - Fix a deadlock in connection handling (bsc#1012894) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openldap2-13098=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openldap2-13098=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openldap2-13098=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openldap2-13098=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): openldap2-back-perl-2.4.26-0.70.1 openldap2-devel-2.4.26-0.70.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): openldap2-devel-32bit-2.4.26-0.70.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): openldap2-2.4.26-0.70.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.70.1 libldap-2_4-2-2.4.26-0.70.1 openldap2-2.4.26-0.70.1 openldap2-back-meta-2.4.26-0.70.1 openldap2-client-2.4.26-0.70.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.70.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libldap-2_4-2-x86-2.4.26-0.70.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libldap-openssl1-2_4-2-2.4.26-0.70.1 openldap2-openssl1-2.4.26-0.70.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libldap-openssl1-2_4-2-32bit-2.4.26-0.70.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libldap-openssl1-2_4-2-x86-2.4.26-0.70.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.70.1 openldap2-client-debugsource-2.4.26-0.70.1 openldap2-debuginfo-2.4.26-0.70.1 openldap2-debugsource-2.4.26-0.70.1 References: https://bugzilla.suse.com/1012894 https://bugzilla.suse.com/1033210 From sle-updates at lists.suse.com Wed May 10 16:11:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 00:11:16 +0200 (CEST) Subject: SUSE-SU-2017:1238-1: important: Security update for flash-player Message-ID: <20170510221116.D46DD101C1@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1238-1 Rating: important References: #1038281 Cross-References: CVE-2017-3068 CVE-2017-3069 CVE-2017-3070 CVE-2017-3071 CVE-2017-3072 CVE-2017-3073 CVE-2017-3074 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - Security update to 25.0.0.171 (bsc#1038281), fixing the following vulnerabilities advised under APSB17-15: * Use-after-free vulnerability that could lead to code execution (CVE-2017-3071). * Memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074). * Details: https://helpx.adobe.com/security/products/flash-player/apsb17-15.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-738=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-738=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-25.0.0.171-168.1 flash-player-gnome-25.0.0.171-168.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-25.0.0.171-168.1 flash-player-gnome-25.0.0.171-168.1 References: https://www.suse.com/security/cve/CVE-2017-3068.html https://www.suse.com/security/cve/CVE-2017-3069.html https://www.suse.com/security/cve/CVE-2017-3070.html https://www.suse.com/security/cve/CVE-2017-3071.html https://www.suse.com/security/cve/CVE-2017-3072.html https://www.suse.com/security/cve/CVE-2017-3073.html https://www.suse.com/security/cve/CVE-2017-3074.html https://bugzilla.suse.com/1038281 From sle-updates at lists.suse.com Wed May 10 19:09:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 03:09:05 +0200 (CEST) Subject: SUSE-RU-2017:1239-1: Recommended update for openvpn Message-ID: <20170511010905.6B3A3101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1239-1 Rating: low References: #959511 #988522 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openvpn provides the following fixes: - Perform deferred authentication in the background to not cause processing delays when the underlying PAM mechanism (e.g. LDAP) needs longer to respond. (bsc#959511) - Use FIPS approved cipher in our sample configuration file. (bsc#988522) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-739=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-739=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-739=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-739=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-739=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openvpn-2.3.8-16.11.1 openvpn-auth-pam-plugin-2.3.8-16.11.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.11.1 openvpn-debuginfo-2.3.8-16.11.1 openvpn-debugsource-2.3.8-16.11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): openvpn-2.3.8-16.11.1 openvpn-auth-pam-plugin-2.3.8-16.11.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.11.1 openvpn-debuginfo-2.3.8-16.11.1 openvpn-debugsource-2.3.8-16.11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openvpn-2.3.8-16.11.1 openvpn-auth-pam-plugin-2.3.8-16.11.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.11.1 openvpn-debuginfo-2.3.8-16.11.1 openvpn-debugsource-2.3.8-16.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openvpn-2.3.8-16.11.1 openvpn-debuginfo-2.3.8-16.11.1 openvpn-debugsource-2.3.8-16.11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): openvpn-2.3.8-16.11.1 openvpn-debuginfo-2.3.8-16.11.1 openvpn-debugsource-2.3.8-16.11.1 References: https://bugzilla.suse.com/959511 https://bugzilla.suse.com/988522 From sle-updates at lists.suse.com Thu May 11 07:09:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 15:09:38 +0200 (CEST) Subject: SUSE-SU-2017:1241-1: important: Security update for qemu Message-ID: <20170511130938.9143E101C1@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1241-1 Rating: important References: #1013285 #1014109 #1014111 #1014702 #1015048 #1015169 #1016779 #1020491 #1020589 #1020928 #1021129 #1022541 #1023004 #1023053 #1023907 #1024972 #937125 Cross-References: CVE-2016-10155 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5525 CVE-2017-5526 CVE-2017-5667 CVE-2017-5856 CVE-2017-5898 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has four fixes is now available. Description: This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589) - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491) - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix post script for qemu-guest-agent rpm to actually activate the guest agent at rpm install time - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed virtio interface failure (bsc#1015048) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) - Fixed uint64 property parsing and add regression tests (bsc#937125) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-740=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-740=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): qemu-2.3.1-32.11 qemu-block-curl-2.3.1-32.11 qemu-block-curl-debuginfo-2.3.1-32.11 qemu-debugsource-2.3.1-32.11 qemu-guest-agent-2.3.1-32.11 qemu-guest-agent-debuginfo-2.3.1-32.11 qemu-lang-2.3.1-32.11 qemu-tools-2.3.1-32.11 qemu-tools-debuginfo-2.3.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): qemu-kvm-2.3.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): qemu-ppc-2.3.1-32.11 qemu-ppc-debuginfo-2.3.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (noarch): qemu-ipxe-1.0.0-32.11 qemu-seabios-1.8.1-32.11 qemu-sgabios-8-32.11 qemu-vgabios-1.8.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (x86_64): qemu-block-rbd-2.3.1-32.11 qemu-block-rbd-debuginfo-2.3.1-32.11 qemu-x86-2.3.1-32.11 - SUSE Linux Enterprise Server 12-SP1 (s390x): qemu-s390-2.3.1-32.11 qemu-s390-debuginfo-2.3.1-32.11 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): qemu-ipxe-1.0.0-32.11 qemu-seabios-1.8.1-32.11 qemu-sgabios-8-32.11 qemu-vgabios-1.8.1-32.11 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): qemu-2.3.1-32.11 qemu-block-curl-2.3.1-32.11 qemu-block-curl-debuginfo-2.3.1-32.11 qemu-debugsource-2.3.1-32.11 qemu-kvm-2.3.1-32.11 qemu-tools-2.3.1-32.11 qemu-tools-debuginfo-2.3.1-32.11 qemu-x86-2.3.1-32.11 References: https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5525.html https://www.suse.com/security/cve/CVE-2017-5526.html https://www.suse.com/security/cve/CVE-2017-5667.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014702 https://bugzilla.suse.com/1015048 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/1020491 https://bugzilla.suse.com/1020589 https://bugzilla.suse.com/1020928 https://bugzilla.suse.com/1021129 https://bugzilla.suse.com/1022541 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1023053 https://bugzilla.suse.com/1023907 https://bugzilla.suse.com/1024972 https://bugzilla.suse.com/937125 From sle-updates at lists.suse.com Thu May 11 07:12:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 15:12:09 +0200 (CEST) Subject: SUSE-RU-2017:1242-1: Recommended update for python-susepubliccloudinfo Message-ID: <20170511131209.661A4F7B6@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1242-1 Rating: low References: #1034491 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-susepubliccloudinfo provides version 0.4.0 and brings the following fixes and improvements: - Add type filter for servers to distinguish between the SLES infrastructure servers (type='smt-sles') and the SLES for SAP infrastructure servers (type='smt-sap'). (bsc#1034491) - Remove HP Helion support. - Fix exception when the service pack command line option was used. - Show an error message instead of traceback on connection error. - Error messages should write to stderr by default. - Added regex and invert substring filters. - Pretty print the output. Additionally, this update adds python-docopt to the Public Cloud module on aarch64. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-741=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-docopt-0.6.2-9.1 python-susepubliccloudinfo-0.4.0-12.1 References: https://bugzilla.suse.com/1034491 From sle-updates at lists.suse.com Thu May 11 10:10:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 18:10:41 +0200 (CEST) Subject: SUSE-RU-2017:1244-1: Recommended update for yast2-network Message-ID: <20170511161041.A5C73101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1244-1 Rating: low References: #1009931 #1013684 #1020074 #1031120 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-network provides the following fixes: - Fix internal error when changing device base udev rule to busid (bsc#1031120) - Ignore incomplete udev rules read from AutoYaST profiles - Added one line summaries for the configured interfaces (fate#322328) - Update item's overview with freshly edited values (bsc#1009931) - Do not crash with internal error when setting static setup for newly added device (bsc#1013684) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-744=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-744=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-744=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-network-3.1.176-42.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-network-3.1.176-42.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-network-3.1.176-42.1 References: https://bugzilla.suse.com/1009931 https://bugzilla.suse.com/1013684 https://bugzilla.suse.com/1020074 https://bugzilla.suse.com/1031120 From sle-updates at lists.suse.com Thu May 11 10:11:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 18:11:31 +0200 (CEST) Subject: SUSE-RU-2017:1245-1: Recommended update for yast2-network Message-ID: <20170511161131.CFD4C101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1245-1 Rating: low References: #1031120 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network provides the following fix: - Fix internal error when changing device base udev rule to busid (bsc#1031120) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-743=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-743=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-743=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yast2-network-devel-doc-3.1.140.11-32.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-network-3.1.140.11-32.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-network-3.1.140.11-32.1 References: https://bugzilla.suse.com/1031120 From sle-updates at lists.suse.com Thu May 11 10:11:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 18:11:58 +0200 (CEST) Subject: SUSE-RU-2017:1246-1: Recommended update for ucode-intel Message-ID: <20170511161158.CF6E6101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1246-1 Rating: low References: #1030224 Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Intel's CPU microcode version 20161104. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-742=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-742=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-742=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-742=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP2 (x86_64): ucode-intel-20161104-12.1 ucode-intel-debuginfo-20161104-12.1 ucode-intel-debugsource-20161104-12.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): ucode-intel-20161104-12.1 ucode-intel-debuginfo-20161104-12.1 ucode-intel-debugsource-20161104-12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ucode-intel-20161104-12.1 ucode-intel-debuginfo-20161104-12.1 ucode-intel-debugsource-20161104-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ucode-intel-20161104-12.1 ucode-intel-debuginfo-20161104-12.1 ucode-intel-debugsource-20161104-12.1 References: https://bugzilla.suse.com/1030224 From sle-updates at lists.suse.com Thu May 11 13:09:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 21:09:06 +0200 (CEST) Subject: SUSE-SU-2017:1247-1: important: Security update for the Linux Kernel Message-ID: <20170511190906.E3668101C1@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1247-1 Rating: important References: #1003077 #1015703 #1021256 #1021762 #1023377 #1023762 #1023992 #1024938 #1025235 #1026024 #1026722 #1026914 #1027066 #1027149 #1027178 #1027189 #1027190 #1028415 #1028895 #1029986 #1030118 #1030213 #1030901 #1031003 #1031052 #1031440 #1031579 #1032344 #1033336 #914939 #954763 #968697 #979215 #983212 #989056 Cross-References: CVE-2015-1350 CVE-2016-10044 CVE-2016-10200 CVE-2016-10208 CVE-2016-2117 CVE-2016-3070 CVE-2016-5243 CVE-2016-7117 CVE-2016-9588 CVE-2017-2671 CVE-2017-5669 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 CVE-2017-6353 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7616 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has 10 fixes is now available. Description: The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703). - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). The following non-security bugs were fixed: - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - hwrng: virtio - ensure reads happen after successful probe (bsc#954763 bsc#1032344). - kgr/module: make a taint flag module-specific (fate#313296). - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415). - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118). - module: move add_taint_module() to a header file (fate#313296). - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149). - nfs: flush out dirty data on file fput() (bsc#1021762). - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895). - powerpc: Reject binutils 2.24 when building little endian (boo#1028895). - revert "procfs: mark thread stack correctly in proc//maps" (bnc#1030901). - taint/module: Clean up global and module taint flags handling (fate#313296). - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-749=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-749=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-749=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.72.1 kernel-default-base-3.12.61-52.72.1 kernel-default-base-debuginfo-3.12.61-52.72.1 kernel-default-debuginfo-3.12.61-52.72.1 kernel-default-debugsource-3.12.61-52.72.1 kernel-default-devel-3.12.61-52.72.1 kernel-syms-3.12.61-52.72.1 kernel-xen-3.12.61-52.72.1 kernel-xen-base-3.12.61-52.72.1 kernel-xen-base-debuginfo-3.12.61-52.72.1 kernel-xen-debuginfo-3.12.61-52.72.1 kernel-xen-debugsource-3.12.61-52.72.1 kernel-xen-devel-3.12.61-52.72.1 kgraft-patch-3_12_61-52_72-default-1-2.1 kgraft-patch-3_12_61-52_72-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.72.1 kernel-macros-3.12.61-52.72.1 kernel-source-3.12.61-52.72.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.72.1 kernel-default-base-3.12.61-52.72.1 kernel-default-base-debuginfo-3.12.61-52.72.1 kernel-default-debuginfo-3.12.61-52.72.1 kernel-default-debugsource-3.12.61-52.72.1 kernel-default-devel-3.12.61-52.72.1 kernel-syms-3.12.61-52.72.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.72.1 kernel-macros-3.12.61-52.72.1 kernel-source-3.12.61-52.72.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.72.1 kernel-xen-base-3.12.61-52.72.1 kernel-xen-base-debuginfo-3.12.61-52.72.1 kernel-xen-debuginfo-3.12.61-52.72.1 kernel-xen-debugsource-3.12.61-52.72.1 kernel-xen-devel-3.12.61-52.72.1 kgraft-patch-3_12_61-52_72-default-1-2.1 kgraft-patch-3_12_61-52_72-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.72.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.72.1 kernel-ec2-debuginfo-3.12.61-52.72.1 kernel-ec2-debugsource-3.12.61-52.72.1 kernel-ec2-devel-3.12.61-52.72.1 kernel-ec2-extra-3.12.61-52.72.1 kernel-ec2-extra-debuginfo-3.12.61-52.72.1 References: https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2016-10044.html https://www.suse.com/security/cve/CVE-2016-10200.html https://www.suse.com/security/cve/CVE-2016-10208.html https://www.suse.com/security/cve/CVE-2016-2117.html https://www.suse.com/security/cve/CVE-2016-3070.html https://www.suse.com/security/cve/CVE-2016-5243.html https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-9588.html https://www.suse.com/security/cve/CVE-2017-2671.html https://www.suse.com/security/cve/CVE-2017-5669.html https://www.suse.com/security/cve/CVE-2017-5897.html https://www.suse.com/security/cve/CVE-2017-5970.html https://www.suse.com/security/cve/CVE-2017-5986.html https://www.suse.com/security/cve/CVE-2017-6074.html https://www.suse.com/security/cve/CVE-2017-6214.html https://www.suse.com/security/cve/CVE-2017-6345.html https://www.suse.com/security/cve/CVE-2017-6346.html https://www.suse.com/security/cve/CVE-2017-6348.html https://www.suse.com/security/cve/CVE-2017-6353.html https://www.suse.com/security/cve/CVE-2017-7187.html https://www.suse.com/security/cve/CVE-2017-7261.html https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://www.suse.com/security/cve/CVE-2017-7616.html https://bugzilla.suse.com/1003077 https://bugzilla.suse.com/1015703 https://bugzilla.suse.com/1021256 https://bugzilla.suse.com/1021762 https://bugzilla.suse.com/1023377 https://bugzilla.suse.com/1023762 https://bugzilla.suse.com/1023992 https://bugzilla.suse.com/1024938 https://bugzilla.suse.com/1025235 https://bugzilla.suse.com/1026024 https://bugzilla.suse.com/1026722 https://bugzilla.suse.com/1026914 https://bugzilla.suse.com/1027066 https://bugzilla.suse.com/1027149 https://bugzilla.suse.com/1027178 https://bugzilla.suse.com/1027189 https://bugzilla.suse.com/1027190 https://bugzilla.suse.com/1028415 https://bugzilla.suse.com/1028895 https://bugzilla.suse.com/1029986 https://bugzilla.suse.com/1030118 https://bugzilla.suse.com/1030213 https://bugzilla.suse.com/1030901 https://bugzilla.suse.com/1031003 https://bugzilla.suse.com/1031052 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031579 https://bugzilla.suse.com/1032344 https://bugzilla.suse.com/1033336 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/954763 https://bugzilla.suse.com/968697 https://bugzilla.suse.com/979215 https://bugzilla.suse.com/983212 https://bugzilla.suse.com/989056 From sle-updates at lists.suse.com Thu May 11 13:15:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 21:15:06 +0200 (CEST) Subject: SUSE-SU-2017:1248-1: important: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk Message-ID: <20170511191506.3B989101C1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1248-1 Rating: important References: #1015499 #1015547 #1021636 #1026102 #1030071 #1035082 #983639 Cross-References: CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for "export" grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a "slot" into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. This update also contains java-1_8_0-openjdk that needed to be rebuilt against the new mozilla-nss version. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-748=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-748=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-748=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-748=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-748=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-748=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-748=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-748=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-748=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 libfreebl3-3.29.5-57.1 libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-demo-1.8.0.121-23.4 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-devel-1.8.0.121-23.4 java-1_8_0-openjdk-devel-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-demo-1.8.0.121-23.4 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-devel-1.8.0.121-23.4 java-1_8_0-openjdk-devel-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-demo-1.8.0.121-23.4 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-devel-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 References: https://www.suse.com/security/cve/CVE-2016-1950.html https://www.suse.com/security/cve/CVE-2016-2834.html https://www.suse.com/security/cve/CVE-2016-8635.html https://www.suse.com/security/cve/CVE-2016-9574.html https://www.suse.com/security/cve/CVE-2017-5429.html https://www.suse.com/security/cve/CVE-2017-5432.html https://www.suse.com/security/cve/CVE-2017-5433.html https://www.suse.com/security/cve/CVE-2017-5434.html https://www.suse.com/security/cve/CVE-2017-5435.html https://www.suse.com/security/cve/CVE-2017-5436.html https://www.suse.com/security/cve/CVE-2017-5437.html https://www.suse.com/security/cve/CVE-2017-5438.html https://www.suse.com/security/cve/CVE-2017-5439.html https://www.suse.com/security/cve/CVE-2017-5440.html https://www.suse.com/security/cve/CVE-2017-5441.html https://www.suse.com/security/cve/CVE-2017-5442.html https://www.suse.com/security/cve/CVE-2017-5443.html https://www.suse.com/security/cve/CVE-2017-5444.html https://www.suse.com/security/cve/CVE-2017-5445.html https://www.suse.com/security/cve/CVE-2017-5446.html https://www.suse.com/security/cve/CVE-2017-5447.html https://www.suse.com/security/cve/CVE-2017-5448.html https://www.suse.com/security/cve/CVE-2017-5459.html https://www.suse.com/security/cve/CVE-2017-5460.html https://www.suse.com/security/cve/CVE-2017-5461.html https://www.suse.com/security/cve/CVE-2017-5462.html https://www.suse.com/security/cve/CVE-2017-5464.html https://www.suse.com/security/cve/CVE-2017-5465.html https://www.suse.com/security/cve/CVE-2017-5469.html https://bugzilla.suse.com/1015499 https://bugzilla.suse.com/1015547 https://bugzilla.suse.com/1021636 https://bugzilla.suse.com/1026102 https://bugzilla.suse.com/1030071 https://bugzilla.suse.com/1035082 https://bugzilla.suse.com/983639 From sle-updates at lists.suse.com Thu May 11 13:16:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 21:16:32 +0200 (CEST) Subject: SUSE-RU-2017:1249-1: moderate: Recommended update for systemd Message-ID: <20170511191632.F2E68101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1249-1 Rating: moderate References: #1010220 #1025398 #1025886 #1028263 #1028610 #1029183 #1029691 #1030290 #1031355 #1032538 #1032660 #1033855 #1034565 #955770 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This update for systemd provides the following fixes: - logind: Update empty and "infinity" handling for [User]TasksMax. (bsc#1031355) - importd: Support SUSE style checksums. (fate#322054) - journal: Don't remove leading spaces. (bsc#1033855) - Make sure all swap units are ordered before the swap target. (bsc#955770, bsc#1034565) - hwdb: Fix warning "atkbd serio0: Unknown key pressed". (bsc#1010220) - logind: Restart logind on package update only on SLE12 distros. (bsc#1032660) - core: Treat masked files as "unchanged". (bsc#1032538) - units: Move Before deps for quota services to remote-fs.target. (bsc#1028263) - udev: Support predictable ifnames on vio buses. (bsc#1029183) - udev: Add a persistent rule for ibmvnic devices. (bsc#1029183) - units: Do not throw a warning in emergency mode if plymouth is not installed. (bsc#1025398) - core: Downgrade "Time has been changed" message to debug level. (bsc#1028610) - vconsole: Don't do GIO_SCRNMAP / GIO_UNISCRNMAP. (bsc#1029691) - udev-rules: Perform whitespace replacement for symlink subst values. (bsc#1025886) - Consider chroot updates in fix-machines-subvol-for-rollbacks.sh. (bsc#1030290) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-751=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-751=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-751=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-751=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-751=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libudev-devel-228-142.1 systemd-debuginfo-228-142.1 systemd-debugsource-228-142.1 systemd-devel-228-142.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsystemd0-228-142.1 libsystemd0-debuginfo-228-142.1 libudev1-228-142.1 libudev1-debuginfo-228-142.1 systemd-228-142.1 systemd-debuginfo-228-142.1 systemd-debugsource-228-142.1 systemd-sysvinit-228-142.1 udev-228-142.1 udev-debuginfo-228-142.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): systemd-bash-completion-228-142.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsystemd0-228-142.1 libsystemd0-debuginfo-228-142.1 libudev1-228-142.1 libudev1-debuginfo-228-142.1 systemd-228-142.1 systemd-debuginfo-228-142.1 systemd-debugsource-228-142.1 systemd-sysvinit-228-142.1 udev-228-142.1 udev-debuginfo-228-142.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): systemd-bash-completion-228-142.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsystemd0-32bit-228-142.1 libsystemd0-debuginfo-32bit-228-142.1 libudev1-32bit-228-142.1 libudev1-debuginfo-32bit-228-142.1 systemd-32bit-228-142.1 systemd-debuginfo-32bit-228-142.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): systemd-bash-completion-228-142.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsystemd0-228-142.1 libsystemd0-32bit-228-142.1 libsystemd0-debuginfo-228-142.1 libsystemd0-debuginfo-32bit-228-142.1 libudev1-228-142.1 libudev1-32bit-228-142.1 libudev1-debuginfo-228-142.1 libudev1-debuginfo-32bit-228-142.1 systemd-228-142.1 systemd-32bit-228-142.1 systemd-debuginfo-228-142.1 systemd-debuginfo-32bit-228-142.1 systemd-debugsource-228-142.1 systemd-sysvinit-228-142.1 udev-228-142.1 udev-debuginfo-228-142.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsystemd0-228-142.1 libsystemd0-debuginfo-228-142.1 libudev1-228-142.1 libudev1-debuginfo-228-142.1 systemd-228-142.1 systemd-debuginfo-228-142.1 systemd-debugsource-228-142.1 systemd-sysvinit-228-142.1 udev-228-142.1 udev-debuginfo-228-142.1 References: https://bugzilla.suse.com/1010220 https://bugzilla.suse.com/1025398 https://bugzilla.suse.com/1025886 https://bugzilla.suse.com/1028263 https://bugzilla.suse.com/1028610 https://bugzilla.suse.com/1029183 https://bugzilla.suse.com/1029691 https://bugzilla.suse.com/1030290 https://bugzilla.suse.com/1031355 https://bugzilla.suse.com/1032538 https://bugzilla.suse.com/1032660 https://bugzilla.suse.com/1033855 https://bugzilla.suse.com/1034565 https://bugzilla.suse.com/955770 From sle-updates at lists.suse.com Thu May 11 13:18:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 21:18:58 +0200 (CEST) Subject: SUSE-SU-2017:1250-1: moderate: Security update for dovecot22 Message-ID: <20170511191858.BA802101C1@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1250-1 Rating: moderate References: #1032248 #854512 #932386 Cross-References: CVE-2017-2669 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for dovecot22 to version 2.2.29.1 fixes the following issues: This security issue was fixed: - CVE-2017-2669: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS (bsc#1032248) Additionally stronger SSL default ciphers are now used. This non-security issue was fixed: - Remove all references /etc/ssl/certs/. It should not be used anymore (bsc#932386) More changes are available in the changelog. Please make sure you read README.SUSE after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-747=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-747=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-747=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-747=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-747=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.29.1-11.1 dovecot22-debugsource-2.2.29.1-11.1 dovecot22-devel-2.2.29.1-11.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): dovecot22-debuginfo-2.2.29.1-11.1 dovecot22-debugsource-2.2.29.1-11.1 dovecot22-devel-2.2.29.1-11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dovecot22-2.2.29.1-11.1 dovecot22-backend-mysql-2.2.29.1-11.1 dovecot22-backend-mysql-debuginfo-2.2.29.1-11.1 dovecot22-backend-pgsql-2.2.29.1-11.1 dovecot22-backend-pgsql-debuginfo-2.2.29.1-11.1 dovecot22-backend-sqlite-2.2.29.1-11.1 dovecot22-backend-sqlite-debuginfo-2.2.29.1-11.1 dovecot22-debuginfo-2.2.29.1-11.1 dovecot22-debugsource-2.2.29.1-11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): dovecot-2.2-3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dovecot22-2.2.29.1-11.1 dovecot22-backend-mysql-2.2.29.1-11.1 dovecot22-backend-mysql-debuginfo-2.2.29.1-11.1 dovecot22-backend-pgsql-2.2.29.1-11.1 dovecot22-backend-pgsql-debuginfo-2.2.29.1-11.1 dovecot22-backend-sqlite-2.2.29.1-11.1 dovecot22-backend-sqlite-debuginfo-2.2.29.1-11.1 dovecot22-debuginfo-2.2.29.1-11.1 dovecot22-debugsource-2.2.29.1-11.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): dovecot-2.2-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dovecot22-2.2.29.1-11.1 dovecot22-backend-mysql-2.2.29.1-11.1 dovecot22-backend-mysql-debuginfo-2.2.29.1-11.1 dovecot22-backend-pgsql-2.2.29.1-11.1 dovecot22-backend-pgsql-debuginfo-2.2.29.1-11.1 dovecot22-backend-sqlite-2.2.29.1-11.1 dovecot22-backend-sqlite-debuginfo-2.2.29.1-11.1 dovecot22-debuginfo-2.2.29.1-11.1 dovecot22-debugsource-2.2.29.1-11.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): dovecot-2.2-3.1 References: https://www.suse.com/security/cve/CVE-2017-2669.html https://bugzilla.suse.com/1032248 https://bugzilla.suse.com/854512 https://bugzilla.suse.com/932386 From sle-updates at lists.suse.com Thu May 11 13:19:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 21:19:41 +0200 (CEST) Subject: SUSE-RU-2017:1251-1: Recommended update for supportutils Message-ID: <20170511191941.31EEA101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1251-1 Rating: low References: #1014481 #1023308 #1030657 #995625 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for supportutils provides the following fixes: - Added URI to zypper repos list (bsc#995625) - Added curl timeout for shorter access times (bsc#1014481) - Fixed detailed unit information on sle12sp2 (bsc#1023308) - Added PPC commands and logs (bsc#1030657) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-750=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-750=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-750=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-750=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-750=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): supportutils-3.0-91.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): supportutils-3.0-91.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): supportutils-3.0-91.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): supportutils-3.0-91.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): supportutils-3.0-91.1 References: https://bugzilla.suse.com/1014481 https://bugzilla.suse.com/1023308 https://bugzilla.suse.com/1030657 https://bugzilla.suse.com/995625 From sle-updates at lists.suse.com Thu May 11 13:20:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 21:20:30 +0200 (CEST) Subject: SUSE-RU-2017:1252-1: Recommended update for intel-cmt-cat Message-ID: <20170511192030.6EB14101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for intel-cmt-cat ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1252-1 Rating: low References: #1035409 Affected Products: SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for intel-cmt-cat improves the description contained in the package's metadata. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-745=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP2 (x86_64): intel-cmt-cat-0.1.4-3.1 intel-cmt-cat-debuginfo-0.1.4-3.1 intel-cmt-cat-debugsource-0.1.4-3.1 libpqos1-0.1.4-3.1 libpqos1-debuginfo-0.1.4-3.1 References: https://bugzilla.suse.com/1035409 From sle-updates at lists.suse.com Thu May 11 13:20:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 May 2017 21:20:52 +0200 (CEST) Subject: SUSE-RU-2017:1253-1: moderate: Recommended update for libvirt Message-ID: <20170511192052.B3CA3101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1253-1 Rating: moderate References: #1015348 #1025252 #1034024 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libvirt provides the following fixes: - Increase file and task limits for daemons. (bsc#1034024) - Only check for IPv6 RA routes when setting up IPv6 network. (bsc#1025252) - Add Conflicts=xendomains.service to libvirtd service. (bsc#1015348) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-746=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-746=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-746=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-746=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-746=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libvirt-client-32bit-2.0.0-27.17.1 libvirt-client-debuginfo-32bit-2.0.0-27.17.1 libvirt-debugsource-2.0.0-27.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-2.0.0-27.17.1 libvirt-devel-2.0.0-27.17.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvirt-2.0.0-27.17.1 libvirt-client-2.0.0-27.17.1 libvirt-client-debuginfo-2.0.0-27.17.1 libvirt-daemon-2.0.0-27.17.1 libvirt-daemon-config-network-2.0.0-27.17.1 libvirt-daemon-config-nwfilter-2.0.0-27.17.1 libvirt-daemon-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-interface-2.0.0-27.17.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-lxc-2.0.0-27.17.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-network-2.0.0-27.17.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-nodedev-2.0.0-27.17.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-nwfilter-2.0.0-27.17.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-qemu-2.0.0-27.17.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-secret-2.0.0-27.17.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-storage-2.0.0-27.17.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.17.1 libvirt-daemon-lxc-2.0.0-27.17.1 libvirt-daemon-qemu-2.0.0-27.17.1 libvirt-debugsource-2.0.0-27.17.1 libvirt-doc-2.0.0-27.17.1 libvirt-lock-sanlock-2.0.0-27.17.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.17.1 libvirt-nss-2.0.0-27.17.1 libvirt-nss-debuginfo-2.0.0-27.17.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libvirt-2.0.0-27.17.1 libvirt-client-2.0.0-27.17.1 libvirt-client-debuginfo-2.0.0-27.17.1 libvirt-daemon-2.0.0-27.17.1 libvirt-daemon-config-network-2.0.0-27.17.1 libvirt-daemon-config-nwfilter-2.0.0-27.17.1 libvirt-daemon-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-interface-2.0.0-27.17.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-lxc-2.0.0-27.17.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-network-2.0.0-27.17.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-nodedev-2.0.0-27.17.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-nwfilter-2.0.0-27.17.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-qemu-2.0.0-27.17.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-secret-2.0.0-27.17.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-storage-2.0.0-27.17.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.17.1 libvirt-daemon-lxc-2.0.0-27.17.1 libvirt-daemon-qemu-2.0.0-27.17.1 libvirt-debugsource-2.0.0-27.17.1 libvirt-doc-2.0.0-27.17.1 libvirt-lock-sanlock-2.0.0-27.17.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.17.1 libvirt-nss-2.0.0-27.17.1 libvirt-nss-debuginfo-2.0.0-27.17.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.17.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.17.1 libvirt-daemon-xen-2.0.0-27.17.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvirt-2.0.0-27.17.1 libvirt-client-2.0.0-27.17.1 libvirt-client-32bit-2.0.0-27.17.1 libvirt-client-debuginfo-2.0.0-27.17.1 libvirt-client-debuginfo-32bit-2.0.0-27.17.1 libvirt-daemon-2.0.0-27.17.1 libvirt-daemon-config-network-2.0.0-27.17.1 libvirt-daemon-config-nwfilter-2.0.0-27.17.1 libvirt-daemon-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-interface-2.0.0-27.17.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-libxl-2.0.0-27.17.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-lxc-2.0.0-27.17.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-network-2.0.0-27.17.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-nodedev-2.0.0-27.17.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-nwfilter-2.0.0-27.17.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-qemu-2.0.0-27.17.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-secret-2.0.0-27.17.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.17.1 libvirt-daemon-driver-storage-2.0.0-27.17.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.17.1 libvirt-daemon-lxc-2.0.0-27.17.1 libvirt-daemon-qemu-2.0.0-27.17.1 libvirt-daemon-xen-2.0.0-27.17.1 libvirt-debugsource-2.0.0-27.17.1 libvirt-doc-2.0.0-27.17.1 References: https://bugzilla.suse.com/1015348 https://bugzilla.suse.com/1025252 https://bugzilla.suse.com/1034024 From sle-updates at lists.suse.com Mon May 15 10:13:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 18:13:05 +0200 (CEST) Subject: SUSE-RU-2017:1261-1: Recommended update for libosinfo Message-ID: <20170515161305.5AA43101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for libosinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1261-1 Rating: low References: #1003456 #1012005 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libosinfo fixes the following issues: - Using the wrong bootloader tool to boot the SLES 12-SP3 PV kernel on Xen platform. (bsc#1012005) - Failure to detect openSUSE Leap 42.2 ISO in virt-install. (bsc#1003456) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-754=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-754=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-754=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libosinfo-debuginfo-0.2.12-10.1 libosinfo-debugsource-0.2.12-10.1 libosinfo-devel-0.2.12-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libosinfo-0.2.12-10.1 libosinfo-1_0-0-0.2.12-10.1 libosinfo-1_0-0-debuginfo-0.2.12-10.1 libosinfo-debuginfo-0.2.12-10.1 libosinfo-debugsource-0.2.12-10.1 typelib-1_0-Libosinfo-1_0-0.2.12-10.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libosinfo-lang-0.2.12-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libosinfo-0.2.12-10.1 libosinfo-1_0-0-0.2.12-10.1 libosinfo-1_0-0-debuginfo-0.2.12-10.1 libosinfo-debuginfo-0.2.12-10.1 libosinfo-debugsource-0.2.12-10.1 typelib-1_0-Libosinfo-1_0-0.2.12-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libosinfo-lang-0.2.12-10.1 References: https://bugzilla.suse.com/1003456 https://bugzilla.suse.com/1012005 From sle-updates at lists.suse.com Mon May 15 10:13:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 18:13:40 +0200 (CEST) Subject: SUSE-RU-2017:1262-1: Recommended update for autofs Message-ID: <20170515161340.9BEB6101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1262-1 Rating: low References: #1031533 #998078 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for autofs fixes the following issues: - Do not add wildcard key to negative cache. (bsc#1031533) - Fix typo in DEFAULT_AUTH_CONFIG_FILE definition. (bsc#998078) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-autofs-13102=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-autofs-13102=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): autofs-5.0.6-3.10.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): autofs-debuginfo-5.0.6-3.10.41.1 autofs-debugsource-5.0.6-3.10.41.1 References: https://bugzilla.suse.com/1031533 https://bugzilla.suse.com/998078 From sle-updates at lists.suse.com Mon May 15 10:18:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 18:18:36 +0200 (CEST) Subject: SUSE-RU-2017:1265-1: Recommended update for autofs Message-ID: <20170515161836.D5A0D101C1@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1265-1 Rating: low References: #1031533 #998078 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for autofs fixes the following issues: - Do not add wildcard key to negative cache. (bsc#1031533) - Fix typo in DEFAULT_AUTH_CONFIG_FILE definition. (bsc#998078) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-756=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-756=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-756=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): autofs-5.0.9-27.2 autofs-debuginfo-5.0.9-27.2 autofs-debugsource-5.0.9-27.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): autofs-5.0.9-27.2 autofs-debuginfo-5.0.9-27.2 autofs-debugsource-5.0.9-27.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): autofs-5.0.9-27.2 autofs-debuginfo-5.0.9-27.2 autofs-debugsource-5.0.9-27.2 References: https://bugzilla.suse.com/1031533 https://bugzilla.suse.com/998078 From sle-updates at lists.suse.com Mon May 15 13:09:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:09:43 +0200 (CEST) Subject: SUSE-SU-2017:1277-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 Message-ID: <20170515190943.8D298101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1277-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.21-84 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-771=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-84-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:10:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:10:55 +0200 (CEST) Subject: SUSE-SU-2017:1278-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12 Message-ID: <20170515191055.C5911101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1278-1 Rating: important References: #1030575 #1031660 Cross-References: CVE-2017-7308 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.60-52_60 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-766=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-766=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_60-default-5-2.1 kgraft-patch-3_12_60-52_60-xen-5-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_60-default-5-2.1 kgraft-patch-3_12_60-52_60-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:11:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:11:29 +0200 (CEST) Subject: SUSE-SU-2017:1279-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 Message-ID: <20170515191129.1F630101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1279-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.21-81 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-772=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:12:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:12:22 +0200 (CEST) Subject: SUSE-SU-2017:1280-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 Message-ID: <20170515191222.26A97101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1280-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.69-60_64_32 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-773=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_32-default-3-2.1 kgraft-patch-3_12_69-60_64_32-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:13:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:13:17 +0200 (CEST) Subject: SUSE-SU-2017:1281-1: important: Security update for Linux Kernel Live Patch 20 for SLE 12 Message-ID: <20170515191317.5198B101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 20 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1281-1 Rating: important References: #1025013 #1030575 #1031660 Cross-References: CVE-2017-5970 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update the for Linux Kernel 3.12.61-52.69 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-763=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-763=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_69-default-2-4.1 kgraft-patch-3_12_61-52_69-xen-2-4.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_69-default-2-4.1 kgraft-patch-3_12_61-52_69-xen-2-4.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:14:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:14:07 +0200 (CEST) Subject: SUSE-SU-2017:1282-1: moderate: Security update for libxslt Message-ID: <20170515191407.406C1101C4@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1282-1 Rating: moderate References: #1005591 #1035905 #934119 #952474 Cross-References: CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute" in preproc.c could cause a type confusion leading to DoS. (bsc#952474) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxslt-13104=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxslt-13104=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxslt-13104=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxslt-devel-1.1.24-19.33.1 libxslt-python-1.1.24-19.33.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxslt-devel-32bit-1.1.24-19.33.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxslt-1.1.24-19.33.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxslt-32bit-1.1.24-19.33.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxslt-x86-1.1.24-19.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxslt-debuginfo-1.1.24-19.33.1 libxslt-debugsource-1.1.24-19.33.1 libxslt-python-debuginfo-1.1.24-19.33.3 libxslt-python-debugsource-1.1.24-19.33.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libxslt-debuginfo-32bit-1.1.24-19.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libxslt-debuginfo-x86-1.1.24-19.33.1 References: https://www.suse.com/security/cve/CVE-2015-7995.html https://www.suse.com/security/cve/CVE-2015-9019.html https://www.suse.com/security/cve/CVE-2016-4738.html https://www.suse.com/security/cve/CVE-2017-5029.html https://bugzilla.suse.com/1005591 https://bugzilla.suse.com/1035905 https://bugzilla.suse.com/934119 https://bugzilla.suse.com/952474 From sle-updates at lists.suse.com Mon May 15 13:15:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:15:08 +0200 (CEST) Subject: SUSE-SU-2017:1283-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2 Message-ID: <20170515191508.100A0101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1283-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.49-92_11 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-769=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_11-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:16:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:16:10 +0200 (CEST) Subject: SUSE-SU-2017:1284-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 Message-ID: <20170515191610.9FBF8101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1284-1 Rating: important References: #1030467 #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for the Linux Kernel 3.12.62-60_62 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). - bsc#1030467: Updated Dirty COW fix. The former patch caused some apps to freeze in rare circumstances Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-779=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-9-2.1 kgraft-patch-3_12_62-60_62-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030467 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:17:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:17:20 +0200 (CEST) Subject: SUSE-SU-2017:1285-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 Message-ID: <20170515191720.389EF101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1285-1 Rating: important References: #1030467 #1030575 #1031660 Cross-References: CVE-2017-7308 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - bsc#1030467: Updated Dirty COW fix. The former patch caused some apps to freeze in rare circumstances Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-781=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-781=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-9-2.1 kgraft-patch-3_12_60-52_49-xen-9-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-9-2.1 kgraft-patch-3_12_60-52_49-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030467 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:18:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:18:25 +0200 (CEST) Subject: SUSE-RU-2017:1286-1: moderate: Recommended update for wicked Message-ID: <20170515191825.9FF5B101C4@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1286-1 Rating: moderate References: #1007909 #1009801 #1021914 #1025757 #1026683 #1026780 #1027231 #1029133 #1030053 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update provides Wicked 0.6.40, which brings the following fixes and enhancements: - fsm: Clone bound config and cleanup references fixing ifindex reference handling in iBFT vlan configuration. (bsc#1030053) - updater: Fix to not leave orphaned background jobs on device delete, causing to block processing of synchronized jobs. (bsc#1029133) - vxlan: Add initial support. (bsc#1026780) - dhcp: Correct and complete fqdn option support. (bsc#1025757) - bonding: Properly send primary reselect to kernel, (bsc#1027231) - dbus: Fix caller-uid timeout to 15sec, not 15ms. (bsc#1026683) - ethtool: Handle ring,coalesce,eee parameters. (bsc#1007909) - bond: Fix xmit-hash-policy option mismatch. (bsc#1021914) - ifconfig: Avoid timeouts on large number of IPs by performing IPv4 duplicate address detection, apply and sending gratuitous ARP for chunks of multiple addresses at once. (bsc#1009801) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-760=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-760=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libwicked-0-6-0.6.40-28.6.1 libwicked-0-6-debuginfo-0.6.40-28.6.1 wicked-0.6.40-28.6.1 wicked-debuginfo-0.6.40-28.6.1 wicked-debugsource-0.6.40-28.6.1 wicked-service-0.6.40-28.6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libwicked-0-6-0.6.40-28.6.1 libwicked-0-6-debuginfo-0.6.40-28.6.1 wicked-0.6.40-28.6.1 wicked-debuginfo-0.6.40-28.6.1 wicked-debugsource-0.6.40-28.6.1 wicked-service-0.6.40-28.6.1 References: https://bugzilla.suse.com/1007909 https://bugzilla.suse.com/1009801 https://bugzilla.suse.com/1021914 https://bugzilla.suse.com/1025757 https://bugzilla.suse.com/1026683 https://bugzilla.suse.com/1026780 https://bugzilla.suse.com/1027231 https://bugzilla.suse.com/1029133 https://bugzilla.suse.com/1030053 From sle-updates at lists.suse.com Mon May 15 13:20:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:20:44 +0200 (CEST) Subject: SUSE-SU-2017:1287-1: important: Security update for Linux Kernel Live Patch 18 for SLE 12 Message-ID: <20170515192044.A8E62101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 18 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1287-1 Rating: important References: #1030575 #1031660 Cross-References: CVE-2017-7308 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.60-52_63 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-765=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-765=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_63-default-5-2.1 kgraft-patch-3_12_60-52_63-xen-5-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_63-default-5-2.1 kgraft-patch-3_12_60-52_63-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:21:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:21:22 +0200 (CEST) Subject: SUSE-SU-2017:1288-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20170515192122.699B4101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1288-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-778=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_64_8-default-8-2.1 kgraft-patch-3_12_62-60_64_8-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:22:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:22:19 +0200 (CEST) Subject: SUSE-SU-2017:1289-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 Message-ID: <20170515192219.5F02A101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1289-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-776=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_21-default-6-2.1 kgraft-patch-3_12_67-60_64_21-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:23:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:23:11 +0200 (CEST) Subject: SUSE-SU-2017:1290-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 Message-ID: <20170515192311.7FE4F101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1290-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-775=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_24-default-5-2.1 kgraft-patch-3_12_67-60_64_24-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:24:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:24:03 +0200 (CEST) Subject: SUSE-SU-2017:1291-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12 Message-ID: <20170515192403.35A19101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1291-1 Rating: important References: #1030575 #1031660 Cross-References: CVE-2017-7308 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.60-52_57 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-767=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-767=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_57-default-6-2.1 kgraft-patch-3_12_60-52_57-xen-6-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_57-default-6-2.1 kgraft-patch-3_12_60-52_57-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:25:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:25:19 +0200 (CEST) Subject: SUSE-SU-2017:1293-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 Message-ID: <20170515192519.90504101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1293-1 Rating: important References: #1030467 #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). - bsc#1030467: Updated Dirty COW fix. The former patch caused some apps to freeze in rare circumstances Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-780=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-10-2.1 kgraft-patch-3_12_59-60_45-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030467 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:26:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:26:51 +0200 (CEST) Subject: SUSE-SU-2017:1294-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 Message-ID: <20170515192651.5E36A101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1294-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.69-60_64_29 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-774=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_29-default-4-2.1 kgraft-patch-3_12_69-60_64_29-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:27:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:27:40 +0200 (CEST) Subject: SUSE-SU-2017:1295-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 Message-ID: <20170515192740.36004101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1295-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.38-93 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-770=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:28:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:28:42 +0200 (CEST) Subject: SUSE-RU-2017:1296-1: moderate: Recommended update for wicked Message-ID: <20170515192842.BD14B101C4@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1296-1 Rating: moderate References: #1007909 #1009801 #1021914 #1025757 #1026683 #1026780 #1027231 #1029133 #1030053 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update provides Wicked 0.6.40, which brings the following fixes and enhancements: - fsm: Clone bound config and cleanup references fixing ifindex reference handling in iBFT vlan configuration. (bsc#1030053) - updater: Fix to not leave orphaned background jobs on device delete, causing to block processing of synchronized jobs. (bsc#1029133) - vxlan: Add initial support. (bsc#1026780) - dhcp: Correct and complete fqdn option support. (bsc#1025757) - bonding: Properly send primary reselect to kernel, (bsc#1027231) - dbus: Fix caller-uid timeout to 15sec, not 15ms. (bsc#1026683) - ethtool: Handle ring,coalesce,eee parameters. (bsc#1007909) - bond: Fix xmit-hash-policy option mismatch. (bsc#1021914) - ifconfig: Avoid timeouts on large number of IPs by performing IPv4 duplicate address detection, apply and sending gratuitous ARP for chunks of multiple addresses at once. (bsc#1009801) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-761=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-761=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-761=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-761=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libwicked-0-6-0.6.40-37.1 libwicked-0-6-debuginfo-0.6.40-37.1 wicked-0.6.40-37.1 wicked-debuginfo-0.6.40-37.1 wicked-debugsource-0.6.40-37.1 wicked-service-0.6.40-37.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libwicked-0-6-0.6.40-37.1 libwicked-0-6-debuginfo-0.6.40-37.1 wicked-0.6.40-37.1 wicked-debuginfo-0.6.40-37.1 wicked-debugsource-0.6.40-37.1 wicked-service-0.6.40-37.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libwicked-0-6-0.6.40-37.1 libwicked-0-6-debuginfo-0.6.40-37.1 wicked-0.6.40-37.1 wicked-debuginfo-0.6.40-37.1 wicked-debugsource-0.6.40-37.1 wicked-service-0.6.40-37.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libwicked-0-6-0.6.40-37.1 libwicked-0-6-debuginfo-0.6.40-37.1 wicked-0.6.40-37.1 wicked-debuginfo-0.6.40-37.1 wicked-debugsource-0.6.40-37.1 wicked-service-0.6.40-37.1 References: https://bugzilla.suse.com/1007909 https://bugzilla.suse.com/1009801 https://bugzilla.suse.com/1021914 https://bugzilla.suse.com/1025757 https://bugzilla.suse.com/1026683 https://bugzilla.suse.com/1026780 https://bugzilla.suse.com/1027231 https://bugzilla.suse.com/1029133 https://bugzilla.suse.com/1030053 From sle-updates at lists.suse.com Mon May 15 13:30:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:30:36 +0200 (CEST) Subject: SUSE-SU-2017:1297-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 Message-ID: <20170515193036.A8813101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1297-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-777=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_18-default-7-2.1 kgraft-patch-3_12_67-60_64_18-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:31:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:31:31 +0200 (CEST) Subject: SUSE-RU-2017:1298-1: important: Recommended update for crowbar-openstack Message-ID: <20170515193131.4C7DF101C4@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-openstack ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1298-1 Rating: important References: #1038122 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-openstack fixes the following issues: - Fix Magnum migrations. (bsc#1038122) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-757=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): crowbar-openstack-4.0+git.1491457979.cfaad6bd-8.1 References: https://bugzilla.suse.com/1038122 From sle-updates at lists.suse.com Mon May 15 13:31:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:31:57 +0200 (CEST) Subject: SUSE-SU-2017:1299-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 Message-ID: <20170515193157.36ECE101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1299-1 Rating: important References: #1030467 #1030575 #1031660 Cross-References: CVE-2017-7308 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - bsc#1030467: Updated Dirty COW fix. The former patch caused some apps to freeze in rare circumstances Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-782=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-782=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-9-2.1 kgraft-patch-3_12_55-52_45-xen-9-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-9-2.1 kgraft-patch-3_12_55-52_45-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030467 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:32:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:32:36 +0200 (CEST) Subject: SUSE-SU-2017:1300-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 Message-ID: <20170515193236.9E0C1101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1300-1 Rating: important References: #1030467 #1030575 #1031660 Cross-References: CVE-2017-7308 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - bsc#1030467: Updated Dirty COW fix. The former patch caused some apps to freeze in rare circumstances Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-768=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-768=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-9-2.1 kgraft-patch-3_12_60-52_54-xen-9-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-9-2.1 kgraft-patch-3_12_60-52_54-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030467 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 13:33:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:33:19 +0200 (CEST) Subject: SUSE-SU-2017:1301-1: important: Security update for the Linux Kernel Message-ID: <20170515193319.28E40101C4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1301-1 Rating: important References: #1005651 #1008374 #1008893 #1013018 #1013070 #1013800 #1013862 #1016489 #1017143 #1018263 #1018446 #1019168 #1020229 #1021256 #1021913 #1022971 #1023014 #1023163 #1023888 #1024508 #1024788 #1024938 #1025235 #1025702 #1026024 #1026260 #1026722 #1026914 #1027066 #1027101 #1027178 #1028415 #1028880 #1029212 #1029770 #1030213 #1030573 #1031003 #1031052 #1031440 #1031579 #1032141 #1033336 #1033771 #1033794 #1033804 #1033816 #1034026 #909486 #911105 #931620 #979021 #982783 #983212 #985561 #988065 #989056 #995542 #999245 Cross-References: CVE-2015-3288 CVE-2015-8970 CVE-2016-10200 CVE-2016-5243 CVE-2017-2671 CVE-2017-5669 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6348 CVE-2017-6353 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7616 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 18 vulnerabilities and has 41 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable new features: - Toleration of newer crypto hardware for z Systems - USB 2.0 Link power management for Haswell-ULT The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bsc#979021). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application (bnc#1027066) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c (bsc#1008374). The following non-security bugs were fixed: - NFSD: do not risk using duplicate owner/file/delegation ids (bsc#1029212). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#982783, bsc#1026260). - SUNRPC: Clean up the slot table allocation (bsc#1013862). - SUNRPC: Initalise the struct xprt upon allocation (bsc#1013862). - USB: cdc-acm: fix broken runtime suspend (bsc#1033771). - USB: cdc-acm: fix open and suspend race (bsc#1033771). - USB: cdc-acm: fix potential urb leak and PM imbalance in write (bsc#1033771). - USB: cdc-acm: fix runtime PM for control messages (bsc#1033771). - USB: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771). - USB: cdc-acm: fix shutdown and suspend race (bsc#1033771). - USB: cdc-acm: fix write and resume race (bsc#1033771). - USB: cdc-acm: fix write and suspend race (bsc#1033771). - USB: hub: Fix crash after failure to read BOS descriptor - USB: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794). - USB: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - USB: serial: mos7720: fix NULL-deref at open (bsc#1033816). - USB: serial: mos7720: fix parallel probe (bsc#1033816). - USB: serial: mos7720: fix parport use-after-free on probe errors (bsc#1033816). - USB: serial: mos7720: fix use-after-free on probe errors (bsc#1033816). - USB: serial: mos7840: fix NULL-deref at open (bsc#1034026). - USB: xhci-mem: use passed in GFP flags instead of GFP_KERNEL (bsc#1023014). - Update metadata for serial fixes (bsc#1013070) - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101). - clocksource: Remove "weak" from clocksource_default_clock() declaration (bnc#1013018). - dlm: backport "fix lvb invalidation conditions" (bsc#1005651). - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81) - enic: set skb->hash type properly (bsc#911105). - ext4: fix mballoc breakage with 64k block size (bsc#1013018). - ext4: fix stack memory corruption with 64k block size (bsc#1013018). - ext4: reject inodes with negative size (bsc#1013018). - fuse: initialize fc->release before calling it (bsc#1013018). - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (bsc#985561). - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561). - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (bsc#985561). - i40e/i40evf: Rewrite logic for 8 descriptor per packet check (bsc#985561). - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561). - i40e: Impose a lower limit on gso size (bsc#985561). - i40e: Limit TX descriptor count in cases where frag size is greater than 16K (bsc#985561). - i40e: avoid null pointer dereference (bsc#909486). - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143). - jbd: do not wait (forever) for stale tid caused by wraparound (bsc#1020229). - kABI: mask struct xfs_icdinode change (bsc#1024788). - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508). - kabi: fix (bsc#1008893). - lockd: use init_utsname for id encoding (bsc#1033804). - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - md/linear: shutup lockdep warnning (bsc#1018446). - mm/mempolicy.c: do not put mempolicy before using its nodemask (bnc#931620). - ocfs2: do not write error flag to user structure we cannot copy from/to (bsc#1013018). - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800). - ocfs2: fix error return code in ocfs2_info_handle_freefrag() (bsc#1013018). - ocfs2: null deref on allocation error (bsc#1013018). - pciback: only check PF if actually dealing with a VF (bsc#999245). - pciback: use pci_physfn() (bsc#999245). - posix-timers: Fix stack info leak in timer_create() (bnc#1013018). - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting smt_snooze_delay (bsc#1023163). - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971). - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141). - powerpc/fadump: Update fadump documentation (bsc#1032141). - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489). - powerpc/vdso64: Use double word compare on pointers (bsc#1016489). - rcu: Call out dangers of expedited RCU primitives (bsc#1008893). - rcu: Direct algorithmic SRCU implementation (bsc#1008893). - rcu: Flip ->completed only once per SRCU grace period (bsc#1008893). - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893). - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893). - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893). - s390/kmsg: add missing kmsg descriptions (bnc#1025702). - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702). - s390/zcrypt: Introduce CEX6 toleration - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018). - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded systems (bnc#1013018). - scsi: zfcp: do not trace pure benign residual HBA responses at default level (bnc#1025702). - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702). - scsi: zfcp: fix use-after-"free" in FC ingress path after TMF (bnc#1025702). - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send (bnc#1025702). - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913). - vfs: split generic splice code from i_mutex locking (bsc#1024788). - virtio_scsi: fix memory leak on full queue condition (bsc#1028880). - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xfs: Fix lock ordering in splice write (bsc#1024788). - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788). - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1024508). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: kill xfs_itruncate_start (bsc#1024788). - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788). - xfs: remove the i_size field in struct xfs_inode (bsc#1024788). - xfs: remove xfs_itruncate_data (bsc#1024788). - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508). - xfs: split xfs_itruncate_finish (bsc#1024788). - xfs: split xfs_setattr (bsc#1024788). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-linux-kernel-13105=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-linux-kernel-13105=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-linux-kernel-13105=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-linux-kernel-13105=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-100.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-100.1 kernel-default-base-3.0.101-100.1 kernel-default-devel-3.0.101-100.1 kernel-source-3.0.101-100.1 kernel-syms-3.0.101-100.1 kernel-trace-3.0.101-100.1 kernel-trace-base-3.0.101-100.1 kernel-trace-devel-3.0.101-100.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-100.1 kernel-ec2-base-3.0.101-100.1 kernel-ec2-devel-3.0.101-100.1 kernel-xen-3.0.101-100.1 kernel-xen-base-3.0.101-100.1 kernel-xen-devel-3.0.101-100.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-100.1 kernel-bigmem-base-3.0.101-100.1 kernel-bigmem-devel-3.0.101-100.1 kernel-ppc64-3.0.101-100.1 kernel-ppc64-base-3.0.101-100.1 kernel-ppc64-devel-3.0.101-100.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-100.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-100.1 kernel-pae-base-3.0.101-100.1 kernel-pae-devel-3.0.101-100.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-100.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-100.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-100.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-100.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-100.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-100.1 kernel-default-debugsource-3.0.101-100.1 kernel-trace-debuginfo-3.0.101-100.1 kernel-trace-debugsource-3.0.101-100.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-100.1 kernel-trace-devel-debuginfo-3.0.101-100.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-100.1 kernel-ec2-debugsource-3.0.101-100.1 kernel-xen-debuginfo-3.0.101-100.1 kernel-xen-debugsource-3.0.101-100.1 kernel-xen-devel-debuginfo-3.0.101-100.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-100.1 kernel-bigmem-debugsource-3.0.101-100.1 kernel-ppc64-debuginfo-3.0.101-100.1 kernel-ppc64-debugsource-3.0.101-100.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-100.1 kernel-pae-debugsource-3.0.101-100.1 kernel-pae-devel-debuginfo-3.0.101-100.1 References: https://www.suse.com/security/cve/CVE-2015-3288.html https://www.suse.com/security/cve/CVE-2015-8970.html https://www.suse.com/security/cve/CVE-2016-10200.html https://www.suse.com/security/cve/CVE-2016-5243.html https://www.suse.com/security/cve/CVE-2017-2671.html https://www.suse.com/security/cve/CVE-2017-5669.html https://www.suse.com/security/cve/CVE-2017-5970.html https://www.suse.com/security/cve/CVE-2017-5986.html https://www.suse.com/security/cve/CVE-2017-6074.html https://www.suse.com/security/cve/CVE-2017-6214.html https://www.suse.com/security/cve/CVE-2017-6348.html https://www.suse.com/security/cve/CVE-2017-6353.html https://www.suse.com/security/cve/CVE-2017-7184.html https://www.suse.com/security/cve/CVE-2017-7187.html https://www.suse.com/security/cve/CVE-2017-7261.html https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://www.suse.com/security/cve/CVE-2017-7616.html https://bugzilla.suse.com/1005651 https://bugzilla.suse.com/1008374 https://bugzilla.suse.com/1008893 https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1013070 https://bugzilla.suse.com/1013800 https://bugzilla.suse.com/1013862 https://bugzilla.suse.com/1016489 https://bugzilla.suse.com/1017143 https://bugzilla.suse.com/1018263 https://bugzilla.suse.com/1018446 https://bugzilla.suse.com/1019168 https://bugzilla.suse.com/1020229 https://bugzilla.suse.com/1021256 https://bugzilla.suse.com/1021913 https://bugzilla.suse.com/1022971 https://bugzilla.suse.com/1023014 https://bugzilla.suse.com/1023163 https://bugzilla.suse.com/1023888 https://bugzilla.suse.com/1024508 https://bugzilla.suse.com/1024788 https://bugzilla.suse.com/1024938 https://bugzilla.suse.com/1025235 https://bugzilla.suse.com/1025702 https://bugzilla.suse.com/1026024 https://bugzilla.suse.com/1026260 https://bugzilla.suse.com/1026722 https://bugzilla.suse.com/1026914 https://bugzilla.suse.com/1027066 https://bugzilla.suse.com/1027101 https://bugzilla.suse.com/1027178 https://bugzilla.suse.com/1028415 https://bugzilla.suse.com/1028880 https://bugzilla.suse.com/1029212 https://bugzilla.suse.com/1029770 https://bugzilla.suse.com/1030213 https://bugzilla.suse.com/1030573 https://bugzilla.suse.com/1031003 https://bugzilla.suse.com/1031052 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031579 https://bugzilla.suse.com/1032141 https://bugzilla.suse.com/1033336 https://bugzilla.suse.com/1033771 https://bugzilla.suse.com/1033794 https://bugzilla.suse.com/1033804 https://bugzilla.suse.com/1033816 https://bugzilla.suse.com/1034026 https://bugzilla.suse.com/909486 https://bugzilla.suse.com/911105 https://bugzilla.suse.com/931620 https://bugzilla.suse.com/979021 https://bugzilla.suse.com/982783 https://bugzilla.suse.com/983212 https://bugzilla.suse.com/985561 https://bugzilla.suse.com/988065 https://bugzilla.suse.com/989056 https://bugzilla.suse.com/995542 https://bugzilla.suse.com/999245 From sle-updates at lists.suse.com Mon May 15 13:45:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 May 2017 21:45:02 +0200 (CEST) Subject: SUSE-SU-2017:1302-1: important: Security update for Linux Kernel Live Patch 19 for SLE 12 Message-ID: <20170515194502.B3E29101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1302-1 Rating: important References: #1030575 #1031660 Cross-References: CVE-2017-7308 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_66 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-764=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-764=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_66-default-4-2.1 kgraft-patch-3_12_61-52_66-xen-4-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_66-default-4-2.1 kgraft-patch-3_12_61-52_66-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Mon May 15 16:08:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 00:08:56 +0200 (CEST) Subject: SUSE-SU-2017:1303-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 Message-ID: <20170515220856.AB967101C4@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1303-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-784=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-6-17.2 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Tue May 16 07:09:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 15:09:25 +0200 (CEST) Subject: SUSE-RU-2017:1304-1: Recommended update for dnsmasq Message-ID: <20170516130925.0D9FD101C4@maintenance.suse.de> SUSE Recommended Update: Recommended update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1304-1 Rating: low References: #1035227 #972164 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides dnsmasq 2.76, which brings many fixes and enhancements: - Fix PXE booting for UEFI architectures (fate#322030). - Prevent a man-in-the-middle attack (bsc#972164, fate#321175). This update brings a (small) potential incompatibility in the handling of "basename" in --pxe-service. Please read the CHANGELOG and the documentation if you are using this option. For a comprehensive list of changes, please refer to http://www.thekelleys.org.uk/dnsmasq/CHANGELOG Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-785=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-785=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-785=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-785=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-785=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-785=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-785=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 x86_64): dnsmasq-debuginfo-2.76-17.1 dnsmasq-debugsource-2.76-17.1 dnsmasq-utils-2.76-17.1 dnsmasq-utils-debuginfo-2.76-17.1 - SUSE OpenStack Cloud 6 (x86_64): dnsmasq-debuginfo-2.76-17.1 dnsmasq-debugsource-2.76-17.1 dnsmasq-utils-2.76-17.1 dnsmasq-utils-debuginfo-2.76-17.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dnsmasq-2.76-17.1 dnsmasq-debuginfo-2.76-17.1 dnsmasq-debugsource-2.76-17.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dnsmasq-2.76-17.1 dnsmasq-debuginfo-2.76-17.1 dnsmasq-debugsource-2.76-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dnsmasq-2.76-17.1 dnsmasq-debuginfo-2.76-17.1 dnsmasq-debugsource-2.76-17.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dnsmasq-2.76-17.1 dnsmasq-debuginfo-2.76-17.1 dnsmasq-debugsource-2.76-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dnsmasq-2.76-17.1 dnsmasq-debuginfo-2.76-17.1 dnsmasq-debugsource-2.76-17.1 References: https://bugzilla.suse.com/1035227 https://bugzilla.suse.com/972164 From sle-updates at lists.suse.com Tue May 16 10:11:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 18:11:17 +0200 (CEST) Subject: SUSE-SU-2017:1305-1: moderate: Security update for Botan Message-ID: <20170516161117.14D40101C5@maintenance.suse.de> SUSE Security Update: Security update for Botan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1305-1 Rating: moderate References: #1013209 #968030 Cross-References: CVE-2015-7827 CVE-2016-9132 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for Botan fixes the following issues: - CVE-2015-7827: PKCS #1 v1.5 decoding was not constant time, it could be used to mount a Bleichenbacher million-message attack (bsc#968030) - CVE-2016-9132: While decoding BER length fields, an integer overflow could occur leading to a denial-of-service (bsc#1013209) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-Botan-13106=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-Botan-13106=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libbotan-devel-1.6.5-4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): Botan-debuginfo-1.6.5-4.1 Botan-debugsource-1.6.5-4.1 References: https://www.suse.com/security/cve/CVE-2015-7827.html https://www.suse.com/security/cve/CVE-2016-9132.html https://bugzilla.suse.com/1013209 https://bugzilla.suse.com/968030 From sle-updates at lists.suse.com Tue May 16 10:11:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 18:11:54 +0200 (CEST) Subject: SUSE-SU-2017:1306-1: important: Security update for libtirpc Message-ID: <20170516161154.9C4B5101C5@maintenance.suse.de> SUSE Security Update: Security update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1306-1 Rating: important References: #1037559 Cross-References: CVE-2017-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtirpc fixes the following issues: - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-788=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-788=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-788=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtirpc-debugsource-0.2.3-13.3.1 libtirpc-devel-0.2.3-13.3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtirpc-debugsource-0.2.3-13.3.1 libtirpc1-0.2.3-13.3.1 libtirpc1-debuginfo-0.2.3-13.3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtirpc1-32bit-0.2.3-13.3.1 libtirpc1-debuginfo-32bit-0.2.3-13.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtirpc-debugsource-0.2.3-13.3.1 libtirpc1-0.2.3-13.3.1 libtirpc1-32bit-0.2.3-13.3.1 libtirpc1-debuginfo-0.2.3-13.3.1 libtirpc1-debuginfo-32bit-0.2.3-13.3.1 References: https://www.suse.com/security/cve/CVE-2017-8779.html https://bugzilla.suse.com/1037559 From sle-updates at lists.suse.com Tue May 16 10:12:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 18:12:26 +0200 (CEST) Subject: SUSE-RU-2017:1307-1: Recommended update for util-linux Message-ID: <20170516161226.64C74101C5@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1307-1 Rating: low References: #1020034 #1030763 #1033718 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for util-linux provides the following fixes: - Prefer sysfs exported SMBIOS3 tables in lscpu(1). (bsc#1033718) - Ensure that utab.lock is always created with correct mode. (bsc#1030763) - Make CD-ROM errors non fatal, fixing reading of Multi Mode CDs. (bsc#1020034) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-791=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-791=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-791=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-791=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-791=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-791=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libuuid-devel-2.28-44.6.1 util-linux-debuginfo-2.28-44.6.1 util-linux-debugsource-2.28-44.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.28-44.6.1 libmount-devel-2.28-44.6.1 libsmartcols-devel-2.28-44.6.1 libuuid-devel-2.28-44.6.1 util-linux-debuginfo-2.28-44.6.1 util-linux-debugsource-2.28-44.6.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libblkid1-2.28-44.6.1 libblkid1-debuginfo-2.28-44.6.1 libfdisk1-2.28-44.6.1 libfdisk1-debuginfo-2.28-44.6.1 libmount1-2.28-44.6.1 libmount1-debuginfo-2.28-44.6.1 libsmartcols1-2.28-44.6.1 libsmartcols1-debuginfo-2.28-44.6.1 libuuid1-2.28-44.6.1 libuuid1-debuginfo-2.28-44.6.1 python-libmount-2.28-44.6.2 python-libmount-debuginfo-2.28-44.6.2 python-libmount-debugsource-2.28-44.6.2 util-linux-2.28-44.6.1 util-linux-debuginfo-2.28-44.6.1 util-linux-debugsource-2.28-44.6.1 util-linux-systemd-2.28-44.6.2 util-linux-systemd-debuginfo-2.28-44.6.2 util-linux-systemd-debugsource-2.28-44.6.2 uuidd-2.28-44.6.2 uuidd-debuginfo-2.28-44.6.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): util-linux-lang-2.28-44.6.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libblkid1-2.28-44.6.1 libblkid1-debuginfo-2.28-44.6.1 libfdisk1-2.28-44.6.1 libfdisk1-debuginfo-2.28-44.6.1 libmount1-2.28-44.6.1 libmount1-debuginfo-2.28-44.6.1 libsmartcols1-2.28-44.6.1 libsmartcols1-debuginfo-2.28-44.6.1 libuuid1-2.28-44.6.1 libuuid1-debuginfo-2.28-44.6.1 python-libmount-2.28-44.6.2 python-libmount-debuginfo-2.28-44.6.2 python-libmount-debugsource-2.28-44.6.2 util-linux-2.28-44.6.1 util-linux-debuginfo-2.28-44.6.1 util-linux-debugsource-2.28-44.6.1 util-linux-systemd-2.28-44.6.2 util-linux-systemd-debuginfo-2.28-44.6.2 util-linux-systemd-debugsource-2.28-44.6.2 uuidd-2.28-44.6.2 uuidd-debuginfo-2.28-44.6.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): util-linux-lang-2.28-44.6.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libblkid1-32bit-2.28-44.6.1 libblkid1-debuginfo-32bit-2.28-44.6.1 libmount1-32bit-2.28-44.6.1 libmount1-debuginfo-32bit-2.28-44.6.1 libuuid1-32bit-2.28-44.6.1 libuuid1-debuginfo-32bit-2.28-44.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): util-linux-lang-2.28-44.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libblkid1-2.28-44.6.1 libblkid1-32bit-2.28-44.6.1 libblkid1-debuginfo-2.28-44.6.1 libblkid1-debuginfo-32bit-2.28-44.6.1 libfdisk1-2.28-44.6.1 libfdisk1-debuginfo-2.28-44.6.1 libmount1-2.28-44.6.1 libmount1-32bit-2.28-44.6.1 libmount1-debuginfo-2.28-44.6.1 libmount1-debuginfo-32bit-2.28-44.6.1 libsmartcols1-2.28-44.6.1 libsmartcols1-debuginfo-2.28-44.6.1 libuuid-devel-2.28-44.6.1 libuuid1-2.28-44.6.1 libuuid1-32bit-2.28-44.6.1 libuuid1-debuginfo-2.28-44.6.1 libuuid1-debuginfo-32bit-2.28-44.6.1 python-libmount-2.28-44.6.2 python-libmount-debuginfo-2.28-44.6.2 python-libmount-debugsource-2.28-44.6.2 util-linux-2.28-44.6.1 util-linux-debuginfo-2.28-44.6.1 util-linux-debugsource-2.28-44.6.1 util-linux-systemd-2.28-44.6.2 util-linux-systemd-debuginfo-2.28-44.6.2 util-linux-systemd-debugsource-2.28-44.6.2 uuidd-2.28-44.6.2 uuidd-debuginfo-2.28-44.6.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libblkid1-2.28-44.6.1 libblkid1-debuginfo-2.28-44.6.1 libfdisk1-2.28-44.6.1 libfdisk1-debuginfo-2.28-44.6.1 libmount1-2.28-44.6.1 libmount1-debuginfo-2.28-44.6.1 libsmartcols1-2.28-44.6.1 libsmartcols1-debuginfo-2.28-44.6.1 libuuid1-2.28-44.6.1 libuuid1-debuginfo-2.28-44.6.1 util-linux-2.28-44.6.1 util-linux-debuginfo-2.28-44.6.1 util-linux-debugsource-2.28-44.6.1 util-linux-systemd-2.28-44.6.2 util-linux-systemd-debuginfo-2.28-44.6.2 util-linux-systemd-debugsource-2.28-44.6.2 References: https://bugzilla.suse.com/1020034 https://bugzilla.suse.com/1030763 https://bugzilla.suse.com/1033718 From sle-updates at lists.suse.com Tue May 16 10:13:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 18:13:16 +0200 (CEST) Subject: SUSE-SU-2017:1308-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP2 Message-ID: <20170516161316.81341101C5@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1308-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.49-92_14 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-786=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_14-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-updates at lists.suse.com Tue May 16 10:14:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 18:14:02 +0200 (CEST) Subject: SUSE-RU-2017:1309-1: Recommended update for util-linux Message-ID: <20170516161402.AD271101C5@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1309-1 Rating: low References: #1030763 #1033718 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for util-linux provides the following fixes: - Prefer sysfs exported SMBIOS3 tables in lscpu(1). (bsc#1033718) - Ensure that utab.lock is always created with correct mode. (bsc#1030763) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-790=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-790=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-790=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-790=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libuuid-devel-2.25-43.1 util-linux-debuginfo-2.25-43.1 util-linux-debugsource-2.25-43.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libblkid-devel-2.25-43.1 libmount-devel-2.25-43.1 libsmartcols-devel-2.25-43.1 libuuid-devel-2.25-43.1 util-linux-debuginfo-2.25-43.1 util-linux-debugsource-2.25-43.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libblkid1-2.25-43.1 libblkid1-debuginfo-2.25-43.1 libmount1-2.25-43.1 libmount1-debuginfo-2.25-43.1 libsmartcols1-2.25-43.1 libsmartcols1-debuginfo-2.25-43.1 libuuid1-2.25-43.1 libuuid1-debuginfo-2.25-43.1 python-libmount-2.25-43.1 python-libmount-debuginfo-2.25-43.1 python-libmount-debugsource-2.25-43.1 util-linux-2.25-43.1 util-linux-debuginfo-2.25-43.1 util-linux-debugsource-2.25-43.1 util-linux-systemd-2.25-43.1 util-linux-systemd-debuginfo-2.25-43.1 util-linux-systemd-debugsource-2.25-43.1 uuidd-2.25-43.1 uuidd-debuginfo-2.25-43.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libblkid1-32bit-2.25-43.1 libblkid1-debuginfo-32bit-2.25-43.1 libmount1-32bit-2.25-43.1 libmount1-debuginfo-32bit-2.25-43.1 libuuid1-32bit-2.25-43.1 libuuid1-debuginfo-32bit-2.25-43.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): util-linux-lang-2.25-43.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): util-linux-lang-2.25-43.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libblkid1-2.25-43.1 libblkid1-32bit-2.25-43.1 libblkid1-debuginfo-2.25-43.1 libblkid1-debuginfo-32bit-2.25-43.1 libmount1-2.25-43.1 libmount1-32bit-2.25-43.1 libmount1-debuginfo-2.25-43.1 libmount1-debuginfo-32bit-2.25-43.1 libsmartcols1-2.25-43.1 libsmartcols1-debuginfo-2.25-43.1 libuuid-devel-2.25-43.1 libuuid1-2.25-43.1 libuuid1-32bit-2.25-43.1 libuuid1-debuginfo-2.25-43.1 libuuid1-debuginfo-32bit-2.25-43.1 python-libmount-2.25-43.1 python-libmount-debuginfo-2.25-43.1 python-libmount-debugsource-2.25-43.1 util-linux-2.25-43.1 util-linux-debuginfo-2.25-43.1 util-linux-debugsource-2.25-43.1 util-linux-systemd-2.25-43.1 util-linux-systemd-debuginfo-2.25-43.1 util-linux-systemd-debugsource-2.25-43.1 uuidd-2.25-43.1 uuidd-debuginfo-2.25-43.1 References: https://bugzilla.suse.com/1030763 https://bugzilla.suse.com/1033718 From sle-updates at lists.suse.com Tue May 16 10:14:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 18:14:33 +0200 (CEST) Subject: SUSE-RU-2017:1310-1: Recommended update for autofs Message-ID: <20170516161433.753EA101C5@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1310-1 Rating: low References: #1031533 #998078 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for autofs fixes the following issues: - Do not add wildcard key to negative cache. (bsc#1031533) - Fix typo in DEFAULT_AUTH_CONFIG_FILE definition. (bsc#998078) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-789=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-789=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): autofs-5.0.9-20.7.1 autofs-debuginfo-5.0.9-20.7.1 autofs-debugsource-5.0.9-20.7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): autofs-5.0.9-20.7.1 autofs-debuginfo-5.0.9-20.7.1 autofs-debugsource-5.0.9-20.7.1 References: https://bugzilla.suse.com/1031533 https://bugzilla.suse.com/998078 From sle-updates at lists.suse.com Tue May 16 13:09:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 21:09:26 +0200 (CEST) Subject: SUSE-SU-2017:1311-1: important: Security update for mariadb Message-ID: <20170516190926.66680101C5@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1311-1 Rating: important References: #1020890 #1020976 #1022428 #1034911 Cross-References: CVE-2017-3302 CVE-2017-3313 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for mariadb fixes the following issues: - update to MariaDB 10.0.30 GA * notable changes: * XtraDB updated to 5.6.35-80.0 * TokuDB updated to 5.6.35-80.0 * PCRE updated to 8.40 * MDEV-11027: better InnoDB crash recovery progress reporting * MDEV-11520: improvements to how InnoDB data files are extended * Improvements to InnoDB startup/shutdown to make it more robust * MDEV-11233: fix for FULLTEXT index crash * MDEV-6143: MariaDB Linux binary tarballs will now always untar to directories that match their filename * release notes and changelog: * https://kb.askmonty.org/en/mariadb-10030-release-notes * https://kb.askmonty.org/en/mariadb-10030-changelog * fixes the following CVEs: CVE-2017-3313: unspecified vulnerability affecting the MyISAM component [bsc#1020890] CVE-2017-3302: Use after free in libmysqlclient.so [bsc#1022428] - set the default umask to 077 in rc.mysql-multi [bsc#1020976] - [bsc#1034911] - tracker bug - increase build disk size from 10 GB to 13 GB in order to fix build for aarch64 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-792=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-792=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libmysqlclient-devel-10.0.30-20.26.1 libmysqlclient18-10.0.30-20.26.1 libmysqlclient18-32bit-10.0.30-20.26.1 libmysqlclient18-debuginfo-10.0.30-20.26.1 libmysqlclient18-debuginfo-32bit-10.0.30-20.26.1 libmysqlclient_r18-10.0.30-20.26.1 libmysqld-devel-10.0.30-20.26.1 libmysqld18-10.0.30-20.26.1 libmysqld18-debuginfo-10.0.30-20.26.1 mariadb-10.0.30-20.26.1 mariadb-client-10.0.30-20.26.1 mariadb-client-debuginfo-10.0.30-20.26.1 mariadb-debuginfo-10.0.30-20.26.1 mariadb-debugsource-10.0.30-20.26.1 mariadb-errormessages-10.0.30-20.26.1 mariadb-tools-10.0.30-20.26.1 mariadb-tools-debuginfo-10.0.30-20.26.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libmysqlclient-devel-10.0.30-20.26.1 libmysqlclient18-10.0.30-20.26.1 libmysqlclient18-32bit-10.0.30-20.26.1 libmysqlclient18-debuginfo-10.0.30-20.26.1 libmysqlclient18-debuginfo-32bit-10.0.30-20.26.1 libmysqlclient_r18-10.0.30-20.26.1 libmysqld-devel-10.0.30-20.26.1 libmysqld18-10.0.30-20.26.1 libmysqld18-debuginfo-10.0.30-20.26.1 mariadb-10.0.30-20.26.1 mariadb-client-10.0.30-20.26.1 mariadb-client-debuginfo-10.0.30-20.26.1 mariadb-debuginfo-10.0.30-20.26.1 mariadb-debugsource-10.0.30-20.26.1 mariadb-errormessages-10.0.30-20.26.1 mariadb-tools-10.0.30-20.26.1 mariadb-tools-debuginfo-10.0.30-20.26.1 References: https://www.suse.com/security/cve/CVE-2017-3302.html https://www.suse.com/security/cve/CVE-2017-3313.html https://bugzilla.suse.com/1020890 https://bugzilla.suse.com/1020976 https://bugzilla.suse.com/1022428 https://bugzilla.suse.com/1034911 From sle-updates at lists.suse.com Tue May 16 13:12:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 21:12:50 +0200 (CEST) Subject: SUSE-SU-2017:1313-1: moderate: Security update for libxslt Message-ID: <20170516191250.A7FBB101C5@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1313-1 Rating: moderate References: #1005591 #1035905 #934119 #952474 Cross-References: CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute" in preproc.c could cause a type confusion leading to DoS. (bsc#952474) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-793=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-793=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-793=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-793=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-793=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-793=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-793=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-16.1 libxslt-devel-1.1.28-16.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxslt-debugsource-1.1.28-16.1 libxslt-devel-1.1.28-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxslt-debugsource-1.1.28-16.1 libxslt-tools-1.1.28-16.1 libxslt-tools-debuginfo-1.1.28-16.1 libxslt1-1.1.28-16.1 libxslt1-debuginfo-1.1.28-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libxslt-debugsource-1.1.28-16.1 libxslt-tools-1.1.28-16.1 libxslt-tools-debuginfo-1.1.28-16.1 libxslt1-1.1.28-16.1 libxslt1-debuginfo-1.1.28-16.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libxslt1-32bit-1.1.28-16.1 libxslt1-debuginfo-32bit-1.1.28-16.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libxslt-debugsource-1.1.28-16.1 libxslt-tools-1.1.28-16.1 libxslt-tools-debuginfo-1.1.28-16.1 libxslt1-1.1.28-16.1 libxslt1-debuginfo-1.1.28-16.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libxslt1-32bit-1.1.28-16.1 libxslt1-debuginfo-32bit-1.1.28-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libxslt-debugsource-1.1.28-16.1 libxslt-tools-1.1.28-16.1 libxslt-tools-debuginfo-1.1.28-16.1 libxslt1-1.1.28-16.1 libxslt1-32bit-1.1.28-16.1 libxslt1-debuginfo-1.1.28-16.1 libxslt1-debuginfo-32bit-1.1.28-16.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libxslt-debugsource-1.1.28-16.1 libxslt-tools-1.1.28-16.1 libxslt-tools-debuginfo-1.1.28-16.1 libxslt1-1.1.28-16.1 libxslt1-32bit-1.1.28-16.1 libxslt1-debuginfo-1.1.28-16.1 libxslt1-debuginfo-32bit-1.1.28-16.1 References: https://www.suse.com/security/cve/CVE-2015-7995.html https://www.suse.com/security/cve/CVE-2015-9019.html https://www.suse.com/security/cve/CVE-2016-4738.html https://www.suse.com/security/cve/CVE-2017-5029.html https://bugzilla.suse.com/1005591 https://bugzilla.suse.com/1035905 https://bugzilla.suse.com/934119 https://bugzilla.suse.com/952474 From sle-updates at lists.suse.com Tue May 16 13:13:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 21:13:40 +0200 (CEST) Subject: SUSE-SU-2017:1314-1: important: Security update for libtirpc Message-ID: <20170516191340.E9A7C101C5@maintenance.suse.de> SUSE Security Update: Security update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1314-1 Rating: important References: #1037559 Cross-References: CVE-2017-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtirpc fixes the following issues: - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-796=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-796=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-796=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-796=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-16.1 libtirpc-devel-1.0.1-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libtirpc-debugsource-1.0.1-16.1 libtirpc-netconfig-1.0.1-16.1 libtirpc3-1.0.1-16.1 libtirpc3-debuginfo-1.0.1-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libtirpc-debugsource-1.0.1-16.1 libtirpc-netconfig-1.0.1-16.1 libtirpc3-1.0.1-16.1 libtirpc3-debuginfo-1.0.1-16.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libtirpc3-32bit-1.0.1-16.1 libtirpc3-debuginfo-32bit-1.0.1-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libtirpc-debugsource-1.0.1-16.1 libtirpc-netconfig-1.0.1-16.1 libtirpc3-1.0.1-16.1 libtirpc3-32bit-1.0.1-16.1 libtirpc3-debuginfo-1.0.1-16.1 libtirpc3-debuginfo-32bit-1.0.1-16.1 References: https://www.suse.com/security/cve/CVE-2017-8779.html https://bugzilla.suse.com/1037559 From sle-updates at lists.suse.com Tue May 16 13:14:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 21:14:06 +0200 (CEST) Subject: SUSE-SU-2017:1315-1: important: Security update for mariadb Message-ID: <20170516191406.91F05101C5@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1315-1 Rating: important References: #1020868 #1020890 #1020976 #1022428 #1034911 #996821 Cross-References: CVE-2017-3302 CVE-2017-3313 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for mariadb fixes the following issues: - update to MariaDB 10.0.30 GA * notable changes: * XtraDB updated to 5.6.35-80.0 * TokuDB updated to 5.6.35-80.0 * PCRE updated to 8.40 * MDEV-11027: better InnoDB crash recovery progress reporting * MDEV-11520: improvements to how InnoDB data files are extended * Improvements to InnoDB startup/shutdown to make it more robust * MDEV-11233: fix for FULLTEXT index crash * MDEV-6143: MariaDB Linux binary tarballs will now always untar to directories that match their filename * release notes and changelog: * https://kb.askmonty.org/en/mariadb-10030-release-notes * https://kb.askmonty.org/en/mariadb-10030-changelog * fixes the following CVEs: CVE-2017-3313: unspecified vulnerability affecting the MyISAM component [bsc#1020890] CVE-2017-3302: Use after free in libmysqlclient.so [bsc#1022428] - set the default umask to 077 in mysql-systemd-helper [bsc#1020976] - [bsc#1034911] - tracker bug * fixes also [bsc#1020868] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-795=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-795=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-795=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-795=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-795=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-795=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-795=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-795=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-795=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libmysqlclient_r18-10.0.30-25.1 libmysqlclient_r18-32bit-10.0.30-25.1 mariadb-debuginfo-10.0.30-25.1 mariadb-debugsource-10.0.30-25.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.30-25.1 libmysqlclient_r18-32bit-10.0.30-25.1 mariadb-debuginfo-10.0.30-25.1 mariadb-debugsource-10.0.30-25.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.30-25.1 libmysqlclient_r18-10.0.30-25.1 libmysqld-devel-10.0.30-25.1 libmysqld18-10.0.30-25.1 libmysqld18-debuginfo-10.0.30-25.1 mariadb-debuginfo-10.0.30-25.1 mariadb-debugsource-10.0.30-25.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.30-25.1 libmysqlclient_r18-10.0.30-25.1 libmysqld-devel-10.0.30-25.1 libmysqld18-10.0.30-25.1 libmysqld18-debuginfo-10.0.30-25.1 mariadb-debuginfo-10.0.30-25.1 mariadb-debugsource-10.0.30-25.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmysqlclient18-10.0.30-25.1 libmysqlclient18-debuginfo-10.0.30-25.1 mariadb-10.0.30-25.1 mariadb-client-10.0.30-25.1 mariadb-client-debuginfo-10.0.30-25.1 mariadb-debuginfo-10.0.30-25.1 mariadb-debugsource-10.0.30-25.1 mariadb-errormessages-10.0.30-25.1 mariadb-tools-10.0.30-25.1 mariadb-tools-debuginfo-10.0.30-25.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libmysqlclient18-10.0.30-25.1 libmysqlclient18-debuginfo-10.0.30-25.1 mariadb-10.0.30-25.1 mariadb-client-10.0.30-25.1 mariadb-client-debuginfo-10.0.30-25.1 mariadb-debuginfo-10.0.30-25.1 mariadb-debugsource-10.0.30-25.1 mariadb-errormessages-10.0.30-25.1 mariadb-tools-10.0.30-25.1 mariadb-tools-debuginfo-10.0.30-25.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libmysqlclient18-32bit-10.0.30-25.1 libmysqlclient18-debuginfo-32bit-10.0.30-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.30-25.1 libmysqlclient18-debuginfo-10.0.30-25.1 mariadb-10.0.30-25.1 mariadb-client-10.0.30-25.1 mariadb-client-debuginfo-10.0.30-25.1 mariadb-debuginfo-10.0.30-25.1 mariadb-debugsource-10.0.30-25.1 mariadb-errormessages-10.0.30-25.1 mariadb-tools-10.0.30-25.1 mariadb-tools-debuginfo-10.0.30-25.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.30-25.1 libmysqlclient18-debuginfo-32bit-10.0.30-25.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libmysqlclient18-10.0.30-25.1 libmysqlclient18-32bit-10.0.30-25.1 libmysqlclient18-debuginfo-10.0.30-25.1 libmysqlclient18-debuginfo-32bit-10.0.30-25.1 libmysqlclient_r18-10.0.30-25.1 libmysqlclient_r18-32bit-10.0.30-25.1 mariadb-10.0.30-25.1 mariadb-client-10.0.30-25.1 mariadb-client-debuginfo-10.0.30-25.1 mariadb-debuginfo-10.0.30-25.1 mariadb-debugsource-10.0.30-25.1 mariadb-errormessages-10.0.30-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.30-25.1 libmysqlclient18-32bit-10.0.30-25.1 libmysqlclient18-debuginfo-10.0.30-25.1 libmysqlclient18-debuginfo-32bit-10.0.30-25.1 libmysqlclient_r18-10.0.30-25.1 libmysqlclient_r18-32bit-10.0.30-25.1 mariadb-10.0.30-25.1 mariadb-client-10.0.30-25.1 mariadb-client-debuginfo-10.0.30-25.1 mariadb-debuginfo-10.0.30-25.1 mariadb-debugsource-10.0.30-25.1 mariadb-errormessages-10.0.30-25.1 References: https://www.suse.com/security/cve/CVE-2017-3302.html https://www.suse.com/security/cve/CVE-2017-3313.html https://bugzilla.suse.com/1020868 https://bugzilla.suse.com/1020890 https://bugzilla.suse.com/1020976 https://bugzilla.suse.com/1022428 https://bugzilla.suse.com/1034911 https://bugzilla.suse.com/996821 From sle-updates at lists.suse.com Tue May 16 13:15:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 21:15:06 +0200 (CEST) Subject: SUSE-SU-2017:1316-1: moderate: Security update for rubygem-passenger Message-ID: <20170516191506.24665101C5@maintenance.suse.de> SUSE Security Update: Security update for rubygem-passenger ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1316-1 Rating: moderate References: #1034594 Cross-References: CVE-2016-10345 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-passenger fixes this security issue: - CVE-2016-10345: A known /tmp filename was used during passenger-install-nginx-module execution, which could have allowed local attackers to gain the privileges of the passenger user (bsc#1034594). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-rubygem-passenger-13107=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-passenger-13107=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-passenger-13107=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-passenger-3.0.14-0.17.1 rubygem-passenger-nginx-3.0.14-0.17.1 - SUSE Studio Onsite 1.3 (x86_64): rubygem-passenger-3.0.14-0.17.1 rubygem-passenger-nginx-3.0.14-0.17.1 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-passenger-3.0.14-0.17.1 rubygem-passenger-apache2-3.0.14-0.17.1 rubygem-passenger-nginx-3.0.14-0.17.1 References: https://www.suse.com/security/cve/CVE-2016-10345.html https://bugzilla.suse.com/1034594 From sle-updates at lists.suse.com Tue May 16 13:15:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 21:15:41 +0200 (CEST) Subject: SUSE-SU-2017:1317-1: moderate: Security update for bash Message-ID: <20170516191541.623B3101C5@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1317-1 Rating: moderate References: #1010845 #1035371 Cross-References: CVE-2016-9401 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr(1) inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-794=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-794=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-794=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-794=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-794=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-794=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): bash-lang-4.3-82.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-82.1 bash-debugsource-4.3-82.1 bash-devel-4.3-82.1 readline-devel-6.3-82.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bash-4.3-82.1 bash-debuginfo-4.3-82.1 bash-debugsource-4.3-82.1 libreadline6-6.3-82.1 libreadline6-debuginfo-6.3-82.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bash-doc-4.3-82.1 readline-doc-6.3-82.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): bash-4.3-82.1 bash-debuginfo-4.3-82.1 bash-debugsource-4.3-82.1 libreadline6-6.3-82.1 libreadline6-debuginfo-6.3-82.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bash-doc-4.3-82.1 readline-doc-6.3-82.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libreadline6-32bit-6.3-82.1 libreadline6-debuginfo-32bit-6.3-82.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bash-4.3-82.1 bash-debuginfo-4.3-82.1 bash-debugsource-4.3-82.1 libreadline6-32bit-6.3-82.1 libreadline6-6.3-82.1 libreadline6-debuginfo-32bit-6.3-82.1 libreadline6-debuginfo-6.3-82.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): bash-doc-4.3-82.1 bash-lang-4.3-82.1 readline-doc-6.3-82.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): bash-4.3-82.1 bash-debuginfo-4.3-82.1 bash-debugsource-4.3-82.1 libreadline6-6.3-82.1 libreadline6-debuginfo-6.3-82.1 References: https://www.suse.com/security/cve/CVE-2016-9401.html https://bugzilla.suse.com/1010845 https://bugzilla.suse.com/1035371 From sle-updates at lists.suse.com Tue May 16 13:16:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 May 2017 21:16:35 +0200 (CEST) Subject: SUSE-RU-2017:1319-1: Recommended update for vsftpd Message-ID: <20170516191635.C268F101C5@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1319-1 Rating: low References: #1012814 #1024961 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for vsftpd provides the following fix: - Fix interoperability with ftp clients when vsftpd is configured with option "use_localtime=YES" (bsc#1024961) - Enable ECDH based perfect forward secrecy in the SSL mode and use the "DEFAULT" openssl cipher list as default instead of 3DES. This update also provides a new vsftpd-openssl1 package in the SECURITY Module, to offer TLS 1.2 support, which can be installed additionaly. If you are using vsftpd started from sysvinit, the sysvinit init script will select the TLS 1.2 version automatically when the package is installed. If you are using vsftpd started from the XINETD service file, please change the "server" value in the /etc/xinetd.d/vsftpd file from /usr/sbin/vsftpd to /opt/suse/sbin/vsftpd. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-vsftpd-13108=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-vsftpd-13108=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-vsftpd-13108=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): vsftpd-2.0.7-4.43.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): vsftpd-openssl1-2.0.7-4.43.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): vsftpd-debuginfo-2.0.7-4.43.1 vsftpd-debugsource-2.0.7-4.43.1 References: https://bugzilla.suse.com/1012814 https://bugzilla.suse.com/1024961 From sle-updates at lists.suse.com Tue May 16 22:10:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2017 06:10:08 +0200 (CEST) Subject: SUSE-RU-2017:1321-1: Recommended update for glibc Message-ID: <20170517041008.C346D101C5@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1321-1 Rating: low References: #1026224 #1035445 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for glibc introduces basic support for IBM POWER9 systems. Additionally, an improper assert in dlclose() has been removed. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-799=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-799=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-799=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-799=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-799=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-56.1 glibc-debugsource-2.22-56.1 glibc-devel-static-2.22-56.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): glibc-info-2.22-56.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): glibc-2.22-56.1 glibc-debuginfo-2.22-56.1 glibc-debugsource-2.22-56.1 glibc-devel-2.22-56.1 glibc-devel-debuginfo-2.22-56.1 glibc-locale-2.22-56.1 glibc-locale-debuginfo-2.22-56.1 glibc-profile-2.22-56.1 nscd-2.22-56.1 nscd-debuginfo-2.22-56.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): glibc-html-2.22-56.1 glibc-i18ndata-2.22-56.1 glibc-info-2.22-56.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): glibc-2.22-56.1 glibc-debuginfo-2.22-56.1 glibc-debugsource-2.22-56.1 glibc-devel-2.22-56.1 glibc-devel-debuginfo-2.22-56.1 glibc-locale-2.22-56.1 glibc-locale-debuginfo-2.22-56.1 glibc-profile-2.22-56.1 nscd-2.22-56.1 nscd-debuginfo-2.22-56.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): glibc-32bit-2.22-56.1 glibc-debuginfo-32bit-2.22-56.1 glibc-devel-32bit-2.22-56.1 glibc-devel-debuginfo-32bit-2.22-56.1 glibc-locale-32bit-2.22-56.1 glibc-locale-debuginfo-32bit-2.22-56.1 glibc-profile-32bit-2.22-56.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): glibc-html-2.22-56.1 glibc-i18ndata-2.22-56.1 glibc-info-2.22-56.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): glibc-i18ndata-2.22-56.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): glibc-2.22-56.1 glibc-32bit-2.22-56.1 glibc-debuginfo-2.22-56.1 glibc-debuginfo-32bit-2.22-56.1 glibc-debugsource-2.22-56.1 glibc-devel-2.22-56.1 glibc-devel-32bit-2.22-56.1 glibc-devel-debuginfo-2.22-56.1 glibc-devel-debuginfo-32bit-2.22-56.1 glibc-locale-2.22-56.1 glibc-locale-32bit-2.22-56.1 glibc-locale-debuginfo-2.22-56.1 glibc-locale-debuginfo-32bit-2.22-56.1 nscd-2.22-56.1 nscd-debuginfo-2.22-56.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glibc-2.22-56.1 glibc-debuginfo-2.22-56.1 glibc-debugsource-2.22-56.1 glibc-locale-2.22-56.1 glibc-locale-debuginfo-2.22-56.1 References: https://bugzilla.suse.com/1026224 https://bugzilla.suse.com/1035445 From sle-updates at lists.suse.com Wed May 17 04:09:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2017 12:09:27 +0200 (CEST) Subject: SUSE-SU-2017:1322-1: important: Security update for ghostscript-library Message-ID: <20170517100927.E42C8101C5@maintenance.suse.de> SUSE Security Update: Security update for ghostscript-library ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1322-1 Rating: important References: #1036453 Cross-References: CVE-2017-8291 Affected Products: SUSE OpenStack Cloud 5 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following security vulnerability: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) This update is a reissue including the SUSE Linux Enterprise 11 SP3 product. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ghostscript-library-13109=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ghostscript-library-13109=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ghostscript-library-13109=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ghostscript-library-13109=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ghostscript-library-13109=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ghostscript-library-13109=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ghostscript-library-13109=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ghostscript-fonts-other-8.62-32.46.1 ghostscript-fonts-rus-8.62-32.46.1 ghostscript-fonts-std-8.62-32.46.1 ghostscript-library-8.62-32.46.1 ghostscript-omni-8.62-32.46.1 ghostscript-x11-8.62-32.46.1 libgimpprint-4.2.7-32.46.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.46.1 ghostscript-ijs-devel-8.62-32.46.1 libgimpprint-devel-4.2.7-32.46.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.46.1 ghostscript-fonts-rus-8.62-32.46.1 ghostscript-fonts-std-8.62-32.46.1 ghostscript-library-8.62-32.46.1 ghostscript-omni-8.62-32.46.1 ghostscript-x11-8.62-32.46.1 libgimpprint-4.2.7-32.46.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ghostscript-fonts-other-8.62-32.46.1 ghostscript-fonts-rus-8.62-32.46.1 ghostscript-fonts-std-8.62-32.46.1 ghostscript-library-8.62-32.46.1 ghostscript-omni-8.62-32.46.1 ghostscript-x11-8.62-32.46.1 libgimpprint-4.2.7-32.46.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ghostscript-fonts-other-8.62-32.46.1 ghostscript-fonts-rus-8.62-32.46.1 ghostscript-fonts-std-8.62-32.46.1 ghostscript-library-8.62-32.46.1 ghostscript-omni-8.62-32.46.1 ghostscript-x11-8.62-32.46.1 libgimpprint-4.2.7-32.46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-library-debuginfo-8.62-32.46.1 ghostscript-library-debugsource-8.62-32.46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ghostscript-library-debuginfo-8.62-32.46.1 ghostscript-library-debugsource-8.62-32.46.1 References: https://www.suse.com/security/cve/CVE-2017-8291.html https://bugzilla.suse.com/1036453 From sle-updates at lists.suse.com Wed May 17 13:09:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 May 2017 21:09:33 +0200 (CEST) Subject: SUSE-RU-2017:1325-1: Recommended update for s390-tools Message-ID: <20170517190933.A5F80101C5@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1325-1 Rating: low References: #1010937 #1023017 #991488 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for s390-tools fixes the following issues: - lscss: Allow to specify devices from ssid > 2. (bsc#1023017) - libu2s: Fix busid parsing. (bsc#991488) - zipl: Fix failed start sub-channel in FBA loader. (bsc#991488) - zipl: Fix segmentation fault for -d on multipath targets. (bsc#1010937) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-s390-tools-13110=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-s390-tools-13110=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (s390x): osasnmpd-1.15.0-0.165.3 s390-tools-1.15.0-0.165.3 s390-tools-zdsfs-1.15.0-0.165.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (s390x): s390-tools-debuginfo-1.15.0-0.165.3 s390-tools-debugsource-1.15.0-0.165.3 References: https://bugzilla.suse.com/1010937 https://bugzilla.suse.com/1023017 https://bugzilla.suse.com/991488 From sle-updates at lists.suse.com Thu May 18 10:09:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:09:50 +0200 (CEST) Subject: SUSE-SU-2017:1328-1: important: Security update for rpcbind Message-ID: <20170518160950.804DE101C6@maintenance.suse.de> SUSE Security Update: Security update for rpcbind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1328-1 Rating: important References: #1037559 Cross-References: CVE-2017-8779 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-803=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-803=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-803=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): rpcbind-0.2.3-23.1 rpcbind-debuginfo-0.2.3-23.1 rpcbind-debugsource-0.2.3-23.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): rpcbind-0.2.3-23.1 rpcbind-debuginfo-0.2.3-23.1 rpcbind-debugsource-0.2.3-23.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): rpcbind-0.2.3-23.1 rpcbind-debuginfo-0.2.3-23.1 rpcbind-debugsource-0.2.3-23.1 References: https://www.suse.com/security/cve/CVE-2017-8779.html https://bugzilla.suse.com/1037559 From sle-updates at lists.suse.com Thu May 18 10:10:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:10:18 +0200 (CEST) Subject: SUSE-RU-2017:1329-1: Recommended update for SUSEConnect Message-ID: <20170518161018.1D13F101C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1329-1 Rating: low References: #1028660 #1039213 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect implements a new feature to allow users to deactivate modules and extensions. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-807=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-807=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): SUSEConnect-0.3.0-17.8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): SUSEConnect-0.3.0-17.8.1 References: https://bugzilla.suse.com/1028660 https://bugzilla.suse.com/1039213 From sle-updates at lists.suse.com Thu May 18 10:11:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:11:14 +0200 (CEST) Subject: SUSE-RU-2017:1330-1: moderate: Recommended update for dracut Message-ID: <20170518161114.655BF101C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1330-1 Rating: moderate References: #1012656 #1028542 #1032576 #1035743 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Fix assemble of RSTe array on UEFI machines in kdump context. (bsc#1028542) - Better document mkinitrd's -k option. (bsc#1012656) - Fix syntax error in installkernel script. (bsc#1032576) - Fix calculation of network masks. (bsc#1035743) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-809=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-809=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-809=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-809=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dracut-044-109.5.3 dracut-debuginfo-044-109.5.3 dracut-debugsource-044-109.5.3 dracut-fips-044-109.5.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dracut-044-109.5.3 dracut-debuginfo-044-109.5.3 dracut-debugsource-044-109.5.3 dracut-fips-044-109.5.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dracut-044-109.5.3 dracut-debuginfo-044-109.5.3 dracut-debugsource-044-109.5.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): dracut-044-109.5.3 dracut-debuginfo-044-109.5.3 dracut-debugsource-044-109.5.3 References: https://bugzilla.suse.com/1012656 https://bugzilla.suse.com/1028542 https://bugzilla.suse.com/1032576 https://bugzilla.suse.com/1035743 From sle-updates at lists.suse.com Thu May 18 10:12:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:12:13 +0200 (CEST) Subject: SUSE-RU-2017:1331-1: Recommended update for SUSEConnect Message-ID: <20170518161213.A9F03101C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1331-1 Rating: low References: #1028660 #1039213 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect implements a new feature to allow users to deactivate modules and extensions. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-806=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-806=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): SUSEConnect-0.3.0-9.27.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.0-9.27.1 References: https://bugzilla.suse.com/1028660 https://bugzilla.suse.com/1039213 From sle-updates at lists.suse.com Thu May 18 10:12:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:12:45 +0200 (CEST) Subject: SUSE-RU-2017:1332-1: Recommended update for Crowbar and dependencies Message-ID: <20170518161245.1C962101C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for Crowbar and dependencies ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1332-1 Rating: low References: #1001946 #1002734 #1004758 #1005149 #1010211 #1011581 #1011889 #1012173 #1012177 #1012587 #1013250 #1013556 #1014835 #1015266 #1015312 #1015827 #1016033 #1016724 #1017971 #1018110 #1020578 #1020914 #1020957 #1021106 #1021596 #1022074 #1022259 #1023801 #1023834 #1023972 #1024279 #1024907 #1025194 #1025206 #1025309 #1025674 #1026111 #1026837 #1027230 #1029179 #1029180 #1029682 #1030462 #1033488 #1033632 #1037578 #974882 #990745 #993475 #998598 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 50 recommended fixes can now be installed. Description: This update provides the latest version of crowbar, crowbar-core, crowbar-init, crowbar-ceph and its dependencies and brings many fixes and improvements. crowbar: - upgrade: Set status to failed when admin upgrade failed. (bsc#1015312) - upgrade: Make a backup of the important database state. (bsc#1012177) crowbar-ceph: - Fix integration with external ceph clusters. (bsc#1025674) - Fix rgw and mds role search when calculating default pg_num. (bsc#1023801) - Improve node assignment validation. (bsc#1022259) - Fix rgw and mds role search when calculating default pg_num. (bsc#1023801) - Fix integration with external ceph clusters. (bsc#1025674) - Calamari also conflicts with database. (bsc#1001946) crowbar-core: - upgrade: Fix for lbaasv2 migration. (bsc#1033632) - upgrade: Download the latest crowbar_join from the server. (bsc#1033488) - updater: Refresh PTF repository. (bsc#1030462) - Restore ovs bridge settings after reboot. (bsc#1029180, bsc#1029179) - network: Really run wicked ifreload when needed. (bsc#1011889) - network: Set MTU for VLAN parent interface. (bsc#1024279) - provisioner: Define nameservers in autoyast.xml. (bsc#1026837) - Add missing translation for unready state. (bsc#1027230) - provisioner: Stop calling crowbar_join with --debug. (bsc#1023972) - backup: Fix backup upload. (bsc#1025194) - upgrade: Error out on first failed router-migration. (bsc#1020914) - crowbar: Do not crash on non-existing proposals. (bsc#1020957) - network: Manually set datapath-ids on ovs-bridges. (bsc#1022074) - provisioner: Use correct attributes for autoyast profile. (bsc#1021596) - dns: Allow defining custom CNAME records. (bsc#1016033) - apache2: Do not define apache2 service twice. (bsc#1021106) - Make role recipes skip recipes during nova-ha-compute batch. (bsc#1004758) - network: Enable rx/tx offloading by default. (bsc#1015266) - crowbar_register: Handle storage-only deploys. (bsc#993475) - upgrade: Handle failures on save. (bsc#1018110) - delayed_job: Don't run migrations when delayed_job is the caller. (bsc#1017971) - upgrade: Enable ptf repo during the noderepochecks. (bsc#1015827) - Update to a less ancient puma version. (bsc#1016724) - proposal: Initialize response with something useful. (bsc#1014835) - provisioner: Move uid/gid lower to avoid collision. (bsc#998598) - Remove buildarch: noarch so that syslinux becomes required again. (bsc#974882) - proposal: Fix wrong return on proposal reset. (bsc#1014835) - provisioner: Use chef_client_runs from node. (bsc#1013556) - network: Run wicked ifreload only once per chef-client run. (bsc#1012587) - provisioner: Avoid crash with incomplete network mappings. (bsc#990745) - crowbar: Fix invisible icons due to font-awesome update. (bsc#1013250) - batch: Add an import subcommand. (bsc#1012173) - chef-solr: Make solr heap and tmpfs configurable. (bsc#1010211) - chef-client: Make chef_client runs configurable. (bsc#1010211) - network: Run wicked ifreload when ifcfg files change. (bsc#1011889) - puma: Enable puma_worker_killer. (bsc#1010211) - upgrade: Reset fail-mode on ovs bridges before upgrade. (bsc#1002734) - upgrade: Force wicked config reload before upgrading. (bsc#1011889) - puma: Reduce puma worker and use more threads. (bsc#1010211) crowbar-init: - logging: Enable logging to a file. (bsc#1020578) - upgrade: Make sure that the database dump is in place. (bsc#1012177) - Improve database migration error handling. python-Pillow: - Update to version 2.8.1 python-SQLAlchemy: - Update to version 1.0.14 rubygem-chef-solr: - Prepare chef-solr for tmpfs usage. rubygem-crowbar-client: - Fix for backup upload subcommand options. (bsc#1026111) - Check for file existence before uploading backup. (bsc#1025309) - Improve node reset command. (bsc#1025206) - Fix upgrade hint after admin repochecks step. (bsc#1029682) - Send a reset command on node reset. (bsc#1025206) - Check for file existence before uploading backup. (bsc#1025309) - Fix backup upload args. (bsc#1026111) - Fix json encoding for proposal edit. (bsc#1023834) - Catch error 406 when node alias is not unique. (bsc#1011581) - Adapting request url's to various API change. (bsc#1005149) rubygem-execjs: - Switch requirement to nodejs6. rubygem-puma: - Update to version 2.16.0 (bsc#1016724) sleshammer: - Start rpcbind before using showmount. supportutils-plugin-suse-openstack-cloud: - Several changes for SUSE OpenStack Cloud 7. yast2-crowbar: - Update to version 3.2.0 - Stop generating autodocs. (fate#320356) Additionally, the following new packages have been added: - rubygem-get_process_mem version 0.2.1 - rubygem-puma_worker_killer version 0.0.7 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-814=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1492083732.54b34558-8.2 python-Pillow-2.8.1-3.1 python-Pillow-debuginfo-2.8.1-3.1 python-Pillow-debugsource-2.8.1-3.1 python-SQLAlchemy-1.0.14-3.1 python-SQLAlchemy-debuginfo-1.0.14-3.1 python-SQLAlchemy-debugsource-1.0.14-3.1 ruby2.1-rubygem-chef-solr-10.32.2-4.1 ruby2.1-rubygem-crowbar-client-3.3.1-6.1 ruby2.1-rubygem-execjs-2.7.0-4.1 ruby2.1-rubygem-get_process_mem-0.2.1-3.1 ruby2.1-rubygem-puma-2.16.0-3.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-3.1 ruby2.1-rubygem-puma_worker_killer-0.0.7-3.1 rubygem-chef-solr-10.32.2-4.1 - SUSE Enterprise Storage 4 (noarch): crowbar-4.0+git.1491915678.e59707d1-6.1 crowbar-ceph-4.0+git.1489057041.f723a9f-6.4 crowbar-init-4.0+git.1491479307.eab11fc-7.3 sleshammer-aarch64-0.7.0-0.17.2 sleshammer-debugsource-0.7.0-0.17.2 sleshammer-x86_64-0.7.0-0.17.2 supportutils-plugin-suse-openstack-cloud-7.0.1485972410.68bab74-3.1 yast2-crowbar-3.2.0-3.2 References: https://bugzilla.suse.com/1001946 https://bugzilla.suse.com/1002734 https://bugzilla.suse.com/1004758 https://bugzilla.suse.com/1005149 https://bugzilla.suse.com/1010211 https://bugzilla.suse.com/1011581 https://bugzilla.suse.com/1011889 https://bugzilla.suse.com/1012173 https://bugzilla.suse.com/1012177 https://bugzilla.suse.com/1012587 https://bugzilla.suse.com/1013250 https://bugzilla.suse.com/1013556 https://bugzilla.suse.com/1014835 https://bugzilla.suse.com/1015266 https://bugzilla.suse.com/1015312 https://bugzilla.suse.com/1015827 https://bugzilla.suse.com/1016033 https://bugzilla.suse.com/1016724 https://bugzilla.suse.com/1017971 https://bugzilla.suse.com/1018110 https://bugzilla.suse.com/1020578 https://bugzilla.suse.com/1020914 https://bugzilla.suse.com/1020957 https://bugzilla.suse.com/1021106 https://bugzilla.suse.com/1021596 https://bugzilla.suse.com/1022074 https://bugzilla.suse.com/1022259 https://bugzilla.suse.com/1023801 https://bugzilla.suse.com/1023834 https://bugzilla.suse.com/1023972 https://bugzilla.suse.com/1024279 https://bugzilla.suse.com/1024907 https://bugzilla.suse.com/1025194 https://bugzilla.suse.com/1025206 https://bugzilla.suse.com/1025309 https://bugzilla.suse.com/1025674 https://bugzilla.suse.com/1026111 https://bugzilla.suse.com/1026837 https://bugzilla.suse.com/1027230 https://bugzilla.suse.com/1029179 https://bugzilla.suse.com/1029180 https://bugzilla.suse.com/1029682 https://bugzilla.suse.com/1030462 https://bugzilla.suse.com/1033488 https://bugzilla.suse.com/1033632 https://bugzilla.suse.com/1037578 https://bugzilla.suse.com/974882 https://bugzilla.suse.com/990745 https://bugzilla.suse.com/993475 https://bugzilla.suse.com/998598 From sle-updates at lists.suse.com Thu May 18 10:21:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:21:22 +0200 (CEST) Subject: SUSE-RU-2017:1333-1: moderate: Recommended update for dracut Message-ID: <20170518162122.23A2D101C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1333-1 Rating: moderate References: #1008648 #1019938 #1032576 #1035743 #906716 #947670 #955592 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for dracut provides the following fixes: - Fix calculation of network masks. (bsc#1035743) - Fix typo in installkernel script. (bsc#1032576) - Fix dracut run on NFS root when NFS host is a DNS alias. (bsc#955592) - Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938) - Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648) - Fix /sbin/installkernel on aarch64 systems. (bsc#947670) - Don't wait for swap partitions to show up. (bsc#906716) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-810=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-810=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dracut-037-98.2 dracut-debuginfo-037-98.2 dracut-debugsource-037-98.2 dracut-fips-037-98.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dracut-037-98.2 dracut-debuginfo-037-98.2 dracut-debugsource-037-98.2 References: https://bugzilla.suse.com/1008648 https://bugzilla.suse.com/1019938 https://bugzilla.suse.com/1032576 https://bugzilla.suse.com/1035743 https://bugzilla.suse.com/906716 https://bugzilla.suse.com/947670 https://bugzilla.suse.com/955592 From sle-updates at lists.suse.com Thu May 18 10:22:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:22:51 +0200 (CEST) Subject: SUSE-RU-2017:1334-1: moderate: Recommended update for Mesa Message-ID: <20170518162251.0EF38101C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1334-1 Rating: moderate References: #1015012 #981975 #985650 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for Mesa provides the following fixes: - Fix hangs with Radeon due to a use-after-free bug in Gallium. (bsc#1015012) - Initialize AMD RSxxx chipsets correctly, fixing corruption of the graphical login screen. (bsc#985650) - Force link to libLLVMCodegen to fix cyclic linking problems. (bsc#981975) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-812=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-812=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-812=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-812=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): Mesa-debuginfo-32bit-10.0.2-102.7.7 Mesa-debugsource-10.0.2-102.7.7 Mesa-libGLESv2-2-32bit-10.0.2-102.7.7 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-102.7.7 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): Mesa-debuginfo-10.0.2-102.7.7 Mesa-debugsource-10.0.2-102.7.7 Mesa-devel-10.0.2-102.7.7 Mesa-libEGL-devel-10.0.2-102.7.7 Mesa-libGL-devel-10.0.2-102.7.7 Mesa-libGLESv1_CM-devel-10.0.2-102.7.7 Mesa-libGLESv1_CM1-10.0.2-102.7.7 Mesa-libGLESv1_CM1-debuginfo-10.0.2-102.7.7 Mesa-libGLESv2-devel-10.0.2-102.7.7 Mesa-libGLESv3-devel-10.0.2-102.7.7 Mesa-libglapi-devel-10.0.2-102.7.7 libOSMesa-devel-10.0.2-102.7.7 libOSMesa9-10.0.2-102.7.7 libOSMesa9-debuginfo-10.0.2-102.7.7 libgbm-devel-10.0.2-102.7.7 libxatracker-devel-1.0.0-102.7.7 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): Mesa-debuginfo-32bit-10.0.2-102.7.7 libOSMesa9-32bit-10.0.2-102.7.7 libOSMesa9-debuginfo-32bit-10.0.2-102.7.7 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): Mesa-10.0.2-102.7.7 Mesa-debuginfo-10.0.2-102.7.7 Mesa-debugsource-10.0.2-102.7.7 Mesa-libEGL1-10.0.2-102.7.7 Mesa-libEGL1-debuginfo-10.0.2-102.7.7 Mesa-libGL1-10.0.2-102.7.7 Mesa-libGL1-debuginfo-10.0.2-102.7.7 Mesa-libGLESv2-2-10.0.2-102.7.7 Mesa-libGLESv2-2-debuginfo-10.0.2-102.7.7 Mesa-libglapi0-10.0.2-102.7.7 Mesa-libglapi0-debuginfo-10.0.2-102.7.7 libgbm1-10.0.2-102.7.7 libgbm1-debuginfo-10.0.2-102.7.7 libxatracker2-1.0.0-102.7.7 libxatracker2-debuginfo-1.0.0-102.7.7 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): Mesa-32bit-10.0.2-102.7.7 Mesa-debuginfo-32bit-10.0.2-102.7.7 Mesa-libEGL1-32bit-10.0.2-102.7.7 Mesa-libEGL1-debuginfo-32bit-10.0.2-102.7.7 Mesa-libGL1-32bit-10.0.2-102.7.7 Mesa-libGL1-debuginfo-32bit-10.0.2-102.7.7 Mesa-libglapi0-32bit-10.0.2-102.7.7 Mesa-libglapi0-debuginfo-32bit-10.0.2-102.7.7 libgbm1-32bit-10.0.2-102.7.7 libgbm1-debuginfo-32bit-10.0.2-102.7.7 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): Mesa-10.0.2-102.7.7 Mesa-32bit-10.0.2-102.7.7 Mesa-debuginfo-10.0.2-102.7.7 Mesa-debuginfo-32bit-10.0.2-102.7.7 Mesa-debugsource-10.0.2-102.7.7 Mesa-libEGL1-10.0.2-102.7.7 Mesa-libEGL1-32bit-10.0.2-102.7.7 Mesa-libEGL1-debuginfo-10.0.2-102.7.7 Mesa-libEGL1-debuginfo-32bit-10.0.2-102.7.7 Mesa-libGL1-10.0.2-102.7.7 Mesa-libGL1-32bit-10.0.2-102.7.7 Mesa-libGL1-debuginfo-10.0.2-102.7.7 Mesa-libGL1-debuginfo-32bit-10.0.2-102.7.7 Mesa-libGLESv2-2-10.0.2-102.7.7 Mesa-libGLESv2-2-32bit-10.0.2-102.7.7 Mesa-libGLESv2-2-debuginfo-10.0.2-102.7.7 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-102.7.7 Mesa-libglapi0-10.0.2-102.7.7 Mesa-libglapi0-32bit-10.0.2-102.7.7 Mesa-libglapi0-debuginfo-10.0.2-102.7.7 Mesa-libglapi0-debuginfo-32bit-10.0.2-102.7.7 libgbm1-10.0.2-102.7.7 libgbm1-32bit-10.0.2-102.7.7 libgbm1-debuginfo-10.0.2-102.7.7 libgbm1-debuginfo-32bit-10.0.2-102.7.7 libxatracker2-1.0.0-102.7.7 libxatracker2-debuginfo-1.0.0-102.7.7 References: https://bugzilla.suse.com/1015012 https://bugzilla.suse.com/981975 https://bugzilla.suse.com/985650 From sle-updates at lists.suse.com Thu May 18 10:23:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:23:42 +0200 (CEST) Subject: SUSE-SU-2017:1335-1: important: Security update for kdelibs4 Message-ID: <20170518162342.B95D3101C6@maintenance.suse.de> SUSE Security Update: Security update for kdelibs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1335-1 Rating: important References: #1036244 Cross-References: CVE-2017-8422 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kdelibs4 fixes the following issues: - CVE-2017-8422: This update fixes problem in the DBUS authentication of the kauth framework that could be used to escalate privileges depending on bugs or misimplemented dbus services. (boo#1036244) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-805=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-805=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-805=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-805=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-805=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kdelibs4-debuginfo-4.12.0-10.1 kdelibs4-debugsource-4.12.0-10.1 libkde4-4.12.0-10.1 libkde4-debuginfo-4.12.0-10.1 libkdecore4-4.12.0-10.1 libkdecore4-debuginfo-4.12.0-10.1 libksuseinstall1-4.12.0-10.1 libksuseinstall1-debuginfo-4.12.0-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kdelibs4-debuginfo-4.12.0-10.1 kdelibs4-debugsource-4.12.0-10.1 libkde4-4.12.0-10.1 libkde4-debuginfo-4.12.0-10.1 libkdecore4-4.12.0-10.1 libkdecore4-debuginfo-4.12.0-10.1 libksuseinstall1-4.12.0-10.1 libksuseinstall1-debuginfo-4.12.0-10.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libkde4-32bit-4.12.0-10.1 libkde4-debuginfo-32bit-4.12.0-10.1 libkdecore4-32bit-4.12.0-10.1 libkdecore4-debuginfo-32bit-4.12.0-10.1 libksuseinstall1-32bit-4.12.0-10.1 libksuseinstall1-debuginfo-32bit-4.12.0-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kdelibs4-debuginfo-4.12.0-10.1 kdelibs4-debugsource-4.12.0-10.1 libkde4-4.12.0-10.1 libkde4-debuginfo-4.12.0-10.1 libkdecore4-4.12.0-10.1 libkdecore4-debuginfo-4.12.0-10.1 libksuseinstall1-4.12.0-10.1 libksuseinstall1-debuginfo-4.12.0-10.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libkde4-32bit-4.12.0-10.1 libkde4-debuginfo-32bit-4.12.0-10.1 libkdecore4-32bit-4.12.0-10.1 libkdecore4-debuginfo-32bit-4.12.0-10.1 libksuseinstall1-32bit-4.12.0-10.1 libksuseinstall1-debuginfo-32bit-4.12.0-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kdelibs4-debuginfo-4.12.0-10.1 kdelibs4-debugsource-4.12.0-10.1 libkde4-32bit-4.12.0-10.1 libkde4-4.12.0-10.1 libkde4-debuginfo-32bit-4.12.0-10.1 libkde4-debuginfo-4.12.0-10.1 libkdecore4-32bit-4.12.0-10.1 libkdecore4-4.12.0-10.1 libkdecore4-debuginfo-32bit-4.12.0-10.1 libkdecore4-debuginfo-4.12.0-10.1 libksuseinstall1-32bit-4.12.0-10.1 libksuseinstall1-4.12.0-10.1 libksuseinstall1-debuginfo-32bit-4.12.0-10.1 libksuseinstall1-debuginfo-4.12.0-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kdelibs4-debuginfo-4.12.0-10.1 kdelibs4-debugsource-4.12.0-10.1 libkde4-32bit-4.12.0-10.1 libkde4-4.12.0-10.1 libkde4-debuginfo-32bit-4.12.0-10.1 libkde4-debuginfo-4.12.0-10.1 libkdecore4-32bit-4.12.0-10.1 libkdecore4-4.12.0-10.1 libkdecore4-debuginfo-32bit-4.12.0-10.1 libkdecore4-debuginfo-4.12.0-10.1 libksuseinstall1-32bit-4.12.0-10.1 libksuseinstall1-4.12.0-10.1 libksuseinstall1-debuginfo-32bit-4.12.0-10.1 libksuseinstall1-debuginfo-4.12.0-10.1 References: https://www.suse.com/security/cve/CVE-2017-8422.html https://bugzilla.suse.com/1036244 From sle-updates at lists.suse.com Thu May 18 10:24:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:24:09 +0200 (CEST) Subject: SUSE-SU-2017:1336-1: important: Security update for rpcbind Message-ID: <20170518162409.04D67101C6@maintenance.suse.de> SUSE Security Update: Security update for rpcbind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1336-1 Rating: important References: #1037559 Cross-References: CVE-2017-8779 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-804=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-804=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): rpcbind-0.2.1_rc4-17.3.1 rpcbind-debuginfo-0.2.1_rc4-17.3.1 rpcbind-debugsource-0.2.1_rc4-17.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): rpcbind-0.2.1_rc4-17.3.1 rpcbind-debuginfo-0.2.1_rc4-17.3.1 rpcbind-debugsource-0.2.1_rc4-17.3.1 References: https://www.suse.com/security/cve/CVE-2017-8779.html https://bugzilla.suse.com/1037559 From sle-updates at lists.suse.com Thu May 18 10:24:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:24:41 +0200 (CEST) Subject: SUSE-SU-2017:1337-1: Security update for bash Message-ID: <20170518162441.0B774101C6@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1337-1 Rating: low References: #1010845 #1031729 #976776 Cross-References: CVE-2016-9401 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for bash fixed several issues This security issue was fixed: - CVE-2016-9401: popd in bash might allowed local users to bypass the restricted shell and cause a use-after-free via a crafted address (bsc#1010845). This non-security issue was fixed: - Fix when HISTSIZE=0 and chattr +a .bash_history (bsc#1031729) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bash-13111=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bash-13111=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bash-13111=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): readline-devel-5.2-147.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): readline-devel-32bit-5.2-147.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libreadline5-5.2-147.35.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bash-3.2-147.35.1 bash-doc-3.2-147.35.1 libreadline5-5.2-147.35.1 readline-doc-5.2-147.35.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libreadline5-32bit-5.2-147.35.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bash-x86-3.2-147.35.1 libreadline5-x86-5.2-147.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bash-debuginfo-3.2-147.35.1 bash-debugsource-3.2-147.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): bash-debuginfo-x86-3.2-147.35.1 References: https://www.suse.com/security/cve/CVE-2016-9401.html https://bugzilla.suse.com/1010845 https://bugzilla.suse.com/1031729 https://bugzilla.suse.com/976776 From sle-updates at lists.suse.com Thu May 18 10:25:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:25:39 +0200 (CEST) Subject: SUSE-RU-2017:1338-1: Recommended update for Mesa Message-ID: <20170518162539.0277C101C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1338-1 Rating: low References: #1015012 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Mesa provides the following fixes: - Fix hangs with Radeon due to a use-after-free bug in Gallium. (bsc#1015012) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-811=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-811=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-811=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-811=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-811=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): Mesa-debuginfo-32bit-11.2.1-104.3.3 Mesa-debugsource-11.2.1-104.3.3 Mesa-libGLESv2-2-32bit-11.2.1-104.3.3 Mesa-libGLESv2-2-debuginfo-32bit-11.2.1-104.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): Mesa-debuginfo-11.2.1-104.3.3 Mesa-debugsource-11.2.1-104.3.3 Mesa-devel-11.2.1-104.3.3 Mesa-dri-devel-11.2.1-104.3.3 Mesa-libEGL-devel-11.2.1-104.3.3 Mesa-libGL-devel-11.2.1-104.3.3 Mesa-libGLESv1_CM-devel-11.2.1-104.3.3 Mesa-libGLESv1_CM1-11.2.1-104.3.3 Mesa-libGLESv1_CM1-debuginfo-11.2.1-104.3.3 Mesa-libGLESv2-devel-11.2.1-104.3.3 Mesa-libGLESv3-devel-11.2.1-104.3.3 Mesa-libglapi-devel-11.2.1-104.3.3 libOSMesa-devel-11.2.1-104.3.3 libOSMesa9-11.2.1-104.3.3 libOSMesa9-debuginfo-11.2.1-104.3.3 libgbm-devel-11.2.1-104.3.3 libxatracker-devel-1.0.0-104.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (s390x x86_64): Mesa-debuginfo-32bit-11.2.1-104.3.3 libOSMesa9-32bit-11.2.1-104.3.3 libOSMesa9-debuginfo-32bit-11.2.1-104.3.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): Mesa-11.2.1-104.3.3 Mesa-debuginfo-11.2.1-104.3.3 Mesa-debugsource-11.2.1-104.3.3 Mesa-libEGL1-11.2.1-104.3.3 Mesa-libEGL1-debuginfo-11.2.1-104.3.3 Mesa-libGL1-11.2.1-104.3.3 Mesa-libGL1-debuginfo-11.2.1-104.3.3 Mesa-libGLESv2-2-11.2.1-104.3.3 Mesa-libGLESv2-2-debuginfo-11.2.1-104.3.3 Mesa-libglapi0-11.2.1-104.3.3 Mesa-libglapi0-debuginfo-11.2.1-104.3.3 libgbm1-11.2.1-104.3.3 libgbm1-debuginfo-11.2.1-104.3.3 libxatracker2-1.0.0-104.3.3 libxatracker2-debuginfo-1.0.0-104.3.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): Mesa-11.2.1-104.3.3 Mesa-debuginfo-11.2.1-104.3.3 Mesa-debugsource-11.2.1-104.3.3 Mesa-libEGL1-11.2.1-104.3.3 Mesa-libEGL1-debuginfo-11.2.1-104.3.3 Mesa-libGL1-11.2.1-104.3.3 Mesa-libGL1-debuginfo-11.2.1-104.3.3 Mesa-libGLESv2-2-11.2.1-104.3.3 Mesa-libGLESv2-2-debuginfo-11.2.1-104.3.3 Mesa-libglapi0-11.2.1-104.3.3 Mesa-libglapi0-debuginfo-11.2.1-104.3.3 libgbm1-11.2.1-104.3.3 libgbm1-debuginfo-11.2.1-104.3.3 libxatracker2-1.0.0-104.3.3 libxatracker2-debuginfo-1.0.0-104.3.3 - SUSE Linux Enterprise Server 12-SP2 (x86_64): Mesa-32bit-11.2.1-104.3.3 Mesa-debuginfo-32bit-11.2.1-104.3.3 Mesa-libEGL1-32bit-11.2.1-104.3.3 Mesa-libEGL1-debuginfo-32bit-11.2.1-104.3.3 Mesa-libGL1-32bit-11.2.1-104.3.3 Mesa-libGL1-debuginfo-32bit-11.2.1-104.3.3 Mesa-libglapi0-32bit-11.2.1-104.3.3 Mesa-libglapi0-debuginfo-32bit-11.2.1-104.3.3 libgbm1-32bit-11.2.1-104.3.3 libgbm1-debuginfo-32bit-11.2.1-104.3.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): Mesa-11.2.1-104.3.3 Mesa-32bit-11.2.1-104.3.3 Mesa-debuginfo-11.2.1-104.3.3 Mesa-debuginfo-32bit-11.2.1-104.3.3 Mesa-debugsource-11.2.1-104.3.3 Mesa-libEGL1-11.2.1-104.3.3 Mesa-libEGL1-32bit-11.2.1-104.3.3 Mesa-libEGL1-debuginfo-11.2.1-104.3.3 Mesa-libEGL1-debuginfo-32bit-11.2.1-104.3.3 Mesa-libGL1-11.2.1-104.3.3 Mesa-libGL1-32bit-11.2.1-104.3.3 Mesa-libGL1-debuginfo-11.2.1-104.3.3 Mesa-libGL1-debuginfo-32bit-11.2.1-104.3.3 Mesa-libGLESv2-2-11.2.1-104.3.3 Mesa-libGLESv2-2-32bit-11.2.1-104.3.3 Mesa-libGLESv2-2-debuginfo-11.2.1-104.3.3 Mesa-libGLESv2-2-debuginfo-32bit-11.2.1-104.3.3 Mesa-libglapi0-11.2.1-104.3.3 Mesa-libglapi0-32bit-11.2.1-104.3.3 Mesa-libglapi0-debuginfo-11.2.1-104.3.3 Mesa-libglapi0-debuginfo-32bit-11.2.1-104.3.3 libgbm1-11.2.1-104.3.3 libgbm1-32bit-11.2.1-104.3.3 libgbm1-debuginfo-11.2.1-104.3.3 libgbm1-debuginfo-32bit-11.2.1-104.3.3 libxatracker2-1.0.0-104.3.3 libxatracker2-debuginfo-1.0.0-104.3.3 References: https://bugzilla.suse.com/1015012 From sle-updates at lists.suse.com Thu May 18 10:26:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:26:13 +0200 (CEST) Subject: SUSE-OU-2017:1339-1: Initial release of nodejs6 Message-ID: <20170518162613.47649101C6@maintenance.suse.de> SUSE Optional Update: Initial release of nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1339-1 Rating: low References: #1037578 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update brings nodejs 6.9.5 to SUSE Enterprise Storage 4. Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient. Node.js' package ecosystem, npm, is the largest ecosystem of open source libraries in the world. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-813=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs6-6.9.5-10.1 nodejs6-debuginfo-6.9.5-10.1 nodejs6-debugsource-6.9.5-10.1 References: https://bugzilla.suse.com/1037578 From sle-updates at lists.suse.com Thu May 18 10:26:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 18:26:38 +0200 (CEST) Subject: SUSE-RU-2017:1340-1: Recommended update for SUSEConnect Message-ID: <20170518162638.1CCC2101C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1340-1 Rating: low References: #1028660 #1039213 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect implements a new feature to allow users to deactivate modules and extensions. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-808=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-808=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-808=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-808=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): SUSEConnect-0.3.0-19.8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): SUSEConnect-0.3.0-19.8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): SUSEConnect-0.3.0-19.8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): SUSEConnect-0.3.0-19.8.1 References: https://bugzilla.suse.com/1028660 https://bugzilla.suse.com/1039213 From sle-updates at lists.suse.com Thu May 18 13:09:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 21:09:35 +0200 (CEST) Subject: SUSE-RU-2017:1341-1: Recommended update for lua Message-ID: <20170518190935.99D03101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for lua ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1341-1 Rating: low References: #1010089 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Lua 5.2.4, which brings fixes for the following issues: - Wrong overflow check in table.unpack - Ephemeron table wrongly collecting strong keys - Crash in chunks that are too long - Garbage collector can trigger too many times in recursive loops - Wrong assert when reporting concatenation errors - Wrong error message in some short-cut expressions - luac listings choke on long strings - Reorder items in private Table struct, restoring ABI compatibility. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-817=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-817=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-817=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-817=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-817=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-817=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-817=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): lua-debuginfo-5.2.4-6.1 lua-debugsource-5.2.4-6.1 lua-devel-5.2.4-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): lua-debuginfo-5.2.4-6.1 lua-debugsource-5.2.4-6.1 lua-devel-5.2.4-6.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): liblua5_2-5.2.4-6.1 liblua5_2-debuginfo-5.2.4-6.1 lua-5.2.4-6.1 lua-debuginfo-5.2.4-6.1 lua-debugsource-5.2.4-6.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): liblua5_2-5.2.4-6.1 liblua5_2-debuginfo-5.2.4-6.1 lua-5.2.4-6.1 lua-debuginfo-5.2.4-6.1 lua-debugsource-5.2.4-6.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): liblua5_2-32bit-5.2.4-6.1 liblua5_2-debuginfo-32bit-5.2.4-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): liblua5_2-5.2.4-6.1 liblua5_2-debuginfo-5.2.4-6.1 lua-5.2.4-6.1 lua-debuginfo-5.2.4-6.1 lua-debugsource-5.2.4-6.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): liblua5_2-32bit-5.2.4-6.1 liblua5_2-debuginfo-32bit-5.2.4-6.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): liblua5_2-5.2.4-6.1 liblua5_2-debuginfo-5.2.4-6.1 lua-5.2.4-6.1 lua-debuginfo-5.2.4-6.1 lua-debugsource-5.2.4-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): liblua5_2-5.2.4-6.1 liblua5_2-debuginfo-5.2.4-6.1 lua-5.2.4-6.1 lua-debuginfo-5.2.4-6.1 lua-debugsource-5.2.4-6.1 References: https://bugzilla.suse.com/1010089 From sle-updates at lists.suse.com Thu May 18 13:10:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 21:10:19 +0200 (CEST) Subject: SUSE-RU-2017:1342-1: Recommended update for systemd Message-ID: <20170518191019.19C35101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1342-1 Rating: low References: #1018106 #1023220 #1025398 #1025886 #1026775 #1029183 #1029691 #904214 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - vconsole: Don't do GIO_SCRNMAP / GIO_UNISCRNMAP. (bsc#1029691, bsc#904214) - core: Deprecate mount.timeout= and rd.timeout= kernel command line params. - core: Fix parsing of mount.timeout in mount-fix-timeouts(.) (bsc#1023220) - udev: Add a persistent rule for ibmvnic devices. (bsc#1029183) - udev: Support predictable ifnames on vio buses. (bsc#1029183) - journald: Do not strip leading whitespace from messages. (bsc#1026775) - units: Do not throw a warning in emergency mode if plymouth is not installed. (bsc#1025398) - udev-rules: Perform whitespace replacement for symlink subst values. (bsc#1025886) - virt: When detecting containers and /run/systemd/container cannot be read, check /proc/1/environ. (bsc#1018106) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-815=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-815=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libgudev-1_0-0-210-70.64.3 libgudev-1_0-0-32bit-210-70.64.3 libgudev-1_0-0-debuginfo-210-70.64.3 libgudev-1_0-0-debuginfo-32bit-210-70.64.3 libudev1-210-70.64.3 libudev1-32bit-210-70.64.3 libudev1-debuginfo-210-70.64.3 libudev1-debuginfo-32bit-210-70.64.3 systemd-210-70.64.3 systemd-32bit-210-70.64.3 systemd-debuginfo-210-70.64.3 systemd-debuginfo-32bit-210-70.64.3 systemd-debugsource-210-70.64.3 systemd-sysvinit-210-70.64.3 udev-210-70.64.3 udev-debuginfo-210-70.64.3 - SUSE Linux Enterprise Server for SAP 12 (noarch): systemd-bash-completion-210-70.64.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libgudev-1_0-0-210-70.64.3 libgudev-1_0-0-debuginfo-210-70.64.3 libudev1-210-70.64.3 libudev1-debuginfo-210-70.64.3 systemd-210-70.64.3 systemd-debuginfo-210-70.64.3 systemd-debugsource-210-70.64.3 systemd-sysvinit-210-70.64.3 udev-210-70.64.3 udev-debuginfo-210-70.64.3 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libgudev-1_0-0-32bit-210-70.64.3 libgudev-1_0-0-debuginfo-32bit-210-70.64.3 libudev1-32bit-210-70.64.3 libudev1-debuginfo-32bit-210-70.64.3 systemd-32bit-210-70.64.3 systemd-debuginfo-32bit-210-70.64.3 - SUSE Linux Enterprise Server 12-LTSS (noarch): systemd-bash-completion-210-70.64.3 References: https://bugzilla.suse.com/1018106 https://bugzilla.suse.com/1023220 https://bugzilla.suse.com/1025398 https://bugzilla.suse.com/1025886 https://bugzilla.suse.com/1026775 https://bugzilla.suse.com/1029183 https://bugzilla.suse.com/1029691 https://bugzilla.suse.com/904214 From sle-updates at lists.suse.com Thu May 18 13:12:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 May 2017 21:12:16 +0200 (CEST) Subject: SUSE-RU-2017:1344-1: Recommended update for systemd Message-ID: <20170518191216.2DE00101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1344-1 Rating: low References: #1018106 #1023220 #1025398 #1025886 #1026775 #1029183 #1029691 #904214 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for systemd provides the following fixes: - vconsole: Don't do GIO_SCRNMAP / GIO_UNISCRNMAP. (bsc#1029691, bsc#904214) - core: Fix parsing of mount.timeout in mount-fix-timeouts(). (bsc#1023220) - udev: Add a persistent rule for ibmvnic devices. (bsc#1029183) - udev: Support predictable ifnames on vio buses. (bsc#1029183) - journald: Do not strip leading whitespace from messages. (bsc#1026775) - units: Do not throw a warning in emergency mode if plymouth is not installed. (bsc#1025398) - udev-rules: Perform whitespace replacement for symlink subst values. (bsc#1025886) - virt: When detecting containers and /run/systemd/container cannot be read, check /proc/1/environ. (bsc#1018106) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-816=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-816=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-816=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-devel-210-116.9.1 libudev-devel-210-116.9.1 systemd-debuginfo-210-116.9.1 systemd-debugsource-210-116.9.1 systemd-devel-210-116.9.1 typelib-1_0-GUdev-1_0-210-116.9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-0-210-116.9.1 libgudev-1_0-0-debuginfo-210-116.9.1 libudev1-210-116.9.1 libudev1-debuginfo-210-116.9.1 systemd-210-116.9.1 systemd-debuginfo-210-116.9.1 systemd-debugsource-210-116.9.1 systemd-sysvinit-210-116.9.1 udev-210-116.9.1 udev-debuginfo-210-116.9.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgudev-1_0-0-32bit-210-116.9.1 libgudev-1_0-0-debuginfo-32bit-210-116.9.1 libudev1-32bit-210-116.9.1 libudev1-debuginfo-32bit-210-116.9.1 systemd-32bit-210-116.9.1 systemd-debuginfo-32bit-210-116.9.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): systemd-bash-completion-210-116.9.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): systemd-bash-completion-210-116.9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgudev-1_0-0-210-116.9.1 libgudev-1_0-0-32bit-210-116.9.1 libgudev-1_0-0-debuginfo-210-116.9.1 libgudev-1_0-0-debuginfo-32bit-210-116.9.1 libudev1-210-116.9.1 libudev1-32bit-210-116.9.1 libudev1-debuginfo-210-116.9.1 libudev1-debuginfo-32bit-210-116.9.1 systemd-210-116.9.1 systemd-32bit-210-116.9.1 systemd-debuginfo-210-116.9.1 systemd-debuginfo-32bit-210-116.9.1 systemd-debugsource-210-116.9.1 systemd-sysvinit-210-116.9.1 udev-210-116.9.1 udev-debuginfo-210-116.9.1 References: https://bugzilla.suse.com/1018106 https://bugzilla.suse.com/1023220 https://bugzilla.suse.com/1025398 https://bugzilla.suse.com/1025886 https://bugzilla.suse.com/1026775 https://bugzilla.suse.com/1029183 https://bugzilla.suse.com/1029691 https://bugzilla.suse.com/904214 From sle-updates at lists.suse.com Thu May 18 22:09:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 06:09:51 +0200 (CEST) Subject: SUSE-RU-2017:1345-1: moderate: Recommended update for Salt Message-ID: <20170519040951.8B06D101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1345-1 Rating: moderate References: #1019386 #1022841 #1023535 #1027044 #1027240 #1027722 #1030009 #1032213 #1032452 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Refactoring on Zypper and Yum execution and state modules to allow installation of patches/errata. - Fix log rotation permission issue (bsc#1030009) - Use pkg/suse/salt-api.service by this package - Set SHELL environment variable for the salt-api.service. - Fix 'timeout' and 'gather_job_timeout' kwargs parameters for 'local_batch' client. - Add missing bootstrap script for Salt Cloud. (bsc#1032452) - Add missing /var/cache/salt/cloud directory. (bsc#1032213) - Add test case for race conditions on cache directory creation. - Add "pkg.install downloadonly=True" support to yum/dnf execution module. - Makes sure "gather_job_timeout" is an Integer. - Add "pkg.downloaded" state and support for installing patches/erratas. - Merge master_tops output. - Fix race condition on cache directory creation. - Cleanup salt user environment preparation. (bsc#1027722) - Don't send passwords after shim delimiter is found. (bsc#1019386) - Allow to set 'timeout' and 'gather_job_timeout' via kwargs. - Allow to set custom timeouts for 'manage.up' and 'manage.status'. - Define with system for fedora and RHEL 7. (bsc#1027240) - Fix service state returning stacktrace. (bsc#1027044) - Add OpenSCAP Module. - Prevents 'OSError' exception in case certain job cache path doesn't exist. (bsc#1023535) - Fix issue with cp.push. - Fix salt-minion update on RHEL. (bsc#1022841) - Adding new functions to Snapper execution module. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-13114=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-13114=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2015.8.12-35.1 salt-doc-2015.8.12-35.1 salt-minion-2015.8.12-35.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2015.8.12-35.1 salt-doc-2015.8.12-35.1 salt-minion-2015.8.12-35.1 References: https://bugzilla.suse.com/1019386 https://bugzilla.suse.com/1022841 https://bugzilla.suse.com/1023535 https://bugzilla.suse.com/1027044 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1032213 https://bugzilla.suse.com/1032452 From sle-updates at lists.suse.com Thu May 18 22:11:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 06:11:55 +0200 (CEST) Subject: SUSE-SU-2017:1346-1: moderate: Security update for SUSE Manager Proxy 3.0 Message-ID: <20170519041155.DB186101C7@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Proxy 3.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1346-1 Rating: moderate References: #1017422 #1017754 #1020904 #1023233 #1024714 #1025312 #1025758 #1026633 #1027873 #1029755 #1030342 #1031338 #1031659 #1031667 #1032256 #1033383 #1034956 Cross-References: CVE-2017-7470 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has 16 fixes is now available. Description: The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. (bsc#1026633, CVE-2017-7470) Additionally, the following non-security issues have been fixed: rhnlib: - Support all TLS versions in rpclib. (bsc#1025312) spacewalk-backend: - Do not fail with traceback when media.1 does not exist. (bsc#1032256) - Create scap files dir beforehand. (bsc#1029755) - Fix error if SPACEWALK_DEBUG_NO_REPORTS env variable is not present. - Don't skip 'rhnErrataPackage' cleanup during an errata update. (bsc#1023233) - Add support for running spacewalk-debug without creating reports. (bsc#1024714) - Set scap store dir mod to 775 and group owner to susemanager. - Incomplete_package_import: do import rhnPackageFile as it breaks some package installations. - Added traceback printing to the exception block. - Change postgresql starting commands. spacewalk-certs-tools: - Always restart the minion regardless of its current state. (bsc#1034956) - Correctly honor disabling of SSL in bootstrap script. (bsc#1033383) - Add curl dependency and move mgr-proxy-ssh* to spacewalk-proxy package. - Exit for non-traditional bootstrap scripts. (bsc#1020904) - Rename mgr-ssh-proxy-force-cmd -> mgr-proxy-ssh-force-cmd. - Add mgr-proxy-ssh-force-cmd, mgr-proxy-ssh-push-init to rpm. - Add option to configure only sshd. - Restrictive ssh options for user mgrsshtunnel. spacewalk-client-tools: - Fix reboot message to use correct product name. (bsc#1031667) spacewalk-proxy: - Add curl dependency and move mgr-proxy-ssh* to spacewalk-proxy package. - Lower the use-file-instead-of-memory treshold. (bsc#1030342) spacewalk-proxy-installer: - Do not start firewall on proxy during configuration if not already active. (bsc#1031338) - Salt minions get repodata via a different URL; reflect by additional squid rule. (bsc#1027873) - Only warn if parent ssh-push pub key could not be retrieved. - Generate and auth ssh push keys for user mgrsshtunnel. - Authorize parent salt-ssh key on proxy. - Generate proxy ssh-push key and authorize the previous proxy in the chain. - Generate own ssh-push key for proxy and authorize parent. spacewalk-web: - Remote Commands: Allow Web Socket to be opened on non-standard port. - Improve remote cmd ui err handling. - Show message when waiting for ssh minions times out. - Fix remote cmd ui js err and timed out message. - Remote cmd UI changes for salt-ssh minions. - Fix broken help link for taskstatus. (bsc#1017422) - Add js utility function to create Date objects in different timezones. - Show proxy path in bootstrap UI. - Clear proxy selection when clicking clear fields button. - Check if proxy hostname is FQDN not name in UI. - Show warn in bootstrap UI if proxy hostname is not a FQDN. susemanager-sls: - Add certificate state for CAASP. - Add certificate state for SLES for SAP. (bsc#1031659) - Pre-create empty top.sls with no-op. (bsc#1017754) - Add xccdf result xslt. - Fix mainframesysinfo module to use /proc/sysinfo on SLES11. (bsc#1025758) - Set scap store dir mod to 775 and group owner to susemanager. - Store uploaded scap files. - Set minion own key owner to bootstrap ssh_push_sudo_user. - Runner to generate ssh key and execute cmd via proxies. - Change ssh bootstrap state to generate and auth keys for salt-ssh push with tunnel. - Authorize parent salt-ssh key on proxy. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-827=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (noarch): rhnlib-2.5.84.4-6.1 spacewalk-backend-2.5.24.9-22.1 spacewalk-backend-libs-2.5.24.9-22.1 spacewalk-base-minimal-2.5.7.15-21.1 spacewalk-base-minimal-config-2.5.7.15-21.1 spacewalk-certs-tools-2.5.1.8-17.1 spacewalk-check-2.5.13.8-17.2 spacewalk-client-setup-2.5.13.8-17.2 spacewalk-client-tools-2.5.13.8-17.2 spacewalk-proxy-broker-2.5.1.7-15.1 spacewalk-proxy-common-2.5.1.7-15.1 spacewalk-proxy-installer-2.5.2.5-6.1 spacewalk-proxy-management-2.5.1.7-15.1 spacewalk-proxy-package-manager-2.5.1.7-15.1 spacewalk-proxy-redirect-2.5.1.7-15.1 spacewalk-proxy-salt-2.5.1.7-15.1 susemanager-sls-0.1.20-23.1 References: https://www.suse.com/security/cve/CVE-2017-7470.html https://bugzilla.suse.com/1017422 https://bugzilla.suse.com/1017754 https://bugzilla.suse.com/1020904 https://bugzilla.suse.com/1023233 https://bugzilla.suse.com/1024714 https://bugzilla.suse.com/1025312 https://bugzilla.suse.com/1025758 https://bugzilla.suse.com/1026633 https://bugzilla.suse.com/1027873 https://bugzilla.suse.com/1029755 https://bugzilla.suse.com/1030342 https://bugzilla.suse.com/1031338 https://bugzilla.suse.com/1031659 https://bugzilla.suse.com/1031667 https://bugzilla.suse.com/1032256 https://bugzilla.suse.com/1033383 https://bugzilla.suse.com/1034956 From sle-updates at lists.suse.com Thu May 18 22:15:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 06:15:13 +0200 (CEST) Subject: SUSE-SU-2017:1347-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20170519041513.2C186FF3A@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1347-1 Rating: moderate References: #1023233 #1024406 #1024714 #1025312 #1026633 #1027426 #1029755 #1031667 #1032256 Cross-References: CVE-2017-7470 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. (bsc#1026633, CVE-2017-7470) Additionally, the following non-security issues have been fixed: rhnlib: - Support all TLS versions in rpclib. (bsc#1025312) spacecmd: - Improve output on error for listrepo. (bsc#1027426) - Reword spacecmd removal message. (bsc#1024406) spacewalk-backend: - Do not fail with traceback when media.1 does not exist. (bsc#1032256) - Create scap files directory beforehand. (bsc#1029755) - Fix error if SPACEWALK_DEBUG_NO_REPORTS environment variable is not present. - Don't skip 'rhnErrataPackage' cleanup during an errata update. (bsc#1023233) - Add support for running spacewalk-debug without creating reports. (bsc#1024714) - Set scap store directory mod to 775 and group owner to susemanager. - incomplete_package_import: Do import rhnPackageFile as it breaks some package installations. - Added traceback printing to the exception block. - Change postgresql starting commands. spacewalk-client-tools: - Fix reboot message to use correct product name. (bsc#1031667) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201704-13115=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201704-13115=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): rhnlib-2.5.84.4-8.1 spacecmd-2.5.5.5-14.1 spacewalk-backend-libs-2.5.24.9-24.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): spacewalk-check-2.5.13.8-23.1 spacewalk-client-setup-2.5.13.8-23.1 spacewalk-client-tools-2.5.13.8-23.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): rhnlib-2.5.84.4-8.1 spacecmd-2.5.5.5-14.1 spacewalk-backend-libs-2.5.24.9-24.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): spacewalk-check-2.5.13.8-23.1 spacewalk-client-setup-2.5.13.8-23.1 spacewalk-client-tools-2.5.13.8-23.1 References: https://www.suse.com/security/cve/CVE-2017-7470.html https://bugzilla.suse.com/1023233 https://bugzilla.suse.com/1024406 https://bugzilla.suse.com/1024714 https://bugzilla.suse.com/1025312 https://bugzilla.suse.com/1026633 https://bugzilla.suse.com/1027426 https://bugzilla.suse.com/1029755 https://bugzilla.suse.com/1031667 https://bugzilla.suse.com/1032256 From sle-updates at lists.suse.com Thu May 18 22:16:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 06:16:58 +0200 (CEST) Subject: SUSE-RU-2017:1348-1: Recommended update for the SUSE Manager Server and Proxy 3.0 release notes Message-ID: <20170519041658.DD24E101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager Server and Proxy 3.0 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1348-1 Rating: low References: #1026266 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: SUSE Manager 3.0 Release Notes have been updated to document: - New products - Cloud 7 - Magnum Orchestration - SUSE Manager Server bugs fixed by latest updates: + bsc#1000762, bsc#1009545, bsc#1009545, bsc#1011964, bsc#1012784 bsc#1013606, bsc#1017418, bsc#1017422, bsc#1017422, bsc#1017754 bsc#1017772, bsc#1020659, bsc#1020904, bsc#1022530, bsc#1023233 bsc#1024066, bsc#1024406, bsc#1024456, bsc#1024714, bsc#1024863 bsc#1024966, bsc#1024966, bsc#1025000, bsc#1025275, bsc#1025291 bsc#1025312, bsc#1025421, bsc#1025758, bsc#1025758, bsc#1025761 bsc#1025761, bsc#1025761, bsc#1025775, bsc#1025908, bsc#1026266 bsc#1026301, bsc#1027426, bsc#1027852, bsc#1028062, bsc#1028306 bsc#1029755, bsc#1029755, bsc#1029840, bsc#1030716, bsc#1031092 bsc#1031453, bsc#1031659, bsc#1031667, bsc#1031826, bsc#1031885 bsc#1032256, bsc#1033383, bsc#1033497, bsc#1033731, bsc#1034289 bsc#1034465, bsc#1034956 - SUSE Manager Proxy bugs fixed by latest updates: + bsc#1017422, bsc#1017754, bsc#1020904, bsc#1023233, bsc#1024714 bsc#1025312, bsc#1025758, bsc#1027873, bsc#1029755, bsc#1030342 bsc#1031338, bsc#1031659, bsc#1031667, bsc#1032256, bsc#1033383 bsc#1034956 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-828=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-828=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): release-notes-susemanager-3.0.5-0.52.1 - SUSE Manager Proxy 3.0 (x86_64): release-notes-susemanager-proxy-3.0.5-0.27.1 References: https://bugzilla.suse.com/1026266 From sle-updates at lists.suse.com Thu May 18 22:17:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 06:17:23 +0200 (CEST) Subject: SUSE-SU-2017:1349-1: moderate: Security update for SUSE Manager Server 3.0 Message-ID: <20170519041723.D04F2101C7@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1349-1 Rating: moderate References: #1000762 #1009545 #1011964 #1012784 #1013606 #1017418 #1017422 #1017754 #1017772 #1020659 #1020904 #1022530 #1023233 #1024066 #1024406 #1024456 #1024714 #1024863 #1024966 #1025000 #1025275 #1025291 #1025312 #1025421 #1025758 #1025761 #1025775 #1025908 #1026266 #1026301 #1026633 #1027426 #1027852 #1028062 #1028306 #1029755 #1029840 #1030716 #1031092 #1031453 #1031659 #1031667 #1031826 #1031885 #1032256 #1033383 #1033497 #1033731 #1034289 #1034465 #1034956 Cross-References: CVE-2017-7470 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has 50 fixes is now available. Description: The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. (bsc#1026633, CVE-2017-7470) Additionally, the following non-security issues have been fixed: rhnlib: - Support all TLS versions in rpclib. (bsc#1025312) salt-netapi-client: - Fix date format for Schedule module. (bsc#1034465) spacecmd: - Improve output on error for listrepo. (bsc#1027426) - Reword spacecmd removal message. (bsc#1024406) spacewalk-backend: - Do not fail with traceback when media.1 does not exist. (bsc#1032256) - Create scap files directory beforehand. (bsc#1029755) - Fix error if SPACEWALK_DEBUG_NO_REPORTS environment variable is not present. - Don't skip 'rhnErrataPackage' cleanup during an errata update. (bsc#1023233) - Add support for running spacewalk-debug without creating reports. (bsc#1024714) - Set scap store directory mod to 775 and group owner to susemanager. - incomplete_package_import: Do import rhnPackageFile as it breaks some package installations. - Added traceback printing to the exception block. - Change postgresql starting commands. spacewalk-certs-tools: - Always restart the minion regardless of its current state. (bsc#1034956) - Correctly honor disabling of SSL in bootstrap script. (bsc#1033383) - Add curl dependency and move mgr-proxy-ssh* to spacewalk-proxy package. - Exit for non-traditional bootstrap scripts. (bsc#1020904) - Rename mgr-ssh-proxy-force-cmd -> mgr-proxy-ssh-force-cmd. - Add mgr-proxy-ssh-force-cmd, mgr-proxy-ssh-push-init to rpm. - Add option to configure only sshd. - Restrictive ssh options for user mgrsshtunnel. spacewalk-client-tools: - Fix reboot message to use correct product name. (bsc#1031667) spacewalk-java: - Fix missing IPs in Overview tab. (bsc#1031453) - Fix scheduling VM deployment in future. (bsc#1034289) - Handle empty set to not produce invalid sql. (bsc#1033497) - Fix SSM group pagination. (bsc#1012784) - Create PooledExecutor with pre-filled queue. (bsc#1030716) - Make sure minion keys can only be seen/managed by appropriate user. (bsc#1025908) - Set action status to 'failed' on uncaught exceptions. (bsc#1013606) - Add missing library to taskomatic classpath. (bsc#1024066) - Set log level to DEBUG for EOFException when the Websocket connection is aborted by the client. (bsc#1031826) - Add a remote command with label as a script to the actionchain. (bsc#1011964) - Fix architecture for default channels lookup. (bsc#1025275) - Change required salt-netapi-client to >= 0.11. - Using stream() during collection processing. - Making salt presence timeouts configurable via rhn.conf. (bsc#1025761) - Avoid blocking synchronous calls if some minions are unreachable. (bsc#1025761) - Excludes unreachable minions from synchronous call to prevent blocking. (bsc#1025761) - Fix LocalDateTimeISOAdapter to parse date string with timezone. (bsc#1024966) - Create scap files directories beforehand. (bsc#1029755) - Make country, state/province and city searchable for system location. (bsc#1020659) - Change incorrect help link. (bsc#1017418) - Don't allow scheduling scap scan if openscap pkg missing from minion. - Make salt aware of rescheduled actions. (bsc#1027852) - Close hibernate session on async salt-ssh call. - Use a small fixed pool so we don't overwhelm the salt-api with salt-ssh executions - Fix remote cmd ui js err and timed out message. - Remote cmd UI changes for salt-ssh minions. - Add support for salt ssh minions to remote cmd UI. - Apply SessionFilter also for error pages. (bsc#1028062) - Use correct logging class. - Fix broken help link for taskstatus. (bsc#1017422) - Test errata not removed from origin. - Fix merge channels patches. (bsc#1025000) - Change XccdfIdent.identifier mapping length to 100. - Add xccdf result xslt. - Fix mainframesysinfo module to use /proc/sysinfo on SLES11. (bsc#1025758) - Use consistent spelling in UI. (bsc#1028306) - Rewording distchannelmap text. (bsc#1017772) - Javascript datepicker needs the timezone create a correct date object. (bsc#1024966) - Don't show audit tab for ssh-push minions. - Set scap store dir mod to 775 and group owner to susemanager. - Better error handling and more tests. - Store uploaded scap files. - Openscap action scheduling and handling. - Grant scap capability to minion on registration. - Enable audit tab for salt minions. - Scap inital xccdfEval and hibernate mappings. - Show proxy path in bootstrap UI. - AuthFilter tests: Update expectations to reflect cookie update at end of request. - AuthFilter: Update cookie expiry date at end of HTTP request. (bsc#1025775) - MinionActionCleanup: Only call list_jobs once per action id. (bsc#1025291) - MinionActionCleanupTest: Expect that list_jobs is only called once. - Feat: Allow salt-enabled bootstrap.sh via UI. - Catch and display all bootstrap errors. - Sync grains and beacons only for regular minions. - Add new channel tokens to minion.accessTokens. - Fix getting server path for a first level proxy. - Fix bootstrap err when proxy not selected. - Check if proxy hostname is FQDN not name in UI. - Utility for runner to generate ssh key and execute cmd via proxies. - Add proxy_pub_key to ssh bootstrap pillar. - Add ssh timeout to temporary roster. - Salt_ssh_connect_timeout configuration parameter. - Authorize parent salt-ssh key on proxy. - Java backend for salt ssh-push through proxy. - Avoid deadlock with spacewalk-repo-sync. (bsc#1022530) - Fix NPE when no SUSE Product was found for an installed product. (bsc#1029840) - Keep organization after migrating a system to salt. (bsc#1026301) - Fix glob only for noarch rpm(s). - Feat: Dynamically detect deployed CA certificate. - Fix restore original default (certificate). - Rename variable (cert provided by RPM). - Fix uniform bootstrap.sh. (bsc#1000762) spacewalk-reports: - Remove legacy audit logging reports. (bsc#1009545) spacewalk-setup: - Create /var/spacewalk/systems in spacewalk-setup and ensure perms on upgrade. - Add xccdf result xslt. - Authorize parent salt-ssh key on proxy. spacewalk-web: - Remote Commands: Allow Web Socket to be opened on non-standard port. - Improve remote cmd ui error handling. - Show message when waiting for ssh minions times out. - Fix remote cmd ui js err and timed out message. - Remote cmd UI changes for salt-ssh minions. - Fix broken help link for taskstatus. (bsc#1017422) - Add js utility function to create Date objects in different timezones. - Show proxy path in bootstrap UI. - Clear proxy selection when clicking clear fields button. - Check if proxy hostname is FQDN not name in UI. - Show warn in bootstrap UI if proxy hostname is not a FQDN. subscription-matcher: - Set -Xmx launch parameter based on customer data. (bsc#1024863) - Small bugfixes and logging improvements. susemanager: - Add bootstrap repo data for SLES for SAP 12 SP2 ppc64le. - Add python-setuptools to bootstrap repo. (bsc#1033731) - Create directory manually if mksubvolume fails, so we now support btrfs based systems with missing mksubvoume utility. (bsc#1031885) - Create /var/spacewalk/systems in spacewalk-setup and ensure perms on upgrade - Fix typo in comment noting option with-custom-channels. (bsc#1031092) - Pre require tomcat and salt. - Fix %%pre and %%post scripts in susemanager.spec. - Append salt,tomcat,wwwrung to susemanager group. - Susemanager group and change owner and permissions for /var/susemanager/systems. susemanager-schema: - Don't fail if capability already exists. - Show update message only when updating the schema package. (bsc#1024456) - Fix audit log disabling in Oracle. - Grant minions scap capability. - Clean up stale logging data and triggers. (bsc#1009545) - Fix deduplicate to work with more than two duplicates. susemanager-sls: - Add certificate state for CAASP. - Add certificate state for SLES for SAP. (bsc#1031659) - Pre-create empty top.sls with no-op. (bsc#1017754) - Add xccdf result xslt. - Fix mainframesysinfo module to use /proc/sysinfo on SLES11. (bsc#1025758) - Set scap store dir mod to 775 and group owner to susemanager. - Store uploaded scap files. - Set minion own key owner to bootstrap ssh_push_sudo_user. - Runner to generate ssh key and execute cmd via proxies. - Change ssh bootstrap state to generate and auth keys for salt-ssh push with tunnel. - Authorize parent salt-ssh key on proxy. susemanager-sync-data: - Support Cloud 7 - Magnum Orchestration (bsc#1026266) and SLES for SAP 12 SP2 ppc64le. virtual-host-gatherer: - Adding support for exploring 'vim.Folder'. (bsc#1025421) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-827=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): susemanager-3.0.21-21.1 susemanager-tools-3.0.21-21.1 - SUSE Manager Server 3.0 (noarch): rhnlib-2.5.84.4-6.1 salt-netapi-client-0.11.1-12.1 spacecmd-2.5.5.5-12.1 spacewalk-backend-2.5.24.9-22.1 spacewalk-backend-app-2.5.24.9-22.1 spacewalk-backend-applet-2.5.24.9-22.1 spacewalk-backend-config-files-2.5.24.9-22.1 spacewalk-backend-config-files-common-2.5.24.9-22.1 spacewalk-backend-config-files-tool-2.5.24.9-22.1 spacewalk-backend-iss-2.5.24.9-22.1 spacewalk-backend-iss-export-2.5.24.9-22.1 spacewalk-backend-libs-2.5.24.9-22.1 spacewalk-backend-package-push-server-2.5.24.9-22.1 spacewalk-backend-server-2.5.24.9-22.1 spacewalk-backend-sql-2.5.24.9-22.1 spacewalk-backend-sql-oracle-2.5.24.9-22.1 spacewalk-backend-sql-postgresql-2.5.24.9-22.1 spacewalk-backend-tools-2.5.24.9-22.1 spacewalk-backend-xml-export-libs-2.5.24.9-22.1 spacewalk-backend-xmlrpc-2.5.24.9-22.1 spacewalk-base-2.5.7.15-21.1 spacewalk-base-minimal-2.5.7.15-21.1 spacewalk-base-minimal-config-2.5.7.15-21.1 spacewalk-certs-tools-2.5.1.8-17.1 spacewalk-client-tools-2.5.13.8-17.2 spacewalk-html-2.5.7.15-21.1 spacewalk-java-2.5.59.14-23.2 spacewalk-java-config-2.5.59.14-23.2 spacewalk-java-lib-2.5.59.14-23.2 spacewalk-java-oracle-2.5.59.14-23.2 spacewalk-java-postgresql-2.5.59.14-23.2 spacewalk-reports-2.5.1.2-3.1 spacewalk-setup-2.5.3.12-15.1 spacewalk-taskomatic-2.5.59.14-23.2 subscription-matcher-0.18-5.1 susemanager-schema-3.0.19-21.2 susemanager-sls-0.1.20-23.1 susemanager-sync-data-3.0.16-24.1 virtual-host-gatherer-1.0.13-6.1 virtual-host-gatherer-VMware-1.0.13-6.1 References: https://www.suse.com/security/cve/CVE-2017-7470.html https://bugzilla.suse.com/1000762 https://bugzilla.suse.com/1009545 https://bugzilla.suse.com/1011964 https://bugzilla.suse.com/1012784 https://bugzilla.suse.com/1013606 https://bugzilla.suse.com/1017418 https://bugzilla.suse.com/1017422 https://bugzilla.suse.com/1017754 https://bugzilla.suse.com/1017772 https://bugzilla.suse.com/1020659 https://bugzilla.suse.com/1020904 https://bugzilla.suse.com/1022530 https://bugzilla.suse.com/1023233 https://bugzilla.suse.com/1024066 https://bugzilla.suse.com/1024406 https://bugzilla.suse.com/1024456 https://bugzilla.suse.com/1024714 https://bugzilla.suse.com/1024863 https://bugzilla.suse.com/1024966 https://bugzilla.suse.com/1025000 https://bugzilla.suse.com/1025275 https://bugzilla.suse.com/1025291 https://bugzilla.suse.com/1025312 https://bugzilla.suse.com/1025421 https://bugzilla.suse.com/1025758 https://bugzilla.suse.com/1025761 https://bugzilla.suse.com/1025775 https://bugzilla.suse.com/1025908 https://bugzilla.suse.com/1026266 https://bugzilla.suse.com/1026301 https://bugzilla.suse.com/1026633 https://bugzilla.suse.com/1027426 https://bugzilla.suse.com/1027852 https://bugzilla.suse.com/1028062 https://bugzilla.suse.com/1028306 https://bugzilla.suse.com/1029755 https://bugzilla.suse.com/1029840 https://bugzilla.suse.com/1030716 https://bugzilla.suse.com/1031092 https://bugzilla.suse.com/1031453 https://bugzilla.suse.com/1031659 https://bugzilla.suse.com/1031667 https://bugzilla.suse.com/1031826 https://bugzilla.suse.com/1031885 https://bugzilla.suse.com/1032256 https://bugzilla.suse.com/1033383 https://bugzilla.suse.com/1033497 https://bugzilla.suse.com/1033731 https://bugzilla.suse.com/1034289 https://bugzilla.suse.com/1034465 https://bugzilla.suse.com/1034956 From sle-updates at lists.suse.com Thu May 18 22:26:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 06:26:52 +0200 (CEST) Subject: SUSE-RU-2017:1350-1: moderate: Recommended update for cobbler Message-ID: <20170519042652.6487C101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1350-1 Rating: moderate References: #1020376 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cobbler fixes the following issues: - Support UEFI boot with cobbler generated tftp tree. (bsc#1020376) - Refresh patch for fuzzless appliance. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-822=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-45.1 References: https://bugzilla.suse.com/1020376 From sle-updates at lists.suse.com Thu May 18 22:27:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 06:27:22 +0200 (CEST) Subject: SUSE-SU-2017:1351-1: moderate: Security update for Botan Message-ID: <20170519042722.4A2DA101C7@maintenance.suse.de> SUSE Security Update: Security update for Botan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1351-1 Rating: moderate References: #1013209 #968030 Cross-References: CVE-2015-7827 CVE-2016-9132 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for Botan fixes the following issues: - CVE-2015-7827: PKCS #1 v1.5 decoding was not constant time, it could be used to mount a Bleichenbacher million-message attack (bsc#968030) - CVE-2016-9132: While decoding BER length fields, an integer overflow could occur leading to a denial-of-service (bsc#1013209) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-Botan-13119=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-Botan-13119=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libbotan-1_6_5-1.6.5-6.1 libbotan-devel-1.6.5-6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): Botan-debuginfo-1.6.5-6.1 Botan-debugsource-1.6.5-6.1 References: https://www.suse.com/security/cve/CVE-2015-7827.html https://www.suse.com/security/cve/CVE-2016-9132.html https://bugzilla.suse.com/1013209 https://bugzilla.suse.com/968030 From sle-updates at lists.suse.com Thu May 18 22:27:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 06:27:55 +0200 (CEST) Subject: SUSE-SU-2017:1352-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20170519042755.5D2C4101C7@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1352-1 Rating: moderate References: #1020376 #1023233 #1024406 #1024714 #1025312 #1026633 #1027426 #1029755 #1031667 #1032256 Cross-References: CVE-2017-7470 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. (bsc#1026633, CVE-2017-7470) Additionally, the following non-security issues have been fixed: cobbler: - Support UEFI boot with cobbler generated tftp tree. (bsc#1020376) - Refresh patch for fuzzless appliance. rhnlib: - Support all TLS versions in rpclib. (bsc#1025312) spacecmd: - Improve output on error for listrepo. (bsc#1027426) - Reword spacecmd removal message. (bsc#1024406) spacewalk-backend: - Do not fail with traceback when media.1 does not exist. (bsc#1032256) - Create scap files directory beforehand. (bsc#1029755) - Fix error if SPACEWALK_DEBUG_NO_REPORTS env variable is not present. - Don't skip 'rhnErrataPackage' cleanup during an errata update. (bsc#1023233) - Add support for running spacewalk-debug without creating reports. (bsc#1024714) - Set scap store directory mod to 775 and group owner to susemanager. - incomplete_package_import: Do import rhnPackageFile as it breaks some package installations. - Added traceback printing to the exception block. - Change postgresql starting commands. spacewalk-client-tools: - Fix reboot message to use correct product name. (bsc#1031667) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-822=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (noarch): koan-2.6.6-45.1 rhnlib-2.5.84.4-17.1 spacecmd-2.5.5.5-34.1 spacewalk-backend-libs-2.5.24.9-51.1 spacewalk-check-2.5.13.8-48.1 spacewalk-client-setup-2.5.13.8-48.1 spacewalk-client-tools-2.5.13.8-48.1 References: https://www.suse.com/security/cve/CVE-2017-7470.html https://bugzilla.suse.com/1020376 https://bugzilla.suse.com/1023233 https://bugzilla.suse.com/1024406 https://bugzilla.suse.com/1024714 https://bugzilla.suse.com/1025312 https://bugzilla.suse.com/1026633 https://bugzilla.suse.com/1027426 https://bugzilla.suse.com/1029755 https://bugzilla.suse.com/1031667 https://bugzilla.suse.com/1032256 From sle-updates at lists.suse.com Thu May 18 22:29:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 06:29:46 +0200 (CEST) Subject: SUSE-RU-2017:1353-1: moderate: Recommended update for Salt Message-ID: <20170519042946.AE247FF3A@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1353-1 Rating: moderate References: #1019386 #1022841 #1023535 #1027044 #1027240 #1027722 #1030009 #1032213 #1032452 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 4 SUSE Enterprise Storage 3 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Refactoring on Zypper and Yum execution and state modules to allow installation of patches/errata. - Fix log rotation permission issue (bsc#1030009) - Use pkg/suse/salt-api.service by this package - Set SHELL environment variable for the salt-api.service. - Fix 'timeout' and 'gather_job_timeout' kwargs parameters for 'local_batch' client. - Add missing bootstrap script for Salt Cloud. (bsc#1032452) - Add missing /var/cache/salt/cloud directory. (bsc#1032213) - Add test case for race conditions on cache directory creation. - Add "pkg.install downloadonly=True" support to yum/dnf execution module. - Makes sure "gather_job_timeout" is an Integer. - Add "pkg.downloaded" state and support for installing patches/erratas. - Merge master_tops output. - Fix race condition on cache directory creation. - Cleanup salt user environment preparation. (bsc#1027722) - Don't send passwords after shim delimiter is found. (bsc#1019386) - Allow to set 'timeout' and 'gather_job_timeout' via kwargs. - Allow to set custom timeouts for 'manage.up' and 'manage.status'. - Define with system for fedora and RHEL 7. (bsc#1027240) - Fix service state returning stacktrace. (bsc#1027044) - Add OpenSCAP Module. - Prevents 'OSError' exception in case certain job cache path doesn't exist. (bsc#1023535) - Fix issue with cp.push. - Fix salt-minion update on RHEL. (bsc#1022841) - Adding new functions to Snapper execution module. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-821=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-821=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-821=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2017-821=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-821=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-821=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-821=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-821=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): salt-2015.8.12-38.1 salt-doc-2015.8.12-38.1 salt-minion-2015.8.12-38.1 - SUSE Manager Server 3.0 (x86_64): salt-2015.8.12-38.1 salt-api-2015.8.12-38.1 salt-doc-2015.8.12-38.1 salt-master-2015.8.12-38.1 salt-minion-2015.8.12-38.1 salt-proxy-2015.8.12-38.1 salt-ssh-2015.8.12-38.1 salt-syndic-2015.8.12-38.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2015.8.12-38.1 salt-zsh-completion-2015.8.12-38.1 - SUSE Manager Proxy 3.0 (x86_64): salt-2015.8.12-38.1 salt-api-2015.8.12-38.1 salt-doc-2015.8.12-38.1 salt-master-2015.8.12-38.1 salt-minion-2015.8.12-38.1 salt-proxy-2015.8.12-38.1 salt-ssh-2015.8.12-38.1 salt-syndic-2015.8.12-38.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2015.8.12-38.1 salt-zsh-completion-2015.8.12-38.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): salt-2015.8.12-38.1 salt-minion-2015.8.12-38.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): salt-2015.8.12-38.1 salt-api-2015.8.12-38.1 salt-cloud-2015.8.12-38.1 salt-doc-2015.8.12-38.1 salt-master-2015.8.12-38.1 salt-minion-2015.8.12-38.1 salt-proxy-2015.8.12-38.1 salt-ssh-2015.8.12-38.1 salt-syndic-2015.8.12-38.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2015.8.12-38.1 salt-zsh-completion-2015.8.12-38.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): salt-2015.8.12-38.1 salt-master-2015.8.12-38.1 salt-minion-2015.8.12-38.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): salt-2015.8.12-38.1 salt-master-2015.8.12-38.1 salt-minion-2015.8.12-38.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): salt-2015.8.12-38.1 salt-minion-2015.8.12-38.1 References: https://bugzilla.suse.com/1019386 https://bugzilla.suse.com/1022841 https://bugzilla.suse.com/1023535 https://bugzilla.suse.com/1027044 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1032213 https://bugzilla.suse.com/1032452 From sle-updates at lists.suse.com Fri May 19 07:11:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 15:11:30 +0200 (CEST) Subject: SUSE-SU-2017:1357-1: moderate: Security update for git Message-ID: <20170519131130.0F2A6101C7@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1357-1 Rating: moderate References: #1038395 Cross-References: CVE-2017-8386 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - git 2.12.3: * CVE-2017-8386: Fix git-shell not to escape with the starting dash name (bsc#1038395) * Fix for potential segv introduced in v2.11.0 and later * Misc fixes and cleanups. - git 2.12.2: * CLI output fixes * "Dump http" transport fixes * various fixes for internal code paths * Trailer "Cc:" RFC fix - git 2.12.1: * Reduce authentication round-trip over HTTP when the server supports just a single authentication method. * "git add -i" patch subcommand fixed to have a path selection * various path verification fixes * fix "git log -L..." buffer overrun Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-830=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-830=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-830=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-830=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-830=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-830=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): git-2.12.3-26.1 git-arch-2.12.3-26.1 git-core-2.12.3-26.1 git-core-debuginfo-2.12.3-26.1 git-cvs-2.12.3-26.1 git-daemon-2.12.3-26.1 git-daemon-debuginfo-2.12.3-26.1 git-debugsource-2.12.3-26.1 git-email-2.12.3-26.1 git-gui-2.12.3-26.1 git-svn-2.12.3-26.1 git-svn-debuginfo-2.12.3-26.1 git-web-2.12.3-26.1 gitk-2.12.3-26.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): git-doc-2.12.3-26.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): git-2.12.3-26.1 git-arch-2.12.3-26.1 git-core-2.12.3-26.1 git-core-debuginfo-2.12.3-26.1 git-cvs-2.12.3-26.1 git-daemon-2.12.3-26.1 git-daemon-debuginfo-2.12.3-26.1 git-debugsource-2.12.3-26.1 git-email-2.12.3-26.1 git-gui-2.12.3-26.1 git-svn-2.12.3-26.1 git-svn-debuginfo-2.12.3-26.1 git-web-2.12.3-26.1 gitk-2.12.3-26.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): git-doc-2.12.3-26.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): git-core-2.12.3-26.1 git-core-debuginfo-2.12.3-26.1 git-debugsource-2.12.3-26.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): git-doc-2.12.3-26.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): git-core-2.12.3-26.1 git-core-debuginfo-2.12.3-26.1 git-debugsource-2.12.3-26.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): git-doc-2.12.3-26.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): git-core-2.12.3-26.1 git-core-debuginfo-2.12.3-26.1 git-debugsource-2.12.3-26.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): git-doc-2.12.3-26.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): git-core-2.12.3-26.1 git-core-debuginfo-2.12.3-26.1 git-debugsource-2.12.3-26.1 References: https://www.suse.com/security/cve/CVE-2017-8386.html https://bugzilla.suse.com/1038395 From sle-updates at lists.suse.com Fri May 19 10:10:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 18:10:05 +0200 (CEST) Subject: SUSE-RU-2017:1359-1: moderate: Recommended update for xorg-x11-libX11 Message-ID: <20170519161005.8FFCC101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1359-1 Rating: moderate References: #1031337 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-libX11 fixes a memory leak that's visible when using gnome-panel. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libX11-13120=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libX11-13120=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libX11-13120=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.71.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.71.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.71.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.71.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libX11-x86-7.4-5.11.71.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.71.1 xorg-x11-libX11-debugsource-7.4-5.11.71.1 References: https://bugzilla.suse.com/1031337 From sle-updates at lists.suse.com Fri May 19 10:10:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 May 2017 18:10:38 +0200 (CEST) Subject: SUSE-SU-2017:1360-1: important: Security update for the Linux Kernel Message-ID: <20170519161038.700BB101C7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1360-1 Rating: important References: #1003077 #1008842 #1009682 #1012620 #1012985 #1015703 #1015787 #1015821 #1017512 #1018100 #1018263 #1018419 #1018446 #1019168 #1019514 #1020048 #1020795 #1021256 #1021374 #1021762 #1021913 #1022559 #1022971 #1023164 #1023207 #1023377 #1023762 #1023824 #1023888 #1023992 #1024081 #1024234 #1024309 #1024508 #1024788 #1025039 #1025235 #1025354 #1025802 #1026024 #1026722 #1026914 #1027066 #1027178 #1027189 #1027190 #1027974 #1028041 #1028415 #1028595 #1028648 #1028895 #1029470 #1029850 #1029986 #1030118 #1030213 #1030593 #1030901 #1031003 #1031052 #1031080 #1031440 #1031567 #1031579 #1031662 #1031842 #1032125 #1032141 #1032344 #1032345 #1033336 #1034670 #103470 #1034700 #1035576 #1035699 #1035738 #1035877 #1036752 #1038261 #799133 #857926 #914939 #917630 #922853 #930399 #931620 #937444 #940946 #954763 #968697 #970083 #971933 #979215 #982783 #983212 #984530 #985561 #988065 #989056 #993832 Cross-References: CVE-2015-1350 CVE-2016-10044 CVE-2016-10200 CVE-2016-10208 CVE-2016-2117 CVE-2016-3070 CVE-2016-5243 CVE-2016-7117 CVE-2016-9191 CVE-2016-9588 CVE-2016-9604 CVE-2017-2647 CVE-2017-2671 CVE-2017-5669 CVE-2017-5897 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 CVE-2017-6353 CVE-2017-6951 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7616 CVE-2017-7645 CVE-2017-8106 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 30 vulnerabilities and has 72 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive various security and bugfixes. Notable new/improved features: - Improved support for Hyper-V - Support for the tcp_westwood TCP scheduling algorithm The following security bugs were fixed: - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel allowed privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer (bsc#1035877). - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. (bsc#1029850). - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. (bsc#1030593) - CVE-2016-9604: This fixes handling of keyrings starting with '.' in KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to manipulate privileged keyrings (bsc#1035576) - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (bnc#1033336). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanaged the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bsc#1015703). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bsc#1023762). - CVE-2017-5986: A race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application (bnc#1008842) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992). - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacts with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190) - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697) - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bsc#914939). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003077). The following non-security bugs were fixed: - ACPI / APEI: Fix NMI notification handling (bsc#917630). - arch: Mass conversion of smp_mb__*() (bsc#1020795). - asm-generic: add __smp_xxx wrappers (bsc#1020795). - block: remove struct request buffer member (bsc#1020795). - block: submit_bio_wait() conversions (bsc#1020795). - bonding: Advertize vxlan offload features when supported (bsc#1009682). - bonding: handle more gso types (bsc#1009682). - bonding: use the correct ether type for alb (bsc#1028595). - btrfs: allow unlink to exceed subvolume quota (bsc#1015821). - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1015821). - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100). - btrfs: make file clone aware of fatal signals (bsc#1015787). - btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1015821). - cancel the setfilesize transation when io error happen (bsc#1028648). - cgroup: remove stray references to css_id (bsc#1020795). - cpuidle: powernv/pseries: Auto-promotion of snooze to deeper idle state (bnc#1023164). - dm: add era target (bsc#1020795). - dm: allow remove to be deferred (bsc#1020795). - dm bitset: only flush the current word if it has been dirtied (bsc#1020795). - dm btree: add dm_btree_find_lowest_key (bsc#1020795). - dm cache: actually resize cache (bsc#1020795). - dm cache: add block sizes and total cache blocks to status output (bsc#1020795). - dm cache: add cache block invalidation support (bsc#1020795). - dm cache: add passthrough mode (bsc#1020795). - dm cache: add policy name to status output (bsc#1020795). - dm cache: add remove_cblock method to policy interface (bsc#1020795). - dm cache: be much more aggressive about promoting writes to discarded blocks (bsc#1020795). - dm cache: cache shrinking support (bsc#1020795). - dm cache: do not add migration to completed list before unhooking bio (bsc#1020795). - dm cache: fix a lock-inversion (bsc#1020795). - dm cache: fix truncation bug when mapping I/O to more than 2TB fast device (bsc#1020795). - dm cache: fix writethrough mode quiescing in cache_map (bsc#1020795). - dm cache: improve efficiency of quiescing flag management (bsc#1020795). - dm cache: io destined for the cache device can now serve as tick bios (bsc#1020795). - dm cache: log error message if dm_kcopyd_copy() fails (bsc#1020795). - dm cache metadata: check the metadata version when reading the superblock (bsc#1020795). - dm cache metadata: return bool from __superblock_all_zeroes (bsc#1020795). - dm cache: move hook_info into common portion of per_bio_data structure (bsc#1020795). - dm cache: optimize commit_if_needed (bsc#1020795). - dm cache policy mq: a few small fixes (bsc#1020795). - dm cache policy mq: fix promotions to occur as expected (bsc#1020795). - dm cache policy mq: implement writeback_work() and mq_{set,clear}_dirty() (bsc#1020795). - dm cache policy mq: introduce three promotion threshold tunables (bsc#1020795). - dm cache policy mq: protect residency method with existing mutex (bsc#1020795). - dm cache policy mq: reduce memory requirements (bsc#1020795). - dm cache policy mq: use list_del_init instead of list_del + INIT_LIST_HEAD (bsc#1020795). - dm cache policy: remove return from void policy_remove_mapping (bsc#1020795). - dm cache: promotion optimisation for writes (bsc#1020795). - dm cache: resolve small nits and improve Documentation (bsc#1020795). - dm cache: return -EINVAL if the user specifies unknown cache policy (bsc#1020795). - dm cache: use cell_defer() boolean argument consistently (bsc#1020795). - dm: change sector_count member in clone_info from sector_t to unsigned (bsc#1020795). - dm crypt: add TCW IV mode for old CBC TCRYPT containers (bsc#1020795). - dm crypt: properly handle extra key string in initialization (bsc#1020795). - dm delay: use per-bio data instead of a mempool and slab cache (bsc#1020795). - dm: fix Kconfig indentation (bsc#1020795). - dm: fix Kconfig menu indentation (bsc#1020795). - dm: make dm_table_alloc_md_mempools static (bsc#1020795). - dm mpath: do not call pg_init when it is already running (bsc#1020795). - dm mpath: fix lock order inconsistency in multipath_ioctl (bsc#1020795). - dm mpath: print more useful warnings in multipath_message() (bsc#1020795). - dm mpath: push back requests instead of queueing (bsc#1020795). - dm mpath: really fix lockdep warning (bsc#1020795). - dm mpath: reduce memory pressure when requeuing (bsc#1020795). - dm mpath: remove extra nesting in map function (bsc#1020795). - dm mpath: remove map_io() (bsc#1020795). - dm mpath: remove process_queued_ios() (bsc#1020795). - dm mpath: requeue I/O during pg_init (bsc#1020795). - dm persistent data: cleanup dm-thin specific references in text (bsc#1020795). - dm snapshot: call destroy_work_on_stack() to pair with INIT_WORK_ONSTACK() (bsc#1020795). - dm snapshot: fix metadata corruption (bsc#1020795). - dm snapshot: prepare for switch to using dm-bufio (bsc#1020795). - dm snapshot: use dm-bufio (bsc#1020795). - dm snapshot: use dm-bufio prefetch (bsc#1020795). - dm snapshot: use GFP_KERNEL when initializing exceptions (bsc#1020795). - dm space map disk: optimise sm_disk_dec_block (bsc#1020795). - dm space map metadata: limit errors in sm_metadata_new_block (bsc#1020795). - dm: stop using bi_private (bsc#1020795). - dm table: add dm_table_run_md_queue_async (bsc#1020795). - dm table: print error on preresume failure (bsc#1020795). - dm table: remove unused buggy code that extends the targets array (bsc#1020795). - dm thin: add error_if_no_space feature (bsc#1020795). - dm thin: add mappings to end of prepared_* lists (bsc#1020795). - dm thin: add 'no_space_timeout' dm-thin-pool module param (bsc#1020795). - dm thin: add timeout to stop out-of-data-space mode holding IO forever (bsc#1020795). - dm thin: allow metadata commit if pool is in PM_OUT_OF_DATA_SPACE mode (bsc#1020795). - dm thin: allow metadata space larger than supported to go unused (bsc#1020795). - dm thin: cleanup and improve no space handling (bsc#1020795). - dm thin: eliminate the no_free_space flag (bsc#1020795). - dm thin: ensure user takes action to validate data and metadata consistency (bsc#1020795). - dm thin: factor out check_low_water_mark and use bools (bsc#1020795). - dm thin: fix deadlock in __requeue_bio_list (bsc#1020795). - dm thin: fix noflush suspend IO queueing (bsc#1020795). - dm thin: fix out of data space handling (bsc#1020795). - dm thin: fix pool feature parsing (bsc#1020795). - dm thin: fix rcu_read_lock being held in code that can sleep (bsc#1020795). - dm thin: handle metadata failures more consistently (bsc#1020795). - dm thin: irqsave must always be used with the pool->lock spinlock (bsc#1020795). - dm thin: log info when growing the data or metadata device (bsc#1020795). - dm thin: requeue bios to DM core if no_free_space and in read-only mode (bsc#1020795). - dm thin: return error from alloc_data_block if pool is not in write mode (bsc#1020795). - dm thin: simplify pool_is_congested (bsc#1020795). - dm thin: sort the per thin deferred bios using an rb_tree (bsc#1020795). - dm thin: synchronize the pool mode during suspend (bsc#1020795). - dm thin: use bool rather than unsigned for flags in structures (bsc#1020795). - dm thin: use INIT_WORK_ONSTACK in noflush_work to avoid ODEBUG warning (bsc#1020795). - dm thin: use per thin device deferred bio lists (bsc#1020795). - dm: use RCU_INIT_POINTER instead of rcu_assign_pointer in __unbind (bsc#1020795). - drm/i915: relax uncritical udelay_range() (bsc#1038261). - ether: add loopback type ETH_P_LOOPBACK (bsc#1028595). - ext4: fix bh leak on error paths in ext4_rename() and ext4_cross_rename() (bsc#1012985). - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - ext4: mark inode dirty after converting inline directory (bsc#1012985). - ftrace: Make ftrace_location_range() global (FATE#322421). - HID: usbhid: improve handling of Clear-Halt and reset (bsc#1031080). - hv: util: catch allocation errors - hv: utils: use memdup_user in hvt_op_write - hwrng: virtio - ensure reads happen after successful probe (bsc#954763 bsc#1032344). - i40e: avoid null pointer dereference (bsc#922853). - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (bsc#985561). - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (bsc#985561). - i40e/i40evf: Rewrite logic for 8 descriptor per packet check (bsc#985561). - i40e: Impose a lower limit on gso size (bsc#985561). - i40e: Limit TX descriptor count in cases where frag size is greater than 16K (bsc#985561). - iommu/vt-d: Flush old iommu caches for kdump when the device gets context mapped (bsc#1023824). - iommu/vt-d: Tylersburg isoch identity map check is done too late (bsc#1032125). - ipv6: make ECMP route replacement less greedy (bsc#930399). - kabi: hide changes in struct sk_buff (bsc#1009682). - KABI: Hide new include in arch/powerpc/kernel/process.c (fate#322421). - kABI: mask struct xfs_icdinode change (bsc#1024788). - kABI: protect struct inet6_dev (kabi). - kABI: protect struct iscsi_conn (bsc#103470). - kABI: protect struct xfs_buftarg and struct xfs_mount (bsc#1024508). - kABI: restore can_rx_register parameters (kabi). - kernel/watchdog: use nmi registers snapshot in hardlockup handler (bsc#940946, bsc#937444). - kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662). - kgr/module: make a taint flag module-specific - kgr: remove unneeded kgr_needs_lazy_migration() s390x definition - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415). - livepatch: Allow architectures to specify an alternate ftrace location (FATE#322421). - locking/semaphore: Add down_interruptible_timeout() (bsc#1031662). - md: avoid oops on unload if some process is in poll or select (bsc#1020795). - md: Convert use of typedef ctl_table to struct ctl_table (bsc#1020795). - md: ensure metadata is writen after raid level change (bsc#1020795). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - md: md_clear_badblocks should return an error code on failure (bsc#1020795). - md: refuse to change shape of array if it is active but read-only (bsc#1020795). - megaraid_sas: add missing curly braces in ioctl handler (bsc#1023207). - megaraid_sas: Fixup tgtid count in megasas_ld_list_query() (bsc#971933). - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118). - mm, memcg: do not retry precharge charges (bnc#1022559). - mm/mempolicy.c: do not put mempolicy before using its nodemask (References: VM Performance, bnc#931620). - mm/page_alloc: fix nodes for reclaim in fast path (bnc#1031842). - module: move add_taint_module() to a header file - net: Add skb_gro_postpull_rcsum to udp and vxlan (bsc#1009682). - net: add skb_pop_rcv_encapsulation (bsc#1009682). - net: Call skb_checksum_init in IPv4 (bsc#1009682). - net: Call skb_checksum_init in IPv6 (bsc#1009682). - netfilter: allow logging fron non-init netns (bsc#970083). - net: Generalize checksum_init functions (bsc#1009682). - net: Preserve CHECKSUM_COMPLETE at validation (bsc#1009682). - NFS: do not try to cross a mountpount when there isn't one there (bsc#1028041). - NFS: Expedite unmount of NFS auto-mounts (bnc#1025802). - NFS: Fix a performance regression in readdir (bsc#857926). - NFS: flush out dirty data on file fput() (bsc#1021762). - ocfs2: do not write error flag to user structure we cannot copy from/to (bsc#1012985). - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895). - powerpc: Create a helper for getting the kernel toc value (FATE#322421). - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971). - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141). - powerpc/fadump: Update fadump documentation (bsc#1032141). - powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel (FATE#322421). - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI (FATE#322421). - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace (FATE#322421). - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421). - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421). - powerpc/kgraft: Add kgraft header (FATE#322421). - powerpc/kgraft: Add kgraft stack to struct thread_info (FATE#322421). - powerpc/kgraft: Add live patching support on ppc64le (FATE#322421). - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421). - powerpc/module: Mark module stubs with a magic value (FATE#322421). - powerpc/module: Only try to generate the ftrace_caller() stub once (FATE#322421). - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount() call (FATE#322421). - powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530). - powerpc/pseries/cpuidle: Remove MAX_IDLE_STATE macro (bnc#1023164). - powerpc/pseries/cpuidle: Use cpuidle_register() for initialisation (bnc#1023164). - powerpc: Reject binutils 2.24 when building little endian (boo#1028895). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#982783,bsc#1020048). - raid1: include bio_end_io_list in nr_queued to prevent freeze_array hang - remove mpath patches from dmcache backport, for bsc#1035738 - revert "procfs: mark thread stack correctly in proc/PID/maps" (bnc#1030901). - Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi). - rtnetlink: allow to register ops without ops->setup set (bsc#1021374). - s390/zcrypt: Introduce CEX6 toleration (FATE#321783, LTC#147506, bsc#1019514). - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting (bsc#1018419). - scsi_error: count medium access timeout only once per EH run (bsc#993832, bsc#1032345). - scsi: libiscsi: add lock around task lists to fix list corruption regression (bsc#1034700). - scsi: storvsc: fix SRB_STATUS_ABORTED handling - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - svcrpc: fix gss-proxy NULL dereference in some error cases (bsc#1024309). - taint/module: Clean up global and module taint flags handling - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913). - thp: fix MADV_DONTNEED vs. numa balancing race (bnc#1027974). - thp: reduce indentation level in change_huge_pmd() (bnc#1027974). - treewide: fix "distingush" typo (bsc#1020795). - tree-wide: use reinit_completion instead of INIT_COMPLETION (bsc#1020795). - usb: dwc3: gadget: Fix incorrect DEPCMD and DGCMD status macros (bsc#1035699). - usb: host: xhci: print correct command ring address (bnc#1035699). - USB: serial: kl5kusb105: fix line-state error handling (bsc#1021256). - vfs: Do not exchange "short" filenames unconditionally (bsc#1012985). - vfs: split generic splice code from i_mutex locking (bsc#1024788). - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065). - VSOCK: Detach QP check should filter out non matching QPs (bsc#1036752). - vxlan: cancel sock_work in vxlan_dellink() (bsc#1031567). - vxlan: Checksum fixes (bsc#1009682). - vxlan: GRO support at tunnel layer (bsc#1009682). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056). - xfs: do not allow di_size with high bit set (bsc#1024234). - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1024508). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix broken multi-fsb buffer logging (bsc#1024081). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: Fix lock ordering in splice write (bsc#1024788). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788). - xfs: pass total block res. as total xfs_bmapi_write() parameter (bsc#1029470). - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-831=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-831=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-831=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-831=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-831=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-831=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.74-60.64.40.1 kernel-default-debugsource-3.12.74-60.64.40.1 kernel-default-extra-3.12.74-60.64.40.1 kernel-default-extra-debuginfo-3.12.74-60.64.40.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.74-60.64.40.1 kernel-obs-build-debugsource-3.12.74-60.64.40.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.74-60.64.40.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.40.1 kernel-default-base-3.12.74-60.64.40.1 kernel-default-base-debuginfo-3.12.74-60.64.40.1 kernel-default-debuginfo-3.12.74-60.64.40.1 kernel-default-debugsource-3.12.74-60.64.40.1 kernel-default-devel-3.12.74-60.64.40.1 kernel-syms-3.12.74-60.64.40.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.74-60.64.40.1 kernel-macros-3.12.74-60.64.40.1 kernel-source-3.12.74-60.64.40.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.40.1 kernel-xen-base-3.12.74-60.64.40.1 kernel-xen-base-debuginfo-3.12.74-60.64.40.1 kernel-xen-debuginfo-3.12.74-60.64.40.1 kernel-xen-debugsource-3.12.74-60.64.40.1 kernel-xen-devel-3.12.74-60.64.40.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.74-60.64.40.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.40.1 kernel-ec2-debuginfo-3.12.74-60.64.40.1 kernel-ec2-debugsource-3.12.74-60.64.40.1 kernel-ec2-devel-3.12.74-60.64.40.1 kernel-ec2-extra-3.12.74-60.64.40.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.40.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_74-60_64_40-default-1-4.1 kgraft-patch-3_12_74-60_64_40-xen-1-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.74-60.64.40.1 kernel-default-debuginfo-3.12.74-60.64.40.1 kernel-default-debugsource-3.12.74-60.64.40.1 kernel-default-devel-3.12.74-60.64.40.1 kernel-default-extra-3.12.74-60.64.40.1 kernel-default-extra-debuginfo-3.12.74-60.64.40.1 kernel-syms-3.12.74-60.64.40.1 kernel-xen-3.12.74-60.64.40.1 kernel-xen-debuginfo-3.12.74-60.64.40.1 kernel-xen-debugsource-3.12.74-60.64.40.1 kernel-xen-devel-3.12.74-60.64.40.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.74-60.64.40.1 kernel-macros-3.12.74-60.64.40.1 kernel-source-3.12.74-60.64.40.1 References: https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2016-10044.html https://www.suse.com/security/cve/CVE-2016-10200.html https://www.suse.com/security/cve/CVE-2016-10208.html https://www.suse.com/security/cve/CVE-2016-2117.html https://www.suse.com/security/cve/CVE-2016-3070.html https://www.suse.com/security/cve/CVE-2016-5243.html https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-9191.html https://www.suse.com/security/cve/CVE-2016-9588.html https://www.suse.com/security/cve/CVE-2016-9604.html https://www.suse.com/security/cve/CVE-2017-2647.html https://www.suse.com/security/cve/CVE-2017-2671.html https://www.suse.com/security/cve/CVE-2017-5669.html https://www.suse.com/security/cve/CVE-2017-5897.html https://www.suse.com/security/cve/CVE-2017-5986.html https://www.suse.com/security/cve/CVE-2017-6074.html https://www.suse.com/security/cve/CVE-2017-6214.html https://www.suse.com/security/cve/CVE-2017-6345.html https://www.suse.com/security/cve/CVE-2017-6346.html https://www.suse.com/security/cve/CVE-2017-6348.html https://www.suse.com/security/cve/CVE-2017-6353.html https://www.suse.com/security/cve/CVE-2017-6951.html https://www.suse.com/security/cve/CVE-2017-7187.html https://www.suse.com/security/cve/CVE-2017-7261.html https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://www.suse.com/security/cve/CVE-2017-7616.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8106.html https://bugzilla.suse.com/1003077 https://bugzilla.suse.com/1008842 https://bugzilla.suse.com/1009682 https://bugzilla.suse.com/1012620 https://bugzilla.suse.com/1012985 https://bugzilla.suse.com/1015703 https://bugzilla.suse.com/1015787 https://bugzilla.suse.com/1015821 https://bugzilla.suse.com/1017512 https://bugzilla.suse.com/1018100 https://bugzilla.suse.com/1018263 https://bugzilla.suse.com/1018419 https://bugzilla.suse.com/1018446 https://bugzilla.suse.com/1019168 https://bugzilla.suse.com/1019514 https://bugzilla.suse.com/1020048 https://bugzilla.suse.com/1020795 https://bugzilla.suse.com/1021256 https://bugzilla.suse.com/1021374 https://bugzilla.suse.com/1021762 https://bugzilla.suse.com/1021913 https://bugzilla.suse.com/1022559 https://bugzilla.suse.com/1022971 https://bugzilla.suse.com/1023164 https://bugzilla.suse.com/1023207 https://bugzilla.suse.com/1023377 https://bugzilla.suse.com/1023762 https://bugzilla.suse.com/1023824 https://bugzilla.suse.com/1023888 https://bugzilla.suse.com/1023992 https://bugzilla.suse.com/1024081 https://bugzilla.suse.com/1024234 https://bugzilla.suse.com/1024309 https://bugzilla.suse.com/1024508 https://bugzilla.suse.com/1024788 https://bugzilla.suse.com/1025039 https://bugzilla.suse.com/1025235 https://bugzilla.suse.com/1025354 https://bugzilla.suse.com/1025802 https://bugzilla.suse.com/1026024 https://bugzilla.suse.com/1026722 https://bugzilla.suse.com/1026914 https://bugzilla.suse.com/1027066 https://bugzilla.suse.com/1027178 https://bugzilla.suse.com/1027189 https://bugzilla.suse.com/1027190 https://bugzilla.suse.com/1027974 https://bugzilla.suse.com/1028041 https://bugzilla.suse.com/1028415 https://bugzilla.suse.com/1028595 https://bugzilla.suse.com/1028648 https://bugzilla.suse.com/1028895 https://bugzilla.suse.com/1029470 https://bugzilla.suse.com/1029850 https://bugzilla.suse.com/1029986 https://bugzilla.suse.com/1030118 https://bugzilla.suse.com/1030213 https://bugzilla.suse.com/1030593 https://bugzilla.suse.com/1030901 https://bugzilla.suse.com/1031003 https://bugzilla.suse.com/1031052 https://bugzilla.suse.com/1031080 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031567 https://bugzilla.suse.com/1031579 https://bugzilla.suse.com/1031662 https://bugzilla.suse.com/1031842 https://bugzilla.suse.com/1032125 https://bugzilla.suse.com/1032141 https://bugzilla.suse.com/1032344 https://bugzilla.suse.com/1032345 https://bugzilla.suse.com/1033336 https://bugzilla.suse.com/1034670 https://bugzilla.suse.com/103470 https://bugzilla.suse.com/1034700 https://bugzilla.suse.com/1035576 https://bugzilla.suse.com/1035699 https://bugzilla.suse.com/1035738 https://bugzilla.suse.com/1035877 https://bugzilla.suse.com/1036752 https://bugzilla.suse.com/1038261 https://bugzilla.suse.com/799133 https://bugzilla.suse.com/857926 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/917630 https://bugzilla.suse.com/922853 https://bugzilla.suse.com/930399 https://bugzilla.suse.com/931620 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/940946 https://bugzilla.suse.com/954763 https://bugzilla.suse.com/968697 https://bugzilla.suse.com/970083 https://bugzilla.suse.com/971933 https://bugzilla.suse.com/979215 https://bugzilla.suse.com/982783 https://bugzilla.suse.com/983212 https://bugzilla.suse.com/984530 https://bugzilla.suse.com/985561 https://bugzilla.suse.com/988065 https://bugzilla.suse.com/989056 https://bugzilla.suse.com/993832 From sle-updates at lists.suse.com Mon May 22 07:09:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2017 15:09:14 +0200 (CEST) Subject: SUSE-SU-2017:1365-1: moderate: Security update for collectd Message-ID: <20170522130914.AFC23101C7@maintenance.suse.de> SUSE Security Update: Security update for collectd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1365-1 Rating: moderate References: #1032307 Cross-References: CVE-2017-7401 Affected Products: SUSE Webyast 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for collectd fixes one issue. This security issue was fixed: - CVE-2017-7401: Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c allowed remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet (bsc#1032307). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-collectd-13121=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-collectd-13121=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): collectd-4.9.4-0.31.1 libcollectdclient-devel-4.9.4-0.31.1 libcollectdclient0-4.9.4-0.31.1 - SUSE Lifecycle Management Server 1.3 (x86_64): collectd-4.9.4-0.31.1 libcollectdclient-devel-4.9.4-0.31.1 libcollectdclient0-4.9.4-0.31.1 References: https://www.suse.com/security/cve/CVE-2017-7401.html https://bugzilla.suse.com/1032307 From sle-updates at lists.suse.com Mon May 22 07:09:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2017 15:09:38 +0200 (CEST) Subject: SUSE-SU-2017:1366-1: moderate: Security update for libxml2 Message-ID: <20170522130938.6036A101C7@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1366-1 Rating: moderate References: #1010675 #1013930 #1014873 #1017497 #876652 Cross-References: CVE-2014-0191 CVE-2016-9318 CVE-2016-9597 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for libxml2 fixes the following issues: * Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] * CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497) * CVE-2014-0191: External parameter entity loaded when entity substitution is disabled could cause a DoS. (bsc#876652) * CVE-2016-9318: XML External Entity (XXE) could be abused via crafted document. (bsc#1010675) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-833=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-833=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-833=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-26.12.1 libxml2-devel-2.9.1-26.12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libxml2-2-2.9.1-26.12.1 libxml2-2-debuginfo-2.9.1-26.12.1 libxml2-debugsource-2.9.1-26.12.1 libxml2-tools-2.9.1-26.12.1 libxml2-tools-debuginfo-2.9.1-26.12.1 python-libxml2-2.9.1-26.12.1 python-libxml2-debuginfo-2.9.1-26.12.1 python-libxml2-debugsource-2.9.1-26.12.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libxml2-2-32bit-2.9.1-26.12.1 libxml2-2-debuginfo-32bit-2.9.1-26.12.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libxml2-doc-2.9.1-26.12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libxml2-2-2.9.1-26.12.1 libxml2-2-32bit-2.9.1-26.12.1 libxml2-2-debuginfo-2.9.1-26.12.1 libxml2-2-debuginfo-32bit-2.9.1-26.12.1 libxml2-debugsource-2.9.1-26.12.1 libxml2-tools-2.9.1-26.12.1 libxml2-tools-debuginfo-2.9.1-26.12.1 python-libxml2-2.9.1-26.12.1 python-libxml2-debuginfo-2.9.1-26.12.1 python-libxml2-debugsource-2.9.1-26.12.1 References: https://www.suse.com/security/cve/CVE-2014-0191.html https://www.suse.com/security/cve/CVE-2016-9318.html https://www.suse.com/security/cve/CVE-2016-9597.html https://bugzilla.suse.com/1010675 https://bugzilla.suse.com/1013930 https://bugzilla.suse.com/1014873 https://bugzilla.suse.com/1017497 https://bugzilla.suse.com/876652 From sle-updates at lists.suse.com Mon May 22 07:10:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2017 15:10:45 +0200 (CEST) Subject: SUSE-SU-2017:1367-1: moderate: Security update for libsndfile Message-ID: <20170522131045.02C30101C7@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1367-1 Rating: moderate References: #1033054 #1033914 #1033915 #1036943 #1036944 #1036945 #1036946 #1038856 Cross-References: CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for libsndfile fixes the following issues: - CVE-2017-8361: Global buffer overflow in flac_buffer_copy. (bsc#1036946) - CVE-2017-8362: Invalid memory read in flac_buffer_copy. (bsc#1036943) - CVE-2017-8363: Heap-based buffer overflow in flac_buffer_copy. (bsc#1036945) - CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: Stack-based buffer overflows via specially crafted FLAC files. (bsc#1033054) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-834=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-834=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-834=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-834=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-834=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-834=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-834=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-35.1 libsndfile-devel-1.0.25-35.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-35.1 libsndfile-devel-1.0.25-35.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsndfile-debugsource-1.0.25-35.1 libsndfile1-1.0.25-35.1 libsndfile1-debuginfo-1.0.25-35.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsndfile-debugsource-1.0.25-35.1 libsndfile1-1.0.25-35.1 libsndfile1-debuginfo-1.0.25-35.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsndfile1-32bit-1.0.25-35.1 libsndfile1-debuginfo-32bit-1.0.25-35.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-35.1 libsndfile1-1.0.25-35.1 libsndfile1-debuginfo-1.0.25-35.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libsndfile1-32bit-1.0.25-35.1 libsndfile1-debuginfo-32bit-1.0.25-35.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsndfile-debugsource-1.0.25-35.1 libsndfile1-1.0.25-35.1 libsndfile1-32bit-1.0.25-35.1 libsndfile1-debuginfo-1.0.25-35.1 libsndfile1-debuginfo-32bit-1.0.25-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsndfile-debugsource-1.0.25-35.1 libsndfile1-1.0.25-35.1 libsndfile1-32bit-1.0.25-35.1 libsndfile1-debuginfo-1.0.25-35.1 libsndfile1-debuginfo-32bit-1.0.25-35.1 References: https://www.suse.com/security/cve/CVE-2017-7585.html https://www.suse.com/security/cve/CVE-2017-7741.html https://www.suse.com/security/cve/CVE-2017-7742.html https://www.suse.com/security/cve/CVE-2017-8361.html https://www.suse.com/security/cve/CVE-2017-8362.html https://www.suse.com/security/cve/CVE-2017-8363.html https://www.suse.com/security/cve/CVE-2017-8365.html https://bugzilla.suse.com/1033054 https://bugzilla.suse.com/1033914 https://bugzilla.suse.com/1033915 https://bugzilla.suse.com/1036943 https://bugzilla.suse.com/1036944 https://bugzilla.suse.com/1036945 https://bugzilla.suse.com/1036946 https://bugzilla.suse.com/1038856 From sle-updates at lists.suse.com Mon May 22 07:11:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2017 15:11:59 +0200 (CEST) Subject: SUSE-SU-2017:1368-1: moderate: Security update for libplist Message-ID: <20170522131159.396C0101C7@maintenance.suse.de> SUSE Security Update: Security update for libplist ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1368-1 Rating: moderate References: #1019531 #1021610 #1023807 #1023822 #1023848 #1029631 #1035312 Cross-References: CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6440 CVE-2017-7982 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for libplist fixes the following security issues: - CVE-2017-5545: The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. (bsc#1021610). - CVE-2017-5209: The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. (bsc#1019531) - CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807) - CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822) - CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed (bsc#1023848) - CVE-2017-7982: Denial of service (heap-based buffer over-read and application crash) via a crafted plist file (bsc#1035312) - CVE-2017-6440: A specially crafted plist file could lead to denial of service (bsc#1029631) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-835=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-835=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-835=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-835=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-835=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libplist++1-1.8-10.9.1 libplist++1-debuginfo-1.8-10.9.1 libplist-debugsource-1.8-10.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libplist++1-1.8-10.9.1 libplist++1-debuginfo-1.8-10.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libplist++-devel-1.8-10.9.1 libplist++1-1.8-10.9.1 libplist++1-debuginfo-1.8-10.9.1 libplist-debugsource-1.8-10.9.1 libplist-devel-1.8-10.9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libplist-debugsource-1.8-10.9.1 libplist1-1.8-10.9.1 libplist1-debuginfo-1.8-10.9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libplist++1-1.8-10.9.1 libplist++1-debuginfo-1.8-10.9.1 libplist-debugsource-1.8-10.9.1 libplist1-1.8-10.9.1 libplist1-debuginfo-1.8-10.9.1 References: https://www.suse.com/security/cve/CVE-2017-5209.html https://www.suse.com/security/cve/CVE-2017-5545.html https://www.suse.com/security/cve/CVE-2017-5834.html https://www.suse.com/security/cve/CVE-2017-5835.html https://www.suse.com/security/cve/CVE-2017-5836.html https://www.suse.com/security/cve/CVE-2017-6440.html https://www.suse.com/security/cve/CVE-2017-7982.html https://bugzilla.suse.com/1019531 https://bugzilla.suse.com/1021610 https://bugzilla.suse.com/1023807 https://bugzilla.suse.com/1023822 https://bugzilla.suse.com/1023848 https://bugzilla.suse.com/1029631 https://bugzilla.suse.com/1035312 From sle-updates at lists.suse.com Mon May 22 10:09:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 May 2017 18:09:33 +0200 (CEST) Subject: SUSE-RU-2017:1369-1: Recommended update for release-notes-rte Message-ID: <20170522160933.4AEC1FF3A@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-rte ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1369-1 Rating: low References: #1039161 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE Linux Enterprise Real Time 12 SP2 were updated to document: - Availability of SCHED_DEADLINE scheduling class as a Technology Preview. (fate#322001) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP2: zypper in -t patch SUSE-SLE-RT-12-SP2-2017-837=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP2 (noarch): release-notes-rte-12.2.20170202-14.2 References: https://bugzilla.suse.com/1039161 From sle-updates at lists.suse.com Mon May 22 16:09:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 00:09:15 +0200 (CEST) Subject: SUSE-RU-2017:1372-1: moderate: Recommended update for postgresql94 Message-ID: <20170522220915.3AF8B101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1372-1 Rating: moderate References: #1029547 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides PostgreSQL 9.4.11, which brings fixes and enhancements: - Fix a race condition that could cause indexes built with CREATE INDEX CONCURRENTLY to be corrupt. - Fixes for visibility and write-ahead-log stability. - Fix WAL-logging of truncated relations. - Fix pg_upgrade issues on big-endian machines. For a comprehensive list of bug fixes, please refer to the release notes: - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-838=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-838=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-838=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-838=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-838=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-838=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-838=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): postgresql94-devel-9.4.11-17.1 postgresql94-devel-debuginfo-9.4.11-17.1 postgresql94-libs-debugsource-9.4.11-17.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): postgresql94-devel-9.4.11-17.1 postgresql94-devel-debuginfo-9.4.11-17.1 postgresql94-libs-debugsource-9.4.11-17.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libecpg6-9.4.11-17.1 libecpg6-debuginfo-9.4.11-17.1 libpq5-9.4.11-17.1 libpq5-debuginfo-9.4.11-17.1 postgresql94-9.4.11-17.1 postgresql94-contrib-9.4.11-17.1 postgresql94-contrib-debuginfo-9.4.11-17.1 postgresql94-debuginfo-9.4.11-17.1 postgresql94-debugsource-9.4.11-17.1 postgresql94-libs-debugsource-9.4.11-17.1 postgresql94-server-9.4.11-17.1 postgresql94-server-debuginfo-9.4.11-17.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): postgresql94-docs-9.4.11-17.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libecpg6-9.4.11-17.1 libecpg6-debuginfo-9.4.11-17.1 libpq5-9.4.11-17.1 libpq5-debuginfo-9.4.11-17.1 postgresql94-9.4.11-17.1 postgresql94-contrib-9.4.11-17.1 postgresql94-contrib-debuginfo-9.4.11-17.1 postgresql94-debuginfo-9.4.11-17.1 postgresql94-debugsource-9.4.11-17.1 postgresql94-libs-debugsource-9.4.11-17.1 postgresql94-server-9.4.11-17.1 postgresql94-server-debuginfo-9.4.11-17.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): postgresql94-docs-9.4.11-17.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpq5-32bit-9.4.11-17.1 libpq5-debuginfo-32bit-9.4.11-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libecpg6-9.4.11-17.1 libecpg6-debuginfo-9.4.11-17.1 libpq5-9.4.11-17.1 libpq5-debuginfo-9.4.11-17.1 postgresql94-9.4.11-17.1 postgresql94-contrib-9.4.11-17.1 postgresql94-contrib-debuginfo-9.4.11-17.1 postgresql94-debuginfo-9.4.11-17.1 postgresql94-debugsource-9.4.11-17.1 postgresql94-libs-debugsource-9.4.11-17.1 postgresql94-server-9.4.11-17.1 postgresql94-server-debuginfo-9.4.11-17.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpq5-32bit-9.4.11-17.1 libpq5-debuginfo-32bit-9.4.11-17.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): postgresql94-docs-9.4.11-17.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libecpg6-9.4.11-17.1 libecpg6-debuginfo-9.4.11-17.1 libpq5-32bit-9.4.11-17.1 libpq5-9.4.11-17.1 libpq5-debuginfo-32bit-9.4.11-17.1 libpq5-debuginfo-9.4.11-17.1 postgresql94-9.4.11-17.1 postgresql94-debuginfo-9.4.11-17.1 postgresql94-debugsource-9.4.11-17.1 postgresql94-libs-debugsource-9.4.11-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libecpg6-9.4.11-17.1 libecpg6-debuginfo-9.4.11-17.1 libpq5-32bit-9.4.11-17.1 libpq5-9.4.11-17.1 libpq5-debuginfo-32bit-9.4.11-17.1 libpq5-debuginfo-9.4.11-17.1 postgresql94-9.4.11-17.1 postgresql94-debuginfo-9.4.11-17.1 postgresql94-debugsource-9.4.11-17.1 postgresql94-libs-debugsource-9.4.11-17.1 References: https://bugzilla.suse.com/1029547 From sle-updates at lists.suse.com Mon May 22 16:09:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 00:09:36 +0200 (CEST) Subject: SUSE-RU-2017:1373-1: Recommended update for python-dmidecode Message-ID: <20170522220936.E1BEB101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dmidecode ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1373-1 Rating: low References: #1036061 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-dmidecode provides the following fixes: - Use correct data type DWORD for extended memory size. (bsc#1036061) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-839=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-839=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-839=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-839=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-839=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-839=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python-dmidecode-3.12.1-13.1 python-dmidecode-debuginfo-3.12.1-13.1 python-dmidecode-debugsource-3.12.1-13.1 - SUSE Manager Server 3.0 (x86_64): python-dmidecode-3.12.1-13.1 python-dmidecode-debuginfo-3.12.1-13.1 python-dmidecode-debugsource-3.12.1-13.1 - SUSE Manager Proxy 3.0 (x86_64): python-dmidecode-3.12.1-13.1 python-dmidecode-debuginfo-3.12.1-13.1 python-dmidecode-debugsource-3.12.1-13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): python-dmidecode-3.12.1-13.1 python-dmidecode-debuginfo-3.12.1-13.1 python-dmidecode-debugsource-3.12.1-13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): python-dmidecode-3.12.1-13.1 python-dmidecode-debuginfo-3.12.1-13.1 python-dmidecode-debugsource-3.12.1-13.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): python-dmidecode-3.12.1-13.1 python-dmidecode-debuginfo-3.12.1-13.1 python-dmidecode-debugsource-3.12.1-13.1 References: https://bugzilla.suse.com/1036061 From sle-updates at lists.suse.com Tue May 23 10:09:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 18:09:57 +0200 (CEST) Subject: SUSE-OU-2017:1377-1: Optional update for openldap2 Message-ID: <20170523160957.20670F7C0@maintenance.suse.de> SUSE Optional Update: Optional update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1377-1 Rating: low References: #1033210 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for openldap2 provides the following feature and bug fix: A new openldap2-openssl1 package is added for the SECURITY Module, which contains a TLS 1.2 enabled slapd. The openldap2-openssl1 package can be additionally installed and starting the "ldap" sysvinit service will then use this. (FATE#320397 bsc#1033210) Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openldap2-13122=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): openldap2-devel-2.4.26-0.17.30.1 References: https://bugzilla.suse.com/1033210 From sle-updates at lists.suse.com Tue May 23 10:10:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 18:10:19 +0200 (CEST) Subject: SUSE-RU-2017:1378-1: Recommended update for s390-tools Message-ID: <20170523161019.91354101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1378-1 Rating: low References: #1028105 #931634 #965263 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for s390-tools fixes the following issues: - Fix cio_ignore boot order dependencies to avoid boot failure in some special configurations. (bsc#965263) - Skip partition check and BLKRRPART ioctl for emulated devices. (bsc#931634) - Fix detection of the STHYI instruction on z/VM 6.2. (bsc#1028105) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-842=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-842=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x): qclib-devel-1.0.0-7.1 qclib-devel-debuginfo-1.0.0-7.1 qclib-devel-debugsource-1.0.0-7.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): osasnmpd-1.24.1-58.16 osasnmpd-debuginfo-1.24.1-58.16 s390-tools-1.24.1-58.16 s390-tools-debuginfo-1.24.1-58.16 s390-tools-debugsource-1.24.1-58.16 s390-tools-hmcdrvfs-1.24.1-58.16 s390-tools-hmcdrvfs-debuginfo-1.24.1-58.16 s390-tools-zdsfs-1.24.1-58.16 s390-tools-zdsfs-debuginfo-1.24.1-58.16 References: https://bugzilla.suse.com/1028105 https://bugzilla.suse.com/931634 https://bugzilla.suse.com/965263 From sle-updates at lists.suse.com Tue May 23 13:09:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 21:09:14 +0200 (CEST) Subject: SUSE-SU-2017:1379-1: moderate: Security update for libplist Message-ID: <20170523190914.547C6101C7@maintenance.suse.de> SUSE Security Update: Security update for libplist ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1379-1 Rating: moderate References: #1019531 #1021610 #1023807 #1023822 #1023848 #1029631 #1035312 Cross-References: CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6440 CVE-2017-7982 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for libplist fixes the following issues: - CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531). - CVE-2017-5545: The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. (bsc#1021610). - CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807) - CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822) - CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed. (bsc#1023848) - CVE-2017-6440: Ensure that sanity checks work on 32-bit platforms. (bsc#1029631) - CVE-2017-7982: Add some safety checks, backported from upstream (bsc#1035312). - CVE-2017-5836: A maliciously crafted file could cause the application to crash. (bsc#1023807). - CVE-2017-5835: Malicious crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU (bsc#1023822) - CVE-2017-5834: Maliciou crafted file could cause a heap buffer overflow or segmentation fault (bsc#1023848) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-849=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-849=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-849=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-849=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-849=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libplist++3-1.12-19.1 libplist++3-debuginfo-1.12-19.1 libplist-debugsource-1.12-19.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libplist++-devel-1.12-19.1 libplist-debugsource-1.12-19.1 libplist-devel-1.12-19.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libplist-debugsource-1.12-19.1 libplist3-1.12-19.1 libplist3-debuginfo-1.12-19.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libplist-debugsource-1.12-19.1 libplist3-1.12-19.1 libplist3-debuginfo-1.12-19.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libplist++3-1.12-19.1 libplist++3-debuginfo-1.12-19.1 libplist-debugsource-1.12-19.1 libplist3-1.12-19.1 libplist3-debuginfo-1.12-19.1 References: https://www.suse.com/security/cve/CVE-2017-5209.html https://www.suse.com/security/cve/CVE-2017-5545.html https://www.suse.com/security/cve/CVE-2017-5834.html https://www.suse.com/security/cve/CVE-2017-5835.html https://www.suse.com/security/cve/CVE-2017-5836.html https://www.suse.com/security/cve/CVE-2017-6440.html https://www.suse.com/security/cve/CVE-2017-7982.html https://bugzilla.suse.com/1019531 https://bugzilla.suse.com/1021610 https://bugzilla.suse.com/1023807 https://bugzilla.suse.com/1023822 https://bugzilla.suse.com/1023848 https://bugzilla.suse.com/1029631 https://bugzilla.suse.com/1035312 From sle-updates at lists.suse.com Tue May 23 13:10:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 21:10:19 +0200 (CEST) Subject: SUSE-RU-2017:1380-1: moderate: Recommended update for multipath-tools Message-ID: <20170523191019.335DF101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1380-1 Rating: moderate References: #1005255 #1007202 #1019798 #1025602 #984957 #991432 #995633 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Fix check for new path states. (bsc#1019798) - Set DI_SERIAL in 'multipath -ll' output. (bsc#1007202) - Remove calls to dm_udev_complete. (bsc#1025602) - Add support for read-only bindings. (bsc#995633) - Fix issues with user_friendly_names initramfs bindings. (bsc#1005255) - Add HP MSA 2040 to hardware table. (bsc#984957) - Add 'wwn' and 'serial' keyword to weightedpath prioritizer. (bsc#991432) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-multipath-tools-13126=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-multipath-tools-13126=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kpartx-0.4.9-122.1 multipath-tools-0.4.9-122.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): multipath-tools-debuginfo-0.4.9-122.1 multipath-tools-debugsource-0.4.9-122.1 References: https://bugzilla.suse.com/1005255 https://bugzilla.suse.com/1007202 https://bugzilla.suse.com/1019798 https://bugzilla.suse.com/1025602 https://bugzilla.suse.com/984957 https://bugzilla.suse.com/991432 https://bugzilla.suse.com/995633 From sle-updates at lists.suse.com Tue May 23 13:11:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 21:11:53 +0200 (CEST) Subject: SUSE-SU-2017:1382-1: important: Security update for tomcat Message-ID: <20170523191153.0A61F101C7@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1382-1 Rating: important References: #1015119 #1033447 #1033448 Cross-References: CVE-2016-8745 CVE-2017-5647 CVE-2017-5648 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448) - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447) - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-848=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): tomcat-8.0.43-10.19.1 tomcat-admin-webapps-8.0.43-10.19.1 tomcat-docs-webapp-8.0.43-10.19.1 tomcat-el-3_0-api-8.0.43-10.19.1 tomcat-javadoc-8.0.43-10.19.1 tomcat-jsp-2_3-api-8.0.43-10.19.1 tomcat-lib-8.0.43-10.19.1 tomcat-servlet-3_1-api-8.0.43-10.19.1 tomcat-webapps-8.0.43-10.19.1 References: https://www.suse.com/security/cve/CVE-2016-8745.html https://www.suse.com/security/cve/CVE-2017-5647.html https://www.suse.com/security/cve/CVE-2017-5648.html https://bugzilla.suse.com/1015119 https://bugzilla.suse.com/1033447 https://bugzilla.suse.com/1033448 From sle-updates at lists.suse.com Tue May 23 13:13:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 21:13:04 +0200 (CEST) Subject: SUSE-SU-2017:1384-1: important: Security update for java-1_7_0-ibm Message-ID: <20170523191304.80B70101C7@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1384-1 Rating: important References: #1038505 Cross-References: CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: Version update to 7.0-10.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-13124=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-13124=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr10.5-64.1 java-1_7_0-ibm-devel-1.7.0_sr10.5-64.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.5-64.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr10.5-64.1 java-1_7_0-ibm-plugin-1.7.0_sr10.5-64.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.5-64.1 java-1_7_0-ibm-alsa-1.7.0_sr10.5-64.1 java-1_7_0-ibm-devel-1.7.0_sr10.5-64.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.5-64.1 java-1_7_0-ibm-plugin-1.7.0_sr10.5-64.1 References: https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-1289.html https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3511.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1038505 From sle-updates at lists.suse.com Tue May 23 13:13:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 21:13:30 +0200 (CEST) Subject: SUSE-SU-2017:1385-1: important: Security update for java-1_7_1-ibm Message-ID: <20170523191330.381C5101C7@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1385-1 Rating: important References: #1038505 Cross-References: CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-847=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-847=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-847=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-847=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-847=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-847=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.5-37.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.5-37.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): java-1_7_1-ibm-1.7.1_sr4.5-37.1 java-1_7_1-ibm-alsa-1.7.1_sr4.5-37.1 java-1_7_1-ibm-devel-1.7.1_sr4.5-37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.5-37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.5-37.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.5-37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.5-37.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.5-37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.5-37.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.5-37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.5-37.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.5-37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.5-37.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.5-37.1 java-1_7_1-ibm-devel-1.7.1_sr4.5-37.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.5-37.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.5-37.1 java-1_7_1-ibm-plugin-1.7.1_sr4.5-37.1 References: https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-1289.html https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3511.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1038505 From sle-updates at lists.suse.com Tue May 23 13:14:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 21:14:03 +0200 (CEST) Subject: SUSE-SU-2017:1386-1: important: Security update for java-1_8_0-ibm Message-ID: <20170523191403.9305E101C7@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1386-1 Rating: important References: #1038505 Cross-References: CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Version update bsc#1038505: - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-844=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-844=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-844=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-844=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.5-29.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.5-29.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr4.5-29.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.5-29.1 java-1_8_0-ibm-plugin-1.8.0_sr4.5-29.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr4.5-29.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.5-29.1 java-1_8_0-ibm-plugin-1.8.0_sr4.5-29.1 References: https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-1289.html https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3511.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1038505 From sle-updates at lists.suse.com Tue May 23 13:14:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 21:14:26 +0200 (CEST) Subject: SUSE-SU-2017:1387-1: important: Security update for java-1_7_1-ibm Message-ID: <20170523191426.44BDA101C7@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1387-1 Rating: important References: #1038505 Cross-References: CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-13123=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-13123=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.5-25.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.5-25.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.5-25.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.5-25.1 java-1_7_1-ibm-plugin-1.7.1_sr4.5-25.1 References: https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-1289.html https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3511.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1038505 From sle-updates at lists.suse.com Tue May 23 13:14:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 21:14:49 +0200 (CEST) Subject: SUSE-RU-2017:1388-1: Recommended update for SuSEfirewall2 Message-ID: <20170523191449.83E4B101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for SuSEfirewall2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1388-1 Rating: low References: #1039281 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SuSEfirewall2 fixes the following issues: - Correctly install /etc/sysconfig/SuSEfirewall2 (bsc#1039281) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-SuSEfirewall2-13125=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): SuSEfirewall2-3.6_SVNr208-2.17.1 References: https://bugzilla.suse.com/1039281 From sle-updates at lists.suse.com Tue May 23 13:15:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 May 2017 21:15:10 +0200 (CEST) Subject: SUSE-SU-2017:1389-1: important: Security update for java-1_6_0-ibm Message-ID: <20170523191510.98DD7101C7@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1389-1 Rating: important References: #1027038 #1038505 Cross-References: CVE-2016-2183 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.45 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2017-843=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.45-49.1 java-1_6_0-ibm-fonts-1.6.0_sr16.45-49.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.45-49.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.45-49.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-1289.html https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3514.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1027038 https://bugzilla.suse.com/1038505 From sle-updates at lists.suse.com Wed May 24 07:09:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 15:09:26 +0200 (CEST) Subject: SUSE-SU-2017:1391-1: important: Security update for samba Message-ID: <20170524130926.CB168101C7@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1391-1 Rating: important References: #1038231 Cross-References: CVE-2017-7494 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-samba-13127=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-samba-13127=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-samba-13127=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-13127=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-13127=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-13127=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-93.1 libnetapi-devel-3.6.3-93.1 libnetapi0-3.6.3-93.1 libsmbclient-devel-3.6.3-93.1 libsmbsharemodes-devel-3.6.3-93.1 libsmbsharemodes0-3.6.3-93.1 libtalloc-devel-3.6.3-93.1 libtdb-devel-3.6.3-93.1 libtevent-devel-3.6.3-93.1 libwbclient-devel-3.6.3-93.1 samba-devel-3.6.3-93.1 samba-test-3.6.3-93.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-93.1 libldb1-3.6.3-93.1 libsmbclient0-3.6.3-93.1 libtalloc2-3.6.3-93.1 libtdb1-3.6.3-93.1 libtevent0-3.6.3-93.1 libwbclient0-3.6.3-93.1 samba-3.6.3-93.1 samba-client-3.6.3-93.1 samba-krb-printing-3.6.3-93.1 samba-winbind-3.6.3-93.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-93.1 libtalloc2-32bit-3.6.3-93.1 libtdb1-32bit-3.6.3-93.1 libtevent0-32bit-3.6.3-93.1 libwbclient0-32bit-3.6.3-93.1 samba-32bit-3.6.3-93.1 samba-client-32bit-3.6.3-93.1 samba-winbind-32bit-3.6.3-93.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): samba-doc-3.6.3-93.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsmbclient0-x86-3.6.3-93.1 libtalloc2-x86-3.6.3-93.1 libtdb1-x86-3.6.3-93.1 libtevent0-x86-3.6.3-93.1 libwbclient0-x86-3.6.3-93.1 samba-client-x86-3.6.3-93.1 samba-winbind-x86-3.6.3-93.1 samba-x86-3.6.3-93.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ldapsmb-1.34b-93.1 libldb1-3.6.3-93.1 libsmbclient0-3.6.3-93.1 libtalloc2-3.6.3-93.1 libtdb1-3.6.3-93.1 libtevent0-3.6.3-93.1 libwbclient0-3.6.3-93.1 samba-3.6.3-93.1 samba-client-3.6.3-93.1 samba-krb-printing-3.6.3-93.1 samba-winbind-3.6.3-93.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-93.1 libtalloc2-32bit-3.6.3-93.1 libtdb1-32bit-3.6.3-93.1 libtevent0-32bit-3.6.3-93.1 libwbclient0-32bit-3.6.3-93.1 samba-32bit-3.6.3-93.1 samba-client-32bit-3.6.3-93.1 samba-winbind-32bit-3.6.3-93.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): samba-doc-3.6.3-93.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-93.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-93.1 libldb1-3.6.3-93.1 libsmbclient0-3.6.3-93.1 libtalloc2-3.6.3-93.1 libtdb1-3.6.3-93.1 libtevent0-3.6.3-93.1 libwbclient0-3.6.3-93.1 samba-3.6.3-93.1 samba-client-3.6.3-93.1 samba-krb-printing-3.6.3-93.1 samba-winbind-3.6.3-93.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-93.1 samba-debugsource-3.6.3-93.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-93.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): samba-debuginfo-x86-3.6.3-93.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-93.1 samba-debugsource-3.6.3-93.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-93.1 References: https://www.suse.com/security/cve/CVE-2017-7494.html https://bugzilla.suse.com/1038231 From sle-updates at lists.suse.com Wed May 24 07:09:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 15:09:55 +0200 (CEST) Subject: SUSE-SU-2017:1392-1: important: Security update for samba Message-ID: <20170524130955.27B0E101C7@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1392-1 Rating: important References: #1038231 Cross-References: CVE-2017-7494 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-854=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-854=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-854=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-854=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-854=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-854=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-854=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-854=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): samba-test-devel-4.2.4-28.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ctdb-debuginfo-4.2.4-28.14.1 ctdb-devel-4.2.4-28.14.1 libdcerpc-atsvc-devel-4.2.4-28.14.1 libdcerpc-atsvc0-4.2.4-28.14.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.14.1 libdcerpc-devel-4.2.4-28.14.1 libdcerpc-samr-devel-4.2.4-28.14.1 libdcerpc-samr0-4.2.4-28.14.1 libdcerpc-samr0-debuginfo-4.2.4-28.14.1 libgensec-devel-4.2.4-28.14.1 libndr-devel-4.2.4-28.14.1 libndr-krb5pac-devel-4.2.4-28.14.1 libndr-nbt-devel-4.2.4-28.14.1 libndr-standard-devel-4.2.4-28.14.1 libnetapi-devel-4.2.4-28.14.1 libregistry-devel-4.2.4-28.14.1 libsamba-credentials-devel-4.2.4-28.14.1 libsamba-hostconfig-devel-4.2.4-28.14.1 libsamba-passdb-devel-4.2.4-28.14.1 libsamba-policy-devel-4.2.4-28.14.1 libsamba-policy0-4.2.4-28.14.1 libsamba-policy0-debuginfo-4.2.4-28.14.1 libsamba-util-devel-4.2.4-28.14.1 libsamdb-devel-4.2.4-28.14.1 libsmbclient-devel-4.2.4-28.14.1 libsmbclient-raw-devel-4.2.4-28.14.1 libsmbconf-devel-4.2.4-28.14.1 libsmbldap-devel-4.2.4-28.14.1 libtevent-util-devel-4.2.4-28.14.1 libwbclient-devel-4.2.4-28.14.1 samba-core-devel-4.2.4-28.14.1 samba-debuginfo-4.2.4-28.14.1 samba-debugsource-4.2.4-28.14.1 samba-test-devel-4.2.4-28.14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-atsvc0-4.2.4-28.14.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libdcerpc-atsvc0-4.2.4-28.14.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-28.14.1 libdcerpc-binding0-debuginfo-4.2.4-28.14.1 libdcerpc0-4.2.4-28.14.1 libdcerpc0-debuginfo-4.2.4-28.14.1 libgensec0-4.2.4-28.14.1 libgensec0-debuginfo-4.2.4-28.14.1 libndr-krb5pac0-4.2.4-28.14.1 libndr-krb5pac0-debuginfo-4.2.4-28.14.1 libndr-nbt0-4.2.4-28.14.1 libndr-nbt0-debuginfo-4.2.4-28.14.1 libndr-standard0-4.2.4-28.14.1 libndr-standard0-debuginfo-4.2.4-28.14.1 libndr0-4.2.4-28.14.1 libndr0-debuginfo-4.2.4-28.14.1 libnetapi0-4.2.4-28.14.1 libnetapi0-debuginfo-4.2.4-28.14.1 libregistry0-4.2.4-28.14.1 libregistry0-debuginfo-4.2.4-28.14.1 libsamba-credentials0-4.2.4-28.14.1 libsamba-credentials0-debuginfo-4.2.4-28.14.1 libsamba-hostconfig0-4.2.4-28.14.1 libsamba-hostconfig0-debuginfo-4.2.4-28.14.1 libsamba-passdb0-4.2.4-28.14.1 libsamba-passdb0-debuginfo-4.2.4-28.14.1 libsamba-util0-4.2.4-28.14.1 libsamba-util0-debuginfo-4.2.4-28.14.1 libsamdb0-4.2.4-28.14.1 libsamdb0-debuginfo-4.2.4-28.14.1 libsmbclient-raw0-4.2.4-28.14.1 libsmbclient-raw0-debuginfo-4.2.4-28.14.1 libsmbclient0-4.2.4-28.14.1 libsmbclient0-debuginfo-4.2.4-28.14.1 libsmbconf0-4.2.4-28.14.1 libsmbconf0-debuginfo-4.2.4-28.14.1 libsmbldap0-4.2.4-28.14.1 libsmbldap0-debuginfo-4.2.4-28.14.1 libtevent-util0-4.2.4-28.14.1 libtevent-util0-debuginfo-4.2.4-28.14.1 libwbclient0-4.2.4-28.14.1 libwbclient0-debuginfo-4.2.4-28.14.1 samba-4.2.4-28.14.1 samba-client-4.2.4-28.14.1 samba-client-debuginfo-4.2.4-28.14.1 samba-debuginfo-4.2.4-28.14.1 samba-debugsource-4.2.4-28.14.1 samba-libs-4.2.4-28.14.1 samba-libs-debuginfo-4.2.4-28.14.1 samba-winbind-4.2.4-28.14.1 samba-winbind-debuginfo-4.2.4-28.14.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.14.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.14.1 libdcerpc0-32bit-4.2.4-28.14.1 libdcerpc0-debuginfo-32bit-4.2.4-28.14.1 libgensec0-32bit-4.2.4-28.14.1 libgensec0-debuginfo-32bit-4.2.4-28.14.1 libndr-krb5pac0-32bit-4.2.4-28.14.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.14.1 libndr-nbt0-32bit-4.2.4-28.14.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.14.1 libndr-standard0-32bit-4.2.4-28.14.1 libndr-standard0-debuginfo-32bit-4.2.4-28.14.1 libndr0-32bit-4.2.4-28.14.1 libndr0-debuginfo-32bit-4.2.4-28.14.1 libnetapi0-32bit-4.2.4-28.14.1 libnetapi0-debuginfo-32bit-4.2.4-28.14.1 libsamba-credentials0-32bit-4.2.4-28.14.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.14.1 libsamba-hostconfig0-32bit-4.2.4-28.14.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.14.1 libsamba-passdb0-32bit-4.2.4-28.14.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.14.1 libsamba-util0-32bit-4.2.4-28.14.1 libsamba-util0-debuginfo-32bit-4.2.4-28.14.1 libsamdb0-32bit-4.2.4-28.14.1 libsamdb0-debuginfo-32bit-4.2.4-28.14.1 libsmbclient-raw0-32bit-4.2.4-28.14.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.14.1 libsmbclient0-32bit-4.2.4-28.14.1 libsmbclient0-debuginfo-32bit-4.2.4-28.14.1 libsmbconf0-32bit-4.2.4-28.14.1 libsmbconf0-debuginfo-32bit-4.2.4-28.14.1 libsmbldap0-32bit-4.2.4-28.14.1 libsmbldap0-debuginfo-32bit-4.2.4-28.14.1 libtevent-util0-32bit-4.2.4-28.14.1 libtevent-util0-debuginfo-32bit-4.2.4-28.14.1 libwbclient0-32bit-4.2.4-28.14.1 libwbclient0-debuginfo-32bit-4.2.4-28.14.1 samba-32bit-4.2.4-28.14.1 samba-client-32bit-4.2.4-28.14.1 samba-client-debuginfo-32bit-4.2.4-28.14.1 samba-debuginfo-32bit-4.2.4-28.14.1 samba-libs-32bit-4.2.4-28.14.1 samba-libs-debuginfo-32bit-4.2.4-28.14.1 samba-winbind-32bit-4.2.4-28.14.1 samba-winbind-debuginfo-32bit-4.2.4-28.14.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): samba-doc-4.2.4-28.14.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ctdb-4.2.4-28.14.1 ctdb-debuginfo-4.2.4-28.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-atsvc0-4.2.4-28.14.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.14.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): samba-doc-4.2.4-28.14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-28.14.1 libdcerpc-binding0-4.2.4-28.14.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.14.1 libdcerpc-binding0-debuginfo-4.2.4-28.14.1 libdcerpc0-32bit-4.2.4-28.14.1 libdcerpc0-4.2.4-28.14.1 libdcerpc0-debuginfo-32bit-4.2.4-28.14.1 libdcerpc0-debuginfo-4.2.4-28.14.1 libgensec0-32bit-4.2.4-28.14.1 libgensec0-4.2.4-28.14.1 libgensec0-debuginfo-32bit-4.2.4-28.14.1 libgensec0-debuginfo-4.2.4-28.14.1 libndr-krb5pac0-32bit-4.2.4-28.14.1 libndr-krb5pac0-4.2.4-28.14.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.14.1 libndr-krb5pac0-debuginfo-4.2.4-28.14.1 libndr-nbt0-32bit-4.2.4-28.14.1 libndr-nbt0-4.2.4-28.14.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.14.1 libndr-nbt0-debuginfo-4.2.4-28.14.1 libndr-standard0-32bit-4.2.4-28.14.1 libndr-standard0-4.2.4-28.14.1 libndr-standard0-debuginfo-32bit-4.2.4-28.14.1 libndr-standard0-debuginfo-4.2.4-28.14.1 libndr0-32bit-4.2.4-28.14.1 libndr0-4.2.4-28.14.1 libndr0-debuginfo-32bit-4.2.4-28.14.1 libndr0-debuginfo-4.2.4-28.14.1 libnetapi0-32bit-4.2.4-28.14.1 libnetapi0-4.2.4-28.14.1 libnetapi0-debuginfo-32bit-4.2.4-28.14.1 libnetapi0-debuginfo-4.2.4-28.14.1 libregistry0-4.2.4-28.14.1 libregistry0-debuginfo-4.2.4-28.14.1 libsamba-credentials0-32bit-4.2.4-28.14.1 libsamba-credentials0-4.2.4-28.14.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.14.1 libsamba-credentials0-debuginfo-4.2.4-28.14.1 libsamba-hostconfig0-32bit-4.2.4-28.14.1 libsamba-hostconfig0-4.2.4-28.14.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.14.1 libsamba-hostconfig0-debuginfo-4.2.4-28.14.1 libsamba-passdb0-32bit-4.2.4-28.14.1 libsamba-passdb0-4.2.4-28.14.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.14.1 libsamba-passdb0-debuginfo-4.2.4-28.14.1 libsamba-util0-32bit-4.2.4-28.14.1 libsamba-util0-4.2.4-28.14.1 libsamba-util0-debuginfo-32bit-4.2.4-28.14.1 libsamba-util0-debuginfo-4.2.4-28.14.1 libsamdb0-32bit-4.2.4-28.14.1 libsamdb0-4.2.4-28.14.1 libsamdb0-debuginfo-32bit-4.2.4-28.14.1 libsamdb0-debuginfo-4.2.4-28.14.1 libsmbclient-raw0-32bit-4.2.4-28.14.1 libsmbclient-raw0-4.2.4-28.14.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.14.1 libsmbclient-raw0-debuginfo-4.2.4-28.14.1 libsmbclient0-32bit-4.2.4-28.14.1 libsmbclient0-4.2.4-28.14.1 libsmbclient0-debuginfo-32bit-4.2.4-28.14.1 libsmbclient0-debuginfo-4.2.4-28.14.1 libsmbconf0-32bit-4.2.4-28.14.1 libsmbconf0-4.2.4-28.14.1 libsmbconf0-debuginfo-32bit-4.2.4-28.14.1 libsmbconf0-debuginfo-4.2.4-28.14.1 libsmbldap0-32bit-4.2.4-28.14.1 libsmbldap0-4.2.4-28.14.1 libsmbldap0-debuginfo-32bit-4.2.4-28.14.1 libsmbldap0-debuginfo-4.2.4-28.14.1 libtevent-util0-32bit-4.2.4-28.14.1 libtevent-util0-4.2.4-28.14.1 libtevent-util0-debuginfo-32bit-4.2.4-28.14.1 libtevent-util0-debuginfo-4.2.4-28.14.1 libwbclient0-32bit-4.2.4-28.14.1 libwbclient0-4.2.4-28.14.1 libwbclient0-debuginfo-32bit-4.2.4-28.14.1 libwbclient0-debuginfo-4.2.4-28.14.1 samba-32bit-4.2.4-28.14.1 samba-4.2.4-28.14.1 samba-client-32bit-4.2.4-28.14.1 samba-client-4.2.4-28.14.1 samba-client-debuginfo-32bit-4.2.4-28.14.1 samba-client-debuginfo-4.2.4-28.14.1 samba-debuginfo-32bit-4.2.4-28.14.1 samba-debuginfo-4.2.4-28.14.1 samba-debugsource-4.2.4-28.14.1 samba-libs-32bit-4.2.4-28.14.1 samba-libs-4.2.4-28.14.1 samba-libs-debuginfo-32bit-4.2.4-28.14.1 samba-libs-debuginfo-4.2.4-28.14.1 samba-winbind-32bit-4.2.4-28.14.1 samba-winbind-4.2.4-28.14.1 samba-winbind-debuginfo-32bit-4.2.4-28.14.1 samba-winbind-debuginfo-4.2.4-28.14.1 References: https://www.suse.com/security/cve/CVE-2017-7494.html https://bugzilla.suse.com/1038231 From sle-updates at lists.suse.com Wed May 24 07:10:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 15:10:25 +0200 (CEST) Subject: SUSE-SU-2017:1393-1: important: Security update for samba Message-ID: <20170524131025.7FCF1101C7@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1393-1 Rating: important References: #1038231 Cross-References: CVE-2017-7494 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-853=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-853=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-853=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-853=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-853=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsmbclient-devel-4.4.2-38.6.1 libwbclient-devel-4.4.2-38.6.1 samba-debuginfo-4.4.2-38.6.1 samba-debugsource-4.4.2-38.6.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-binding0-4.4.2-38.6.1 libdcerpc-binding0-debuginfo-4.4.2-38.6.1 libdcerpc0-4.4.2-38.6.1 libdcerpc0-debuginfo-4.4.2-38.6.1 libndr-krb5pac0-4.4.2-38.6.1 libndr-krb5pac0-debuginfo-4.4.2-38.6.1 libndr-nbt0-4.4.2-38.6.1 libndr-nbt0-debuginfo-4.4.2-38.6.1 libndr-standard0-4.4.2-38.6.1 libndr-standard0-debuginfo-4.4.2-38.6.1 libndr0-4.4.2-38.6.1 libndr0-debuginfo-4.4.2-38.6.1 libnetapi0-4.4.2-38.6.1 libnetapi0-debuginfo-4.4.2-38.6.1 libsamba-credentials0-4.4.2-38.6.1 libsamba-credentials0-debuginfo-4.4.2-38.6.1 libsamba-errors0-4.4.2-38.6.1 libsamba-errors0-debuginfo-4.4.2-38.6.1 libsamba-hostconfig0-4.4.2-38.6.1 libsamba-hostconfig0-debuginfo-4.4.2-38.6.1 libsamba-passdb0-4.4.2-38.6.1 libsamba-passdb0-debuginfo-4.4.2-38.6.1 libsamba-util0-4.4.2-38.6.1 libsamba-util0-debuginfo-4.4.2-38.6.1 libsamdb0-4.4.2-38.6.1 libsamdb0-debuginfo-4.4.2-38.6.1 libsmbclient0-4.4.2-38.6.1 libsmbclient0-debuginfo-4.4.2-38.6.1 libsmbconf0-4.4.2-38.6.1 libsmbconf0-debuginfo-4.4.2-38.6.1 libsmbldap0-4.4.2-38.6.1 libsmbldap0-debuginfo-4.4.2-38.6.1 libtevent-util0-4.4.2-38.6.1 libtevent-util0-debuginfo-4.4.2-38.6.1 libwbclient0-4.4.2-38.6.1 libwbclient0-debuginfo-4.4.2-38.6.1 samba-4.4.2-38.6.1 samba-client-4.4.2-38.6.1 samba-client-debuginfo-4.4.2-38.6.1 samba-debuginfo-4.4.2-38.6.1 samba-debugsource-4.4.2-38.6.1 samba-libs-4.4.2-38.6.1 samba-libs-debuginfo-4.4.2-38.6.1 samba-winbind-4.4.2-38.6.1 samba-winbind-debuginfo-4.4.2-38.6.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): samba-doc-4.4.2-38.6.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libdcerpc-binding0-4.4.2-38.6.1 libdcerpc-binding0-debuginfo-4.4.2-38.6.1 libdcerpc0-4.4.2-38.6.1 libdcerpc0-debuginfo-4.4.2-38.6.1 libndr-krb5pac0-4.4.2-38.6.1 libndr-krb5pac0-debuginfo-4.4.2-38.6.1 libndr-nbt0-4.4.2-38.6.1 libndr-nbt0-debuginfo-4.4.2-38.6.1 libndr-standard0-4.4.2-38.6.1 libndr-standard0-debuginfo-4.4.2-38.6.1 libndr0-4.4.2-38.6.1 libndr0-debuginfo-4.4.2-38.6.1 libnetapi0-4.4.2-38.6.1 libnetapi0-debuginfo-4.4.2-38.6.1 libsamba-credentials0-4.4.2-38.6.1 libsamba-credentials0-debuginfo-4.4.2-38.6.1 libsamba-errors0-4.4.2-38.6.1 libsamba-errors0-debuginfo-4.4.2-38.6.1 libsamba-hostconfig0-4.4.2-38.6.1 libsamba-hostconfig0-debuginfo-4.4.2-38.6.1 libsamba-passdb0-4.4.2-38.6.1 libsamba-passdb0-debuginfo-4.4.2-38.6.1 libsamba-util0-4.4.2-38.6.1 libsamba-util0-debuginfo-4.4.2-38.6.1 libsamdb0-4.4.2-38.6.1 libsamdb0-debuginfo-4.4.2-38.6.1 libsmbclient0-4.4.2-38.6.1 libsmbclient0-debuginfo-4.4.2-38.6.1 libsmbconf0-4.4.2-38.6.1 libsmbconf0-debuginfo-4.4.2-38.6.1 libsmbldap0-4.4.2-38.6.1 libsmbldap0-debuginfo-4.4.2-38.6.1 libtevent-util0-4.4.2-38.6.1 libtevent-util0-debuginfo-4.4.2-38.6.1 libwbclient0-4.4.2-38.6.1 libwbclient0-debuginfo-4.4.2-38.6.1 samba-4.4.2-38.6.1 samba-client-4.4.2-38.6.1 samba-client-debuginfo-4.4.2-38.6.1 samba-debuginfo-4.4.2-38.6.1 samba-debugsource-4.4.2-38.6.1 samba-libs-4.4.2-38.6.1 samba-libs-debuginfo-4.4.2-38.6.1 samba-winbind-4.4.2-38.6.1 samba-winbind-debuginfo-4.4.2-38.6.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): samba-doc-4.4.2-38.6.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.6.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.6.1 libdcerpc0-32bit-4.4.2-38.6.1 libdcerpc0-debuginfo-32bit-4.4.2-38.6.1 libndr-krb5pac0-32bit-4.4.2-38.6.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.6.1 libndr-nbt0-32bit-4.4.2-38.6.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.6.1 libndr-standard0-32bit-4.4.2-38.6.1 libndr-standard0-debuginfo-32bit-4.4.2-38.6.1 libndr0-32bit-4.4.2-38.6.1 libndr0-debuginfo-32bit-4.4.2-38.6.1 libnetapi0-32bit-4.4.2-38.6.1 libnetapi0-debuginfo-32bit-4.4.2-38.6.1 libsamba-credentials0-32bit-4.4.2-38.6.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.6.1 libsamba-errors0-32bit-4.4.2-38.6.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.6.1 libsamba-hostconfig0-32bit-4.4.2-38.6.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.6.1 libsamba-passdb0-32bit-4.4.2-38.6.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.6.1 libsamba-util0-32bit-4.4.2-38.6.1 libsamba-util0-debuginfo-32bit-4.4.2-38.6.1 libsamdb0-32bit-4.4.2-38.6.1 libsamdb0-debuginfo-32bit-4.4.2-38.6.1 libsmbclient0-32bit-4.4.2-38.6.1 libsmbclient0-debuginfo-32bit-4.4.2-38.6.1 libsmbconf0-32bit-4.4.2-38.6.1 libsmbconf0-debuginfo-32bit-4.4.2-38.6.1 libsmbldap0-32bit-4.4.2-38.6.1 libsmbldap0-debuginfo-32bit-4.4.2-38.6.1 libtevent-util0-32bit-4.4.2-38.6.1 libtevent-util0-debuginfo-32bit-4.4.2-38.6.1 libwbclient0-32bit-4.4.2-38.6.1 libwbclient0-debuginfo-32bit-4.4.2-38.6.1 samba-client-32bit-4.4.2-38.6.1 samba-client-debuginfo-32bit-4.4.2-38.6.1 samba-libs-32bit-4.4.2-38.6.1 samba-libs-debuginfo-32bit-4.4.2-38.6.1 samba-winbind-32bit-4.4.2-38.6.1 samba-winbind-debuginfo-32bit-4.4.2-38.6.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.6.1 ctdb-debuginfo-4.4.2-38.6.1 samba-debuginfo-4.4.2-38.6.1 samba-debugsource-4.4.2-38.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): samba-doc-4.4.2-38.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.6.1 libdcerpc-binding0-4.4.2-38.6.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.6.1 libdcerpc-binding0-debuginfo-4.4.2-38.6.1 libdcerpc0-32bit-4.4.2-38.6.1 libdcerpc0-4.4.2-38.6.1 libdcerpc0-debuginfo-32bit-4.4.2-38.6.1 libdcerpc0-debuginfo-4.4.2-38.6.1 libndr-krb5pac0-32bit-4.4.2-38.6.1 libndr-krb5pac0-4.4.2-38.6.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.6.1 libndr-krb5pac0-debuginfo-4.4.2-38.6.1 libndr-nbt0-32bit-4.4.2-38.6.1 libndr-nbt0-4.4.2-38.6.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.6.1 libndr-nbt0-debuginfo-4.4.2-38.6.1 libndr-standard0-32bit-4.4.2-38.6.1 libndr-standard0-4.4.2-38.6.1 libndr-standard0-debuginfo-32bit-4.4.2-38.6.1 libndr-standard0-debuginfo-4.4.2-38.6.1 libndr0-32bit-4.4.2-38.6.1 libndr0-4.4.2-38.6.1 libndr0-debuginfo-32bit-4.4.2-38.6.1 libndr0-debuginfo-4.4.2-38.6.1 libnetapi0-32bit-4.4.2-38.6.1 libnetapi0-4.4.2-38.6.1 libnetapi0-debuginfo-32bit-4.4.2-38.6.1 libnetapi0-debuginfo-4.4.2-38.6.1 libsamba-credentials0-32bit-4.4.2-38.6.1 libsamba-credentials0-4.4.2-38.6.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.6.1 libsamba-credentials0-debuginfo-4.4.2-38.6.1 libsamba-errors0-32bit-4.4.2-38.6.1 libsamba-errors0-4.4.2-38.6.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.6.1 libsamba-errors0-debuginfo-4.4.2-38.6.1 libsamba-hostconfig0-32bit-4.4.2-38.6.1 libsamba-hostconfig0-4.4.2-38.6.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.6.1 libsamba-hostconfig0-debuginfo-4.4.2-38.6.1 libsamba-passdb0-32bit-4.4.2-38.6.1 libsamba-passdb0-4.4.2-38.6.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.6.1 libsamba-passdb0-debuginfo-4.4.2-38.6.1 libsamba-util0-32bit-4.4.2-38.6.1 libsamba-util0-4.4.2-38.6.1 libsamba-util0-debuginfo-32bit-4.4.2-38.6.1 libsamba-util0-debuginfo-4.4.2-38.6.1 libsamdb0-32bit-4.4.2-38.6.1 libsamdb0-4.4.2-38.6.1 libsamdb0-debuginfo-32bit-4.4.2-38.6.1 libsamdb0-debuginfo-4.4.2-38.6.1 libsmbclient0-32bit-4.4.2-38.6.1 libsmbclient0-4.4.2-38.6.1 libsmbclient0-debuginfo-32bit-4.4.2-38.6.1 libsmbclient0-debuginfo-4.4.2-38.6.1 libsmbconf0-32bit-4.4.2-38.6.1 libsmbconf0-4.4.2-38.6.1 libsmbconf0-debuginfo-32bit-4.4.2-38.6.1 libsmbconf0-debuginfo-4.4.2-38.6.1 libsmbldap0-32bit-4.4.2-38.6.1 libsmbldap0-4.4.2-38.6.1 libsmbldap0-debuginfo-32bit-4.4.2-38.6.1 libsmbldap0-debuginfo-4.4.2-38.6.1 libtevent-util0-32bit-4.4.2-38.6.1 libtevent-util0-4.4.2-38.6.1 libtevent-util0-debuginfo-32bit-4.4.2-38.6.1 libtevent-util0-debuginfo-4.4.2-38.6.1 libwbclient0-32bit-4.4.2-38.6.1 libwbclient0-4.4.2-38.6.1 libwbclient0-debuginfo-32bit-4.4.2-38.6.1 libwbclient0-debuginfo-4.4.2-38.6.1 samba-4.4.2-38.6.1 samba-client-32bit-4.4.2-38.6.1 samba-client-4.4.2-38.6.1 samba-client-debuginfo-32bit-4.4.2-38.6.1 samba-client-debuginfo-4.4.2-38.6.1 samba-debuginfo-4.4.2-38.6.1 samba-debugsource-4.4.2-38.6.1 samba-libs-32bit-4.4.2-38.6.1 samba-libs-4.4.2-38.6.1 samba-libs-debuginfo-32bit-4.4.2-38.6.1 samba-libs-debuginfo-4.4.2-38.6.1 samba-winbind-32bit-4.4.2-38.6.1 samba-winbind-4.4.2-38.6.1 samba-winbind-debuginfo-32bit-4.4.2-38.6.1 samba-winbind-debuginfo-4.4.2-38.6.1 References: https://www.suse.com/security/cve/CVE-2017-7494.html https://bugzilla.suse.com/1038231 From sle-updates at lists.suse.com Wed May 24 07:10:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 15:10:50 +0200 (CEST) Subject: SUSE-RU-2017:1394-1: moderate: Recommended update for vsftpd Message-ID: <20170524131050.2BF3F101C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1394-1 Rating: moderate References: #1021387 #1024961 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for vsftpd provides the following fixes: - Fix interoperability with ftp clients when vsftpd is configured with option "use_localtime=YES". (bsc#1024961) - Fix several issues related to SSL/TLS support. (bsc#1021387) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-856=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-856=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-856=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): vsftpd-3.0.2-39.1 vsftpd-debuginfo-3.0.2-39.1 vsftpd-debugsource-3.0.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): vsftpd-3.0.2-39.1 vsftpd-debuginfo-3.0.2-39.1 vsftpd-debugsource-3.0.2-39.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): vsftpd-3.0.2-39.1 vsftpd-debuginfo-3.0.2-39.1 vsftpd-debugsource-3.0.2-39.1 References: https://bugzilla.suse.com/1021387 https://bugzilla.suse.com/1024961 From sle-updates at lists.suse.com Wed May 24 07:11:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 15:11:31 +0200 (CEST) Subject: SUSE-SU-2017:1396-1: important: Security update for samba Message-ID: <20170524131131.B0F3D101C7@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1396-1 Rating: important References: #1038231 Cross-References: CVE-2017-7494 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-852=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-852=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): ctdb-4.2.4-18.41.1 ctdb-debuginfo-4.2.4-18.41.1 libdcerpc-binding0-32bit-4.2.4-18.41.1 libdcerpc-binding0-4.2.4-18.41.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.41.1 libdcerpc-binding0-debuginfo-4.2.4-18.41.1 libdcerpc0-32bit-4.2.4-18.41.1 libdcerpc0-4.2.4-18.41.1 libdcerpc0-debuginfo-32bit-4.2.4-18.41.1 libdcerpc0-debuginfo-4.2.4-18.41.1 libgensec0-32bit-4.2.4-18.41.1 libgensec0-4.2.4-18.41.1 libgensec0-debuginfo-32bit-4.2.4-18.41.1 libgensec0-debuginfo-4.2.4-18.41.1 libndr-krb5pac0-32bit-4.2.4-18.41.1 libndr-krb5pac0-4.2.4-18.41.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.41.1 libndr-krb5pac0-debuginfo-4.2.4-18.41.1 libndr-nbt0-32bit-4.2.4-18.41.1 libndr-nbt0-4.2.4-18.41.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.41.1 libndr-nbt0-debuginfo-4.2.4-18.41.1 libndr-standard0-32bit-4.2.4-18.41.1 libndr-standard0-4.2.4-18.41.1 libndr-standard0-debuginfo-32bit-4.2.4-18.41.1 libndr-standard0-debuginfo-4.2.4-18.41.1 libndr0-32bit-4.2.4-18.41.1 libndr0-4.2.4-18.41.1 libndr0-debuginfo-32bit-4.2.4-18.41.1 libndr0-debuginfo-4.2.4-18.41.1 libnetapi0-32bit-4.2.4-18.41.1 libnetapi0-4.2.4-18.41.1 libnetapi0-debuginfo-32bit-4.2.4-18.41.1 libnetapi0-debuginfo-4.2.4-18.41.1 libregistry0-4.2.4-18.41.1 libregistry0-debuginfo-4.2.4-18.41.1 libsamba-credentials0-32bit-4.2.4-18.41.1 libsamba-credentials0-4.2.4-18.41.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.41.1 libsamba-credentials0-debuginfo-4.2.4-18.41.1 libsamba-hostconfig0-32bit-4.2.4-18.41.1 libsamba-hostconfig0-4.2.4-18.41.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.41.1 libsamba-hostconfig0-debuginfo-4.2.4-18.41.1 libsamba-passdb0-32bit-4.2.4-18.41.1 libsamba-passdb0-4.2.4-18.41.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.41.1 libsamba-passdb0-debuginfo-4.2.4-18.41.1 libsamba-util0-32bit-4.2.4-18.41.1 libsamba-util0-4.2.4-18.41.1 libsamba-util0-debuginfo-32bit-4.2.4-18.41.1 libsamba-util0-debuginfo-4.2.4-18.41.1 libsamdb0-32bit-4.2.4-18.41.1 libsamdb0-4.2.4-18.41.1 libsamdb0-debuginfo-32bit-4.2.4-18.41.1 libsamdb0-debuginfo-4.2.4-18.41.1 libsmbclient-raw0-32bit-4.2.4-18.41.1 libsmbclient-raw0-4.2.4-18.41.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.41.1 libsmbclient-raw0-debuginfo-4.2.4-18.41.1 libsmbclient0-32bit-4.2.4-18.41.1 libsmbclient0-4.2.4-18.41.1 libsmbclient0-debuginfo-32bit-4.2.4-18.41.1 libsmbclient0-debuginfo-4.2.4-18.41.1 libsmbconf0-32bit-4.2.4-18.41.1 libsmbconf0-4.2.4-18.41.1 libsmbconf0-debuginfo-32bit-4.2.4-18.41.1 libsmbconf0-debuginfo-4.2.4-18.41.1 libsmbldap0-32bit-4.2.4-18.41.1 libsmbldap0-4.2.4-18.41.1 libsmbldap0-debuginfo-32bit-4.2.4-18.41.1 libsmbldap0-debuginfo-4.2.4-18.41.1 libtevent-util0-32bit-4.2.4-18.41.1 libtevent-util0-4.2.4-18.41.1 libtevent-util0-debuginfo-32bit-4.2.4-18.41.1 libtevent-util0-debuginfo-4.2.4-18.41.1 libwbclient0-32bit-4.2.4-18.41.1 libwbclient0-4.2.4-18.41.1 libwbclient0-debuginfo-32bit-4.2.4-18.41.1 libwbclient0-debuginfo-4.2.4-18.41.1 samba-32bit-4.2.4-18.41.1 samba-4.2.4-18.41.1 samba-client-32bit-4.2.4-18.41.1 samba-client-4.2.4-18.41.1 samba-client-debuginfo-32bit-4.2.4-18.41.1 samba-client-debuginfo-4.2.4-18.41.1 samba-debuginfo-32bit-4.2.4-18.41.1 samba-debuginfo-4.2.4-18.41.1 samba-debugsource-4.2.4-18.41.1 samba-libs-32bit-4.2.4-18.41.1 samba-libs-4.2.4-18.41.1 samba-libs-debuginfo-32bit-4.2.4-18.41.1 samba-libs-debuginfo-4.2.4-18.41.1 samba-winbind-32bit-4.2.4-18.41.1 samba-winbind-4.2.4-18.41.1 samba-winbind-debuginfo-32bit-4.2.4-18.41.1 samba-winbind-debuginfo-4.2.4-18.41.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): samba-doc-4.2.4-18.41.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-18.41.1 ctdb-debuginfo-4.2.4-18.41.1 libdcerpc-binding0-4.2.4-18.41.1 libdcerpc-binding0-debuginfo-4.2.4-18.41.1 libdcerpc0-4.2.4-18.41.1 libdcerpc0-debuginfo-4.2.4-18.41.1 libgensec0-4.2.4-18.41.1 libgensec0-debuginfo-4.2.4-18.41.1 libndr-krb5pac0-4.2.4-18.41.1 libndr-krb5pac0-debuginfo-4.2.4-18.41.1 libndr-nbt0-4.2.4-18.41.1 libndr-nbt0-debuginfo-4.2.4-18.41.1 libndr-standard0-4.2.4-18.41.1 libndr-standard0-debuginfo-4.2.4-18.41.1 libndr0-4.2.4-18.41.1 libndr0-debuginfo-4.2.4-18.41.1 libnetapi0-4.2.4-18.41.1 libnetapi0-debuginfo-4.2.4-18.41.1 libregistry0-4.2.4-18.41.1 libregistry0-debuginfo-4.2.4-18.41.1 libsamba-credentials0-4.2.4-18.41.1 libsamba-credentials0-debuginfo-4.2.4-18.41.1 libsamba-hostconfig0-4.2.4-18.41.1 libsamba-hostconfig0-debuginfo-4.2.4-18.41.1 libsamba-passdb0-4.2.4-18.41.1 libsamba-passdb0-debuginfo-4.2.4-18.41.1 libsamba-util0-4.2.4-18.41.1 libsamba-util0-debuginfo-4.2.4-18.41.1 libsamdb0-4.2.4-18.41.1 libsamdb0-debuginfo-4.2.4-18.41.1 libsmbclient-raw0-4.2.4-18.41.1 libsmbclient-raw0-debuginfo-4.2.4-18.41.1 libsmbclient0-4.2.4-18.41.1 libsmbclient0-debuginfo-4.2.4-18.41.1 libsmbconf0-4.2.4-18.41.1 libsmbconf0-debuginfo-4.2.4-18.41.1 libsmbldap0-4.2.4-18.41.1 libsmbldap0-debuginfo-4.2.4-18.41.1 libtevent-util0-4.2.4-18.41.1 libtevent-util0-debuginfo-4.2.4-18.41.1 libwbclient0-4.2.4-18.41.1 libwbclient0-debuginfo-4.2.4-18.41.1 samba-4.2.4-18.41.1 samba-client-4.2.4-18.41.1 samba-client-debuginfo-4.2.4-18.41.1 samba-debuginfo-4.2.4-18.41.1 samba-debugsource-4.2.4-18.41.1 samba-libs-4.2.4-18.41.1 samba-libs-debuginfo-4.2.4-18.41.1 samba-winbind-4.2.4-18.41.1 samba-winbind-debuginfo-4.2.4-18.41.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.41.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.41.1 libdcerpc0-32bit-4.2.4-18.41.1 libdcerpc0-debuginfo-32bit-4.2.4-18.41.1 libgensec0-32bit-4.2.4-18.41.1 libgensec0-debuginfo-32bit-4.2.4-18.41.1 libndr-krb5pac0-32bit-4.2.4-18.41.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.41.1 libndr-nbt0-32bit-4.2.4-18.41.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.41.1 libndr-standard0-32bit-4.2.4-18.41.1 libndr-standard0-debuginfo-32bit-4.2.4-18.41.1 libndr0-32bit-4.2.4-18.41.1 libndr0-debuginfo-32bit-4.2.4-18.41.1 libnetapi0-32bit-4.2.4-18.41.1 libnetapi0-debuginfo-32bit-4.2.4-18.41.1 libsamba-credentials0-32bit-4.2.4-18.41.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.41.1 libsamba-hostconfig0-32bit-4.2.4-18.41.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.41.1 libsamba-passdb0-32bit-4.2.4-18.41.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.41.1 libsamba-util0-32bit-4.2.4-18.41.1 libsamba-util0-debuginfo-32bit-4.2.4-18.41.1 libsamdb0-32bit-4.2.4-18.41.1 libsamdb0-debuginfo-32bit-4.2.4-18.41.1 libsmbclient-raw0-32bit-4.2.4-18.41.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.41.1 libsmbclient0-32bit-4.2.4-18.41.1 libsmbclient0-debuginfo-32bit-4.2.4-18.41.1 libsmbconf0-32bit-4.2.4-18.41.1 libsmbconf0-debuginfo-32bit-4.2.4-18.41.1 libsmbldap0-32bit-4.2.4-18.41.1 libsmbldap0-debuginfo-32bit-4.2.4-18.41.1 libtevent-util0-32bit-4.2.4-18.41.1 libtevent-util0-debuginfo-32bit-4.2.4-18.41.1 libwbclient0-32bit-4.2.4-18.41.1 libwbclient0-debuginfo-32bit-4.2.4-18.41.1 samba-32bit-4.2.4-18.41.1 samba-client-32bit-4.2.4-18.41.1 samba-client-debuginfo-32bit-4.2.4-18.41.1 samba-debuginfo-32bit-4.2.4-18.41.1 samba-libs-32bit-4.2.4-18.41.1 samba-libs-debuginfo-32bit-4.2.4-18.41.1 samba-winbind-32bit-4.2.4-18.41.1 samba-winbind-debuginfo-32bit-4.2.4-18.41.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): samba-doc-4.2.4-18.41.1 References: https://www.suse.com/security/cve/CVE-2017-7494.html https://bugzilla.suse.com/1038231 From sle-updates at lists.suse.com Wed May 24 13:10:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:10:21 +0200 (CEST) Subject: SUSE-RU-2017:1397-1: Recommended update for yast2 Message-ID: <20170524191021.E18E6101C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1397-1 Rating: low References: #1017716 #988739 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 fixes the following issues: - ArgumentError in Popup.AnyTimedMessage. (bsc#988739) - Internal error when reading network configuration. (bsc#1017716) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-863=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-863=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-863=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yast2-devel-doc-3.1.155.7-19.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-3.1.155.7-19.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-3.1.155.7-19.3 References: https://bugzilla.suse.com/1017716 https://bugzilla.suse.com/988739 From sle-updates at lists.suse.com Wed May 24 13:10:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:10:57 +0200 (CEST) Subject: SUSE-SU-2017:1398-1: moderate: Security update for pam Message-ID: <20170524191057.7E5AD101C8@maintenance.suse.de> SUSE Security Update: Security update for pam ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1398-1 Rating: moderate References: #1015565 #1037824 #934920 Cross-References: CVE-2015-3238 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for pam fixes the following issues: - CVE-2015-3238: pam_unix in conjunction with SELinux allowed for DoS attacks (bsc#934920). - log a hint to syslog if /etc/nologin is present, but empty (bsc#1015565). - If /etc/nologin is present, but empty, log a hint to syslog. (bsc#1015565) - Added support for libowcrypt.so, if present, to configure support for BLOWFISH (bsc#1037824) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-865=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-865=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-865=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-865=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-865=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-865=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-865=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-865=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): pam-debuginfo-1.1.8-23.1 pam-debugsource-1.1.8-23.1 pam-devel-1.1.8-23.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): pam-debuginfo-1.1.8-23.1 pam-debugsource-1.1.8-23.1 pam-devel-1.1.8-23.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): pam-1.1.8-23.1 pam-debuginfo-1.1.8-23.1 pam-debugsource-1.1.8-23.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): pam-doc-1.1.8-23.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): pam-1.1.8-23.1 pam-debuginfo-1.1.8-23.1 pam-debugsource-1.1.8-23.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): pam-32bit-1.1.8-23.1 pam-debuginfo-32bit-1.1.8-23.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): pam-doc-1.1.8-23.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): pam-1.1.8-23.1 pam-debuginfo-1.1.8-23.1 pam-debugsource-1.1.8-23.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): pam-32bit-1.1.8-23.1 pam-debuginfo-32bit-1.1.8-23.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): pam-doc-1.1.8-23.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): pam-1.1.8-23.1 pam-32bit-1.1.8-23.1 pam-debuginfo-1.1.8-23.1 pam-debuginfo-32bit-1.1.8-23.1 pam-debugsource-1.1.8-23.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): pam-doc-1.1.8-23.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): pam-1.1.8-23.1 pam-32bit-1.1.8-23.1 pam-debuginfo-1.1.8-23.1 pam-debuginfo-32bit-1.1.8-23.1 pam-debugsource-1.1.8-23.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): pam-doc-1.1.8-23.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): pam-1.1.8-23.1 pam-debuginfo-1.1.8-23.1 pam-debugsource-1.1.8-23.1 References: https://www.suse.com/security/cve/CVE-2015-3238.html https://bugzilla.suse.com/1015565 https://bugzilla.suse.com/1037824 https://bugzilla.suse.com/934920 From sle-updates at lists.suse.com Wed May 24 13:11:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:11:37 +0200 (CEST) Subject: SUSE-RU-2017:1399-1: moderate: Recommended update for gstreamer-plugins-good Message-ID: <20170524191137.B3808101C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1399-1 Rating: moderate References: #1031890 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gstreamer-plugins-good fixes atomic file writes in "buffer" mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-861=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-861=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-861=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-good-1.8.3-15.1 gstreamer-plugins-good-debuginfo-1.8.3-15.1 gstreamer-plugins-good-debugsource-1.8.3-15.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-15.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-good-1.8.3-15.1 gstreamer-plugins-good-debuginfo-1.8.3-15.1 gstreamer-plugins-good-debugsource-1.8.3-15.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-15.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-15.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-good-1.8.3-15.1 gstreamer-plugins-good-debuginfo-1.8.3-15.1 gstreamer-plugins-good-debugsource-1.8.3-15.1 References: https://bugzilla.suse.com/1031890 From sle-updates at lists.suse.com Wed May 24 13:12:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:12:03 +0200 (CEST) Subject: SUSE-SU-2017:1400-1: important: Security update for java-1_7_0-openjdk Message-ID: <20170524191203.444E4101C8@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1400-1 Rating: important References: #1034849 Cross-References: CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849) * Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-3514: Windows peering issue - S8169011, CVE-2017-3526: Resizing XML parse trees - S8170222, CVE-2017-3533: Better transfers of files - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172299: Improve class processing * New features - PR3347: jstack.stp should support AArch64 * Import of OpenJDK 7 u141 build 0 - S4717864: setFont() does not update Fonts of Menus already on screen - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6518907: cleanup IA64 specific code in Hotspot - S6869327: Add new C2 flag to keep safepoints in counted loops. - S7112912: Message "Error occurred during initialization of VM" on boxes with lots of RAM - S7124213: [macosx] pack() does ignore size of a component; doesn't on the other platforms - S7124219: [macosx] Unable to draw images to fullscreen - S7124552: [macosx] NullPointerException in getBufferStrategy() - S7148275: [macosx] setIconImages() not working correctly (distorted icon when minimized) - S7154841: [macosx] Popups appear behind taskbar - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7160627: [macosx] TextArea has wrong initial size - S7167293: FtpURLConnection connection leak on FileNotFoundException - S7168851: [macosx] Netbeans crashes in CImage.nativeCreateNSImageFromArray - S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed, compile error - S8005255: [macosx] Cleanup warnings in sun.lwawt - S8006088: Incompatible heap size flags accepted by VM - S8007295: Reduce number of warnings in awt classes - S8010722: assert: failed: heap size is too big for compressed oops - S8011059: [macosx] Support automatic @2x images loading on Mac OS X - S8014058: Regression tests for 8006088 - S8014489: tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeFlags jtreg tests invoke wrong class - S8016302: Change type of the number of GC workers to unsigned int (2) - S8024662: gc/arguments/TestUseCompressedOopsErgo.java does not compile. - S8024669: Native OOME when allocating after changes to maximum heap supporting Coops sizing on sparcv9 - S8024926: [macosx] AquaIcon HiDPI support - S8025974: l10n for policytool - S8027025: [macosx] getLocationOnScreen returns 0 if parent invisible - S8028212: Custom cursor HiDPI support - S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck optimization. - S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren't rendered in high resolution on Retina - S8033534: [macosx] Get MultiResolution image from native system - S8033786: White flashing when opening Dialogs and Menus using Nimbus with dark background - S8035568: [macosx] Cursor management unification - S8041734: JFrame in full screen mode leaves empty workspace after close - S8059803: Update use of GetVersionEx to get correct Windows version in hs_err files - S8066504: GetVersionEx in java.base/windows/native/libjava/java_props_md.c might not get correct Windows version 0 - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus - S8130769: The new menu can't be shown on the menubar after clicking the "Add" button. - S8133357: 8u65 l10n resource file translation update - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException - S8147842: IME Composition Window is displayed at incorrect location - S8147910: Cache initial active_processor_count - S8150490: Update OS detection code to recognize Windows Server 2016 - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161993: G1 crashes if active_processor_count changes during startup - S8162603: Unrecognized VM option 'UseCountedLoopSafepoints' - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with "Error while cleaning up threads after test" - S8167179: Make XSL generated namespace prefixes local to transformation process - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections - S8169589: [macosx] Activating a JDialog puts to back another dialog - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8171388: Update JNDI Thread contexts - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8175087: [bsd] Fix build after "8024900: PPC64: Enable new build on AIX (jdk part)" - S8175163: [bsd] Fix build after "8005629: javac warnings compiling java.awt.EventDispatchThread..." - S8176044: (tz) Support tzdata2017a * Import of OpenJDK 7 u141 build 1 - S8043723: max_heap_for_compressed_oops() declared with size_t, but defined with uintx * Import of OpenJDK 7 u141 build 2 - S8011123: serialVersionUID of java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82 * Backports - S6515172, PR3362: Runtime.availableProcessors() ignores Linux taskset command - S8022284, PR3209: Hide internal data structure in PhaseCFG - S8023003, PR3209: Cleanup the public interface to PhaseCFG - S8023691, PR3209: Create interface for nodes in class Block - S8023988, PR3209: Move local scheduling of nodes to the CFG creation and code motion phase (PhaseCFG) - S8043780, PR3369: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC) - S8157306, PR3209: Random infrequent null pointer exceptions in javac - S8173783, PR3329: IllegalArgumentException: jdk.tls.namedGroups - S8173941, PR3330: SA does not work if executable is DSO - S8174729, PR3361: Race Condition in java.lang.reflect.WeakCache * Bug fixes - PR3349: Architectures unsupported by SystemTap tapsets throw a parse error - PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh - PR3379: Perl should be mandatory - PR3390: javac.in and javah.in should use @PERL@ rather than a hardcoded path * CACAO - PR2732: Raise javadoc memory limits for CACAO again! * AArch64 port - S8177661, PR3367: Correct ad rule output register types from iRegX to iRegXNoSp - Get ecj.jar path from gcj, use the gcc variant that provides Java to build C code to make sure jni.h is available. - S8167104, CVE-2017-3289: Additional class construction - S6253144: Long narrowing conversion should describe the - S6328537: Improve javadocs for Socket class by adding - S6978886: javadoc shows stacktrace after print error - S6995421: Eliminate the static dependency to - S7027045: (doc) java/awt/Window.java has several typos in - S7054969: Null-check-in-finally pattern in java/security - S7072353: JNDI libraries do not build with javac -Xlint:all - S7092447: Clarify the default locale used in each locale - S7103570: AtomicIntegerFieldUpdater does not work when - S7187144: JavaDoc for ScriptEngineFactory.getProgram() - S8000418: javadoc should used a standard "generated by - S8000666: javadoc should write directly to Writer instead of - S8000970: break out auxiliary classes that will prevent - S8001669: javadoc internal DocletAbortException should set - S8011402: Move blacklisting certificate logic from hard code - S8011547: Update XML Signature implementation to Apache - S8012288: XML DSig API allows wrong tag names and extra - S8017325: Cleanup of the javadoc tag in - S8017326: Cleanup of the javadoc tag in - S8019772: Fix doclint issues in javax.crypto and - S8020688: Broken links in documentation at - S8021108: Clean up doclint warnings and errors in java.text - S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods - S8025409: Fix javadoc comments errors and warning reported by - S8026021: more fix of javadoc errors and warnings reported by - S8037099: [macosx] Remove all references to GC from native - S8038184: XMLSignature throws StringIndexOutOfBoundsException - S8038349: Signing XML with DSA throws Exception when key is - S8049244: XML Signature performance issue caused by - S8050893: (smartcardio) Invert reset argument in tests in - S8059212: Modify sun/security/smartcardio manual regression - S8068279: (typo in the spec) - S8068491: Update the protocol for references of - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs - S8076369: Introduce the jdk.tls.client.protocols system - S8139565: Restrict certificates with DSA keys less than 1024 - S8140422: Add mechanism to allow non default root CAs to be - S8140587: Atomic*FieldUpdaters should use Class.isInstance - S8149029: Secure validation of XML based digital signature - S8151893: Add security property to configure XML Signature - S8161228: URL objects with custom protocol handlers have port - S8163304: jarsigner -verbose -verify should print the - S8164908: ReflectionFactory support for IIOP and custom - S8165230: RMIConnection addNotificationListeners failing with - S8166393: disabledAlgorithms property should not be strictly - S8166591: [macos 10.12] Trackpad scrolling of text on OS X - S8166739: Improve extensibility of ObjectInputFilter - S8167356: Follow up fix for jdk8 backport of 8164143. Changes - S8167459: Add debug output for indicating if a chosen - S8168861: AnchorCertificates uses hardcoded password for - S8169688: Backout (remove) MD5 from - S8169911: Enhanced tests for jarsigner -verbose -verify after - S8170131: Certificates not being blocked by - S8173854: [TEST] Update DHEKeySizing test case following - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on - S8000351, PR3316, RH1390708: Tenuring threshold should be - S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak: - S8170888, PR3316, RH1390708: [linux] Experimental support for - PR3318: Replace 'infinality' with 'improved font rendering' - PR3324: Fix NSS_LIBDIR substitution in - S8165673, PR3320: AArch64: Fix JNI floating point argument + S6604109, PR3162: - Add -fno-delete-null-pointer-checks -fno-lifetime-dse to try to directory to be specified versions of IcedTea Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-864=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-864=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-864=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-864=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-864=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_7_0-openjdk-1.7.0.141-42.1 java-1_7_0-openjdk-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-debugsource-1.7.0.141-42.1 java-1_7_0-openjdk-demo-1.7.0.141-42.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-devel-1.7.0.141-42.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-headless-1.7.0.141-42.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.141-42.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): java-1_7_0-openjdk-1.7.0.141-42.1 java-1_7_0-openjdk-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-debugsource-1.7.0.141-42.1 java-1_7_0-openjdk-demo-1.7.0.141-42.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-devel-1.7.0.141-42.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-headless-1.7.0.141-42.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.141-42.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.141-42.1 java-1_7_0-openjdk-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-debugsource-1.7.0.141-42.1 java-1_7_0-openjdk-demo-1.7.0.141-42.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-devel-1.7.0.141-42.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-headless-1.7.0.141-42.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.141-42.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_7_0-openjdk-1.7.0.141-42.1 java-1_7_0-openjdk-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-debugsource-1.7.0.141-42.1 java-1_7_0-openjdk-headless-1.7.0.141-42.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.141-42.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.141-42.1 java-1_7_0-openjdk-debuginfo-1.7.0.141-42.1 java-1_7_0-openjdk-debugsource-1.7.0.141-42.1 java-1_7_0-openjdk-headless-1.7.0.141-42.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.141-42.1 References: https://www.suse.com/security/cve/CVE-2017-3289.html https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3511.html https://www.suse.com/security/cve/CVE-2017-3512.html https://www.suse.com/security/cve/CVE-2017-3514.html https://www.suse.com/security/cve/CVE-2017-3526.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1034849 From sle-updates at lists.suse.com Wed May 24 13:12:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:12:56 +0200 (CEST) Subject: SUSE-RU-2017:1403-1: Recommended update for yast2-network Message-ID: <20170524191256.9661E101C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1403-1 Rating: low References: #1036440 #994471 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-network provides the following fix: - Command "yast remote list" should not alter the system (bsc#1036440, bsc#994471) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-859=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-859=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-859=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yast2-network-devel-doc-3.1.140.12-37.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-network-3.1.140.12-37.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-network-3.1.140.12-37.1 References: https://bugzilla.suse.com/1036440 https://bugzilla.suse.com/994471 From sle-updates at lists.suse.com Wed May 24 13:13:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:13:32 +0200 (CEST) Subject: SUSE-SU-2017:1404-1: important: Security update for ghostscript Message-ID: <20170524191332.776F8101C8@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1404-1 Rating: important References: #1018128 #1030263 #1032114 #1032120 #1036453 Cross-References: CVE-2016-10220 CVE-2016-9601 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for ghostscript fixes the following security vulnerabilities: - CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) - CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) - CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) - CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) - CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) This is a reissue of the previous update to also include SUSE Linux Enterprise 12 GA LTSS packages. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-866=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-866=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-866=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-866=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-866=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-866=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-866=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-866=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-866=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.15-22.1 ghostscript-debugsource-9.15-22.1 ghostscript-devel-9.15-22.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ghostscript-debuginfo-9.15-22.1 ghostscript-debugsource-9.15-22.1 ghostscript-devel-9.15-22.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): ghostscript-9.15-22.1 ghostscript-debuginfo-9.15-22.1 ghostscript-debugsource-9.15-22.1 ghostscript-x11-9.15-22.1 ghostscript-x11-debuginfo-9.15-22.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ghostscript-9.15-22.1 ghostscript-debuginfo-9.15-22.1 ghostscript-debugsource-9.15-22.1 ghostscript-x11-9.15-22.1 ghostscript-x11-debuginfo-9.15-22.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ghostscript-9.15-22.1 ghostscript-debuginfo-9.15-22.1 ghostscript-debugsource-9.15-22.1 ghostscript-x11-9.15-22.1 ghostscript-x11-debuginfo-9.15-22.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ghostscript-9.15-22.1 ghostscript-debuginfo-9.15-22.1 ghostscript-debugsource-9.15-22.1 ghostscript-x11-9.15-22.1 ghostscript-x11-debuginfo-9.15-22.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ghostscript-9.15-22.1 ghostscript-debuginfo-9.15-22.1 ghostscript-debugsource-9.15-22.1 ghostscript-x11-9.15-22.1 ghostscript-x11-debuginfo-9.15-22.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ghostscript-9.15-22.1 ghostscript-debuginfo-9.15-22.1 ghostscript-debugsource-9.15-22.1 ghostscript-x11-9.15-22.1 ghostscript-x11-debuginfo-9.15-22.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ghostscript-9.15-22.1 ghostscript-debuginfo-9.15-22.1 ghostscript-debugsource-9.15-22.1 ghostscript-x11-9.15-22.1 ghostscript-x11-debuginfo-9.15-22.1 References: https://www.suse.com/security/cve/CVE-2016-10220.html https://www.suse.com/security/cve/CVE-2016-9601.html https://www.suse.com/security/cve/CVE-2017-5951.html https://www.suse.com/security/cve/CVE-2017-7207.html https://www.suse.com/security/cve/CVE-2017-8291.html https://bugzilla.suse.com/1018128 https://bugzilla.suse.com/1030263 https://bugzilla.suse.com/1032114 https://bugzilla.suse.com/1032120 https://bugzilla.suse.com/1036453 From sle-updates at lists.suse.com Wed May 24 13:14:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:14:22 +0200 (CEST) Subject: SUSE-RU-2017:1405-1: Recommended update for smt Message-ID: <20170524191422.7A829101C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1405-1 Rating: low References: #944291 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for smt provides the following fixes: - Add info about repositories with errors to summary. (bsc#944291) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-smt-13128=1 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): res-signingkeys-2.0.30-49.1 smt-2.0.30-49.1 smt-support-2.0.30-49.1 References: https://bugzilla.suse.com/944291 From sle-updates at lists.suse.com Wed May 24 13:14:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:14:46 +0200 (CEST) Subject: SUSE-RU-2017:1406-1: Recommended update for yast2-network Message-ID: <20170524191446.4DA72101C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1406-1 Rating: low References: #1036440 #994471 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-network provides the following fix: - Command "yast remote list" should not alter the system (bsc#1036440, bsc#994471) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-858=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-858=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-858=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-network-3.1.177-45.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-network-3.1.177-45.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-network-3.1.177-45.1 References: https://bugzilla.suse.com/1036440 https://bugzilla.suse.com/994471 From sle-updates at lists.suse.com Wed May 24 13:15:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:15:22 +0200 (CEST) Subject: SUSE-RU-2017:1408-1: important: Recommended update for mariadb Message-ID: <20170524191522.7DBAE101C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1408-1 Rating: important References: #1020976 #1038740 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mariadb fixes permissions for /var/run/mysql in mysql-systemd-helper that were incorrectly set to 700 instead of 755 due to umask. This prevented non-root users from connecting to the database. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-857=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-857=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-857=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-857=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-857=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-857=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-857=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-857=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-857=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libmysqlclient_r18-10.0.30-28.1 libmysqlclient_r18-32bit-10.0.30-28.1 mariadb-debuginfo-10.0.30-28.1 mariadb-debugsource-10.0.30-28.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.30-28.1 libmysqlclient_r18-32bit-10.0.30-28.1 mariadb-debuginfo-10.0.30-28.1 mariadb-debugsource-10.0.30-28.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.30-28.1 libmysqlclient_r18-10.0.30-28.1 libmysqld-devel-10.0.30-28.1 libmysqld18-10.0.30-28.1 libmysqld18-debuginfo-10.0.30-28.1 mariadb-debuginfo-10.0.30-28.1 mariadb-debugsource-10.0.30-28.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.30-28.1 libmysqlclient_r18-10.0.30-28.1 libmysqld-devel-10.0.30-28.1 libmysqld18-10.0.30-28.1 libmysqld18-debuginfo-10.0.30-28.1 mariadb-debuginfo-10.0.30-28.1 mariadb-debugsource-10.0.30-28.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmysqlclient18-10.0.30-28.1 libmysqlclient18-debuginfo-10.0.30-28.1 mariadb-10.0.30-28.1 mariadb-client-10.0.30-28.1 mariadb-client-debuginfo-10.0.30-28.1 mariadb-debuginfo-10.0.30-28.1 mariadb-debugsource-10.0.30-28.1 mariadb-errormessages-10.0.30-28.1 mariadb-tools-10.0.30-28.1 mariadb-tools-debuginfo-10.0.30-28.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libmysqlclient18-10.0.30-28.1 libmysqlclient18-debuginfo-10.0.30-28.1 mariadb-10.0.30-28.1 mariadb-client-10.0.30-28.1 mariadb-client-debuginfo-10.0.30-28.1 mariadb-debuginfo-10.0.30-28.1 mariadb-debugsource-10.0.30-28.1 mariadb-errormessages-10.0.30-28.1 mariadb-tools-10.0.30-28.1 mariadb-tools-debuginfo-10.0.30-28.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libmysqlclient18-32bit-10.0.30-28.1 libmysqlclient18-debuginfo-32bit-10.0.30-28.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.30-28.1 libmysqlclient18-debuginfo-10.0.30-28.1 mariadb-10.0.30-28.1 mariadb-client-10.0.30-28.1 mariadb-client-debuginfo-10.0.30-28.1 mariadb-debuginfo-10.0.30-28.1 mariadb-debugsource-10.0.30-28.1 mariadb-errormessages-10.0.30-28.1 mariadb-tools-10.0.30-28.1 mariadb-tools-debuginfo-10.0.30-28.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.30-28.1 libmysqlclient18-debuginfo-32bit-10.0.30-28.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libmysqlclient18-10.0.30-28.1 libmysqlclient18-32bit-10.0.30-28.1 libmysqlclient18-debuginfo-10.0.30-28.1 libmysqlclient18-debuginfo-32bit-10.0.30-28.1 libmysqlclient_r18-10.0.30-28.1 libmysqlclient_r18-32bit-10.0.30-28.1 mariadb-10.0.30-28.1 mariadb-client-10.0.30-28.1 mariadb-client-debuginfo-10.0.30-28.1 mariadb-debuginfo-10.0.30-28.1 mariadb-debugsource-10.0.30-28.1 mariadb-errormessages-10.0.30-28.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.30-28.1 libmysqlclient18-32bit-10.0.30-28.1 libmysqlclient18-debuginfo-10.0.30-28.1 libmysqlclient18-debuginfo-32bit-10.0.30-28.1 libmysqlclient_r18-10.0.30-28.1 libmysqlclient_r18-32bit-10.0.30-28.1 mariadb-10.0.30-28.1 mariadb-client-10.0.30-28.1 mariadb-client-debuginfo-10.0.30-28.1 mariadb-debuginfo-10.0.30-28.1 mariadb-debugsource-10.0.30-28.1 mariadb-errormessages-10.0.30-28.1 References: https://bugzilla.suse.com/1020976 https://bugzilla.suse.com/1038740 From sle-updates at lists.suse.com Wed May 24 13:15:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 May 2017 21:15:58 +0200 (CEST) Subject: SUSE-RU-2017:1409-1: Recommended update for pam_ldap Message-ID: <20170524191558.29CA6101C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam_ldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1409-1 Rating: low References: #918534 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam_ldap provides the following fix: - Correct default value for "bind_timeout" in configuration file and manual page (bsc#918534) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-862=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-862=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-862=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-862=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-862=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): pam_ldap-186-10.2 pam_ldap-debuginfo-186-10.2 pam_ldap-debugsource-186-10.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): pam_ldap-186-10.2 pam_ldap-debuginfo-186-10.2 pam_ldap-debugsource-186-10.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): pam_ldap-32bit-186-10.2 pam_ldap-debuginfo-32bit-186-10.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): pam_ldap-186-10.2 pam_ldap-debuginfo-186-10.2 pam_ldap-debugsource-186-10.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): pam_ldap-32bit-186-10.2 pam_ldap-debuginfo-32bit-186-10.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): pam_ldap-186-10.2 pam_ldap-32bit-186-10.2 pam_ldap-debuginfo-186-10.2 pam_ldap-debuginfo-32bit-186-10.2 pam_ldap-debugsource-186-10.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): pam_ldap-186-10.2 pam_ldap-32bit-186-10.2 pam_ldap-debuginfo-186-10.2 pam_ldap-debuginfo-32bit-186-10.2 pam_ldap-debugsource-186-10.2 References: https://bugzilla.suse.com/918534 From sle-updates at lists.suse.com Thu May 25 10:09:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2017 18:09:16 +0200 (CEST) Subject: SUSE-RU-2017:1410-1: Recommended update for os-prober Message-ID: <20170525160916.ABA7A101BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for os-prober ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1410-1 Rating: low References: #1008444 #997465 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for os-prober provides the following fixes: - Remove the wildcard test for ld.so. It is inaccurate, slow and could hang for a long time in some circumstances. (bsc#1008444) - Parse /etc/os-release for openSUSE Tumbleweed. (bsc#997465) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-869=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-869=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-869=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-869=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-869=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): os-prober-1.61-29.1 os-prober-debuginfo-1.61-29.1 os-prober-debugsource-1.61-29.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): os-prober-1.61-29.1 os-prober-debuginfo-1.61-29.1 os-prober-debugsource-1.61-29.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): os-prober-1.61-29.1 os-prober-debuginfo-1.61-29.1 os-prober-debugsource-1.61-29.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): os-prober-1.61-29.1 os-prober-debuginfo-1.61-29.1 os-prober-debugsource-1.61-29.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): os-prober-1.61-29.1 os-prober-debuginfo-1.61-29.1 os-prober-debugsource-1.61-29.1 References: https://bugzilla.suse.com/1008444 https://bugzilla.suse.com/997465 From sle-updates at lists.suse.com Thu May 25 10:09:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 May 2017 18:09:54 +0200 (CEST) Subject: SUSE-SU-2017:1411-1: moderate: Security update for squidGuard Message-ID: <20170525160954.35445101C8@maintenance.suse.de> SUSE Security Update: Security update for squidGuard ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1411-1 Rating: moderate References: #985612 Cross-References: CVE-2015-8936 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: squidGuard was updated to fix one security issue: - CVE-2015-8936: Reflected cross site scripting vulnerability because of insufficient escaping (bsc#985612). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-868=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-868=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): squidGuard-1.4-29.1 squidGuard-debuginfo-1.4-29.1 squidGuard-debugsource-1.4-29.1 squidGuard-doc-1.4-29.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): squidGuard-1.4-29.1 squidGuard-debuginfo-1.4-29.1 squidGuard-debugsource-1.4-29.1 squidGuard-doc-1.4-29.1 References: https://www.suse.com/security/cve/CVE-2015-8936.html https://bugzilla.suse.com/985612 From sle-updates at lists.suse.com Fri May 26 10:10:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 May 2017 18:10:07 +0200 (CEST) Subject: SUSE-RU-2017:1416-1: Recommended update for crash Message-ID: <20170526161007.CCCDC101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1416-1 Rating: low References: #1022962 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash provides the following fixes: - Fix analyzing fadump (and qemu) dumps on PPC64 systems with 32TB of memory. (bsc#1022962) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-871=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-871=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): crash-debuginfo-7.1.5-10.11 crash-debugsource-7.1.5-10.11 crash-devel-7.1.5-10.11 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): crash-7.1.5-10.11 crash-debuginfo-7.1.5-10.11 crash-debugsource-7.1.5-10.11 crash-kmp-default-7.1.5_k3.12.69_60.64.35-10.11 crash-kmp-default-debuginfo-7.1.5_k3.12.69_60.64.35-10.11 - SUSE Linux Enterprise Server 12-SP1 (x86_64): crash-kmp-xen-7.1.5_k3.12.69_60.64.35-10.11 crash-kmp-xen-debuginfo-7.1.5_k3.12.69_60.64.35-10.11 References: https://bugzilla.suse.com/1022962 From sle-updates at lists.suse.com Fri May 26 10:10:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 May 2017 18:10:37 +0200 (CEST) Subject: SUSE-RU-2017:1417-1: Recommended update for ntp Message-ID: <20170526161037.8B44B101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ntp ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1417-1 Rating: low References: #1034892 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ntp provides the following fix: - Fix systemd migration in %pre (bsc#1034892) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-872=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-872=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-872=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-872=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-872=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ntp-4.2.8p10-63.3 ntp-debuginfo-4.2.8p10-63.3 ntp-debugsource-4.2.8p10-63.3 ntp-doc-4.2.8p10-63.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ntp-4.2.8p10-63.3 ntp-debuginfo-4.2.8p10-63.3 ntp-debugsource-4.2.8p10-63.3 ntp-doc-4.2.8p10-63.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ntp-4.2.8p10-63.3 ntp-debuginfo-4.2.8p10-63.3 ntp-debugsource-4.2.8p10-63.3 ntp-doc-4.2.8p10-63.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ntp-4.2.8p10-63.3 ntp-debuginfo-4.2.8p10-63.3 ntp-debugsource-4.2.8p10-63.3 ntp-doc-4.2.8p10-63.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ntp-4.2.8p10-63.3 ntp-debuginfo-4.2.8p10-63.3 ntp-debugsource-4.2.8p10-63.3 ntp-doc-4.2.8p10-63.3 References: https://bugzilla.suse.com/1034892 From sle-updates at lists.suse.com Fri May 26 10:11:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 May 2017 18:11:03 +0200 (CEST) Subject: SUSE-RU-2017:1418-1: Recommended update for sysstat Message-ID: <20170526161103.9A21F101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1418-1 Rating: low References: #1031674 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat provides the following fix: - Properly specify you want to be started by multi-user.target (bsc#1031674) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-870=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-870=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-870=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-870=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-870=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sysstat-10.2.1-9.2 sysstat-debuginfo-10.2.1-9.2 sysstat-debugsource-10.2.1-9.2 sysstat-isag-10.2.1-9.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sysstat-10.2.1-9.2 sysstat-debuginfo-10.2.1-9.2 sysstat-debugsource-10.2.1-9.2 sysstat-isag-10.2.1-9.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): sysstat-10.2.1-9.2 sysstat-debuginfo-10.2.1-9.2 sysstat-debugsource-10.2.1-9.2 sysstat-isag-10.2.1-9.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sysstat-10.2.1-9.2 sysstat-debuginfo-10.2.1-9.2 sysstat-debugsource-10.2.1-9.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): sysstat-10.2.1-9.2 sysstat-debuginfo-10.2.1-9.2 sysstat-debugsource-10.2.1-9.2 References: https://bugzilla.suse.com/1031674 From sle-updates at lists.suse.com Fri May 26 13:08:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 May 2017 21:08:57 +0200 (CEST) Subject: SUSE-RU-2017:1419-1: Recommended update for e2fsprogs Message-ID: <20170526190857.8269B101CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1419-1 Rating: low References: #1009532 #960273 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for e2fsprogs provides the following fixes: - Fix 32/64-bit overflow when multiplying by blocks/clusters per group. This allows resize2fs(8) to resize file systems larger than 20 TB. (bsc#1009532) - Update spec file to regenerate initrd when e2fsprogs is updated or uninstalled. (bsc#960273) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-873=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-873=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-873=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-873=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-873=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-873=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-873=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-873=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): e2fsprogs-debuginfo-1.42.11-12.1 e2fsprogs-debugsource-1.42.11-12.1 e2fsprogs-devel-1.42.11-12.1 libcom_err-devel-1.42.11-12.1 libext2fs-devel-1.42.11-12.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): e2fsprogs-debuginfo-1.42.11-12.1 e2fsprogs-debugsource-1.42.11-12.1 e2fsprogs-devel-1.42.11-12.1 libcom_err-devel-1.42.11-12.1 libext2fs-devel-1.42.11-12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): e2fsprogs-1.42.11-12.1 e2fsprogs-debuginfo-1.42.11-12.1 e2fsprogs-debugsource-1.42.11-12.1 libcom_err2-1.42.11-12.1 libcom_err2-debuginfo-1.42.11-12.1 libext2fs2-1.42.11-12.1 libext2fs2-debuginfo-1.42.11-12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): e2fsprogs-1.42.11-12.1 e2fsprogs-debuginfo-1.42.11-12.1 e2fsprogs-debugsource-1.42.11-12.1 libcom_err2-1.42.11-12.1 libcom_err2-debuginfo-1.42.11-12.1 libext2fs2-1.42.11-12.1 libext2fs2-debuginfo-1.42.11-12.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): e2fsprogs-debuginfo-32bit-1.42.11-12.1 libcom_err2-32bit-1.42.11-12.1 libcom_err2-debuginfo-32bit-1.42.11-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): e2fsprogs-1.42.11-12.1 e2fsprogs-debuginfo-1.42.11-12.1 e2fsprogs-debugsource-1.42.11-12.1 libcom_err2-1.42.11-12.1 libcom_err2-debuginfo-1.42.11-12.1 libext2fs2-1.42.11-12.1 libext2fs2-debuginfo-1.42.11-12.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): e2fsprogs-debuginfo-32bit-1.42.11-12.1 libcom_err2-32bit-1.42.11-12.1 libcom_err2-debuginfo-32bit-1.42.11-12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): e2fsprogs-1.42.11-12.1 e2fsprogs-debuginfo-1.42.11-12.1 e2fsprogs-debuginfo-32bit-1.42.11-12.1 e2fsprogs-debugsource-1.42.11-12.1 libcom_err2-1.42.11-12.1 libcom_err2-32bit-1.42.11-12.1 libcom_err2-debuginfo-1.42.11-12.1 libcom_err2-debuginfo-32bit-1.42.11-12.1 libext2fs2-1.42.11-12.1 libext2fs2-debuginfo-1.42.11-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): e2fsprogs-1.42.11-12.1 e2fsprogs-debuginfo-1.42.11-12.1 e2fsprogs-debuginfo-32bit-1.42.11-12.1 e2fsprogs-debugsource-1.42.11-12.1 libcom_err2-1.42.11-12.1 libcom_err2-32bit-1.42.11-12.1 libcom_err2-debuginfo-1.42.11-12.1 libcom_err2-debuginfo-32bit-1.42.11-12.1 libext2fs2-1.42.11-12.1 libext2fs2-debuginfo-1.42.11-12.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): e2fsprogs-1.42.11-12.1 e2fsprogs-debuginfo-1.42.11-12.1 e2fsprogs-debugsource-1.42.11-12.1 libcom_err2-1.42.11-12.1 libcom_err2-debuginfo-1.42.11-12.1 libext2fs2-1.42.11-12.1 libext2fs2-debuginfo-1.42.11-12.1 References: https://bugzilla.suse.com/1009532 https://bugzilla.suse.com/960273 From sle-updates at lists.suse.com Mon May 29 04:09:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 May 2017 12:09:24 +0200 (CEST) Subject: SUSE-SU-2017:1432-1: moderate: Security update for git Message-ID: <20170529100924.62773101CA@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1432-1 Rating: moderate References: #1038395 Cross-References: CVE-2017-8386 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issue: - CVE-2017-8386: git shell, may allow a user who comes over SSH to run an interactive pager by causing it to spawn "git upload-pack --help" (bsc#1038395): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-git-13129=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-git-13129=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-git-13129=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): git-1.7.12.4-0.17.1 git-core-1.7.12.4-0.17.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-1.7.12.4-0.17.1 git-arch-1.7.12.4-0.17.1 git-core-1.7.12.4-0.17.1 git-cvs-1.7.12.4-0.17.1 git-daemon-1.7.12.4-0.17.1 git-email-1.7.12.4-0.17.1 git-gui-1.7.12.4-0.17.1 git-svn-1.7.12.4-0.17.1 git-web-1.7.12.4-0.17.1 gitk-1.7.12.4-0.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-debuginfo-1.7.12.4-0.17.1 git-debugsource-1.7.12.4-0.17.1 References: https://www.suse.com/security/cve/CVE-2017-8386.html https://bugzilla.suse.com/1038395 From sle-updates at lists.suse.com Mon May 29 13:08:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 May 2017 21:08:54 +0200 (CEST) Subject: SUSE-RU-2017:1436-1: Recommended update for openstack-designate and -murano Message-ID: <20170529190854.DD332F7A2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-designate and -murano ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1436-1 Rating: low References: #1038011 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-designate and openstack-murano provides the latest code from OpenStack Newton. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-876=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-designate-3.0.2~a0~dev3-3.1 openstack-designate-agent-3.0.2~a0~dev3-3.1 openstack-designate-api-3.0.2~a0~dev3-3.1 openstack-designate-central-3.0.2~a0~dev3-3.1 openstack-designate-doc-3.0.2~a0~dev3-3.2 openstack-designate-producer-3.0.2~a0~dev3-3.1 openstack-designate-sink-3.0.2~a0~dev3-3.1 openstack-designate-worker-3.0.2~a0~dev3-3.1 openstack-murano-3.0.1~a0~dev21-6.1 openstack-murano-api-3.0.1~a0~dev21-6.1 openstack-murano-doc-3.0.1~a0~dev21-6.1 openstack-murano-engine-3.0.1~a0~dev21-6.1 python-designate-3.0.2~a0~dev3-3.1 python-murano-3.0.1~a0~dev21-6.1 References: https://bugzilla.suse.com/1038011 From sle-updates at lists.suse.com Mon May 29 13:09:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 May 2017 21:09:17 +0200 (CEST) Subject: SUSE-RU-2017:1437-1: Recommended update for amavisd-new Message-ID: <20170529190917.5197D101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for amavisd-new ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1437-1 Rating: low References: #1014157 #1014205 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for amavisd-new provides the following fixes: - Properly create /etc/sysconfig/amavis at installation time. (bsc#1014205) - Add "spamassassin" to requirements list. (bsc#1014157) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-878=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-878=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-878=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-878=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-878=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-878=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-878=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): amavisd-new-debuginfo-2.8.1-14.1 amavisd-new-debugsource-2.8.1-14.1 amavisd-new-docs-2.8.1-14.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): amavisd-new-debuginfo-2.8.1-14.1 amavisd-new-debugsource-2.8.1-14.1 amavisd-new-docs-2.8.1-14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): amavisd-new-2.8.1-14.1 amavisd-new-debuginfo-2.8.1-14.1 amavisd-new-debugsource-2.8.1-14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): amavisd-new-2.8.1-14.1 amavisd-new-debuginfo-2.8.1-14.1 amavisd-new-debugsource-2.8.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): amavisd-new-2.8.1-14.1 amavisd-new-debuginfo-2.8.1-14.1 amavisd-new-debugsource-2.8.1-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): amavisd-new-2.8.1-14.1 amavisd-new-debuginfo-2.8.1-14.1 amavisd-new-debugsource-2.8.1-14.1 amavisd-new-docs-2.8.1-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): amavisd-new-2.8.1-14.1 amavisd-new-debuginfo-2.8.1-14.1 amavisd-new-debugsource-2.8.1-14.1 amavisd-new-docs-2.8.1-14.1 References: https://bugzilla.suse.com/1014157 https://bugzilla.suse.com/1014205 From sle-updates at lists.suse.com Mon May 29 13:09:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 May 2017 21:09:49 +0200 (CEST) Subject: SUSE-RU-2017:1438-1: Recommended update for cryptsetup Message-ID: <20170529190949.A23C6101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for cryptsetup ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1438-1 Rating: low References: #1031998 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cryptsetup provides the following fix: - Don't use a zero-filled empty key, because in FIPS, XTS mode key parts mustn't be equivalent (bsc#1031998) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-877=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-877=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-877=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-877=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-877=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-877=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-877=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-877=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): cryptsetup-debuginfo-1.6.4-4.1 cryptsetup-debugsource-1.6.4-4.1 libcryptsetup-devel-1.6.4-4.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): cryptsetup-debuginfo-1.6.4-4.1 cryptsetup-debugsource-1.6.4-4.1 libcryptsetup-devel-1.6.4-4.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): cryptsetup-1.6.4-4.1 cryptsetup-debuginfo-1.6.4-4.1 cryptsetup-debugsource-1.6.4-4.1 libcryptsetup4-1.6.4-4.1 libcryptsetup4-debuginfo-1.6.4-4.1 libcryptsetup4-hmac-1.6.4-4.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): cryptsetup-1.6.4-4.1 cryptsetup-debuginfo-1.6.4-4.1 cryptsetup-debugsource-1.6.4-4.1 libcryptsetup4-1.6.4-4.1 libcryptsetup4-debuginfo-1.6.4-4.1 libcryptsetup4-hmac-1.6.4-4.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libcryptsetup4-32bit-1.6.4-4.1 libcryptsetup4-debuginfo-32bit-1.6.4-4.1 libcryptsetup4-hmac-32bit-1.6.4-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cryptsetup-1.6.4-4.1 cryptsetup-debuginfo-1.6.4-4.1 cryptsetup-debugsource-1.6.4-4.1 libcryptsetup4-1.6.4-4.1 libcryptsetup4-debuginfo-1.6.4-4.1 libcryptsetup4-hmac-1.6.4-4.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcryptsetup4-32bit-1.6.4-4.1 libcryptsetup4-debuginfo-32bit-1.6.4-4.1 libcryptsetup4-hmac-32bit-1.6.4-4.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): cryptsetup-1.6.4-4.1 cryptsetup-debuginfo-1.6.4-4.1 cryptsetup-debugsource-1.6.4-4.1 libcryptsetup4-1.6.4-4.1 libcryptsetup4-32bit-1.6.4-4.1 libcryptsetup4-debuginfo-1.6.4-4.1 libcryptsetup4-debuginfo-32bit-1.6.4-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cryptsetup-1.6.4-4.1 cryptsetup-debuginfo-1.6.4-4.1 cryptsetup-debugsource-1.6.4-4.1 libcryptsetup4-1.6.4-4.1 libcryptsetup4-32bit-1.6.4-4.1 libcryptsetup4-debuginfo-1.6.4-4.1 libcryptsetup4-debuginfo-32bit-1.6.4-4.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): cryptsetup-debuginfo-1.6.4-4.1 cryptsetup-debugsource-1.6.4-4.1 libcryptsetup4-1.6.4-4.1 libcryptsetup4-debuginfo-1.6.4-4.1 References: https://bugzilla.suse.com/1031998 From sle-updates at lists.suse.com Tue May 30 10:09:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 18:09:50 +0200 (CEST) Subject: SUSE-SU-2017:1441-1: moderate: Security update for postgresql93 Message-ID: <20170530160950.CB504101C9@maintenance.suse.de> SUSE Security Update: Security update for postgresql93 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1441-1 Rating: moderate References: #1029547 #1037603 #1037624 #1038293 Cross-References: CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for postgresql93 fixes the following issues: The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Bug fixes: - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) More details can be found in the PostgreSQL release announcements: - https://www.postgresql.org/docs/9.3/static/release-9-3-17.html - https://www.postgresql.org/docs/9.3/static/release-9-3-16.html - https://www.postgresql.org/docs/9.3/static/release-9-3-15.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-881=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-881=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): postgresql93-9.3.17-24.2 postgresql93-contrib-9.3.17-24.2 postgresql93-contrib-debuginfo-9.3.17-24.2 postgresql93-debuginfo-9.3.17-24.2 postgresql93-debugsource-9.3.17-24.2 postgresql93-server-9.3.17-24.2 postgresql93-server-debuginfo-9.3.17-24.2 - SUSE Linux Enterprise Server for SAP 12 (noarch): postgresql93-docs-9.3.17-24.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): postgresql93-9.3.17-24.2 postgresql93-contrib-9.3.17-24.2 postgresql93-contrib-debuginfo-9.3.17-24.2 postgresql93-debuginfo-9.3.17-24.2 postgresql93-debugsource-9.3.17-24.2 postgresql93-server-9.3.17-24.2 postgresql93-server-debuginfo-9.3.17-24.2 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql93-docs-9.3.17-24.2 References: https://www.suse.com/security/cve/CVE-2017-7484.html https://www.suse.com/security/cve/CVE-2017-7485.html https://www.suse.com/security/cve/CVE-2017-7486.html https://bugzilla.suse.com/1029547 https://bugzilla.suse.com/1037603 https://bugzilla.suse.com/1037624 https://bugzilla.suse.com/1038293 From sle-updates at lists.suse.com Tue May 30 10:10:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 18:10:38 +0200 (CEST) Subject: SUSE-SU-2017:1442-1: moderate: Security update for wireshark Message-ID: <20170530161038.8A707101C9@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1442-1 Rating: moderate References: #1002981 #1010735 #1010740 #1010752 #1010754 #1010911 #1021739 #1025913 #1026507 #1027692 #1027998 #1033936 #1033937 #1033938 #1033939 #1033940 #1033941 #1033942 #1033943 #1033944 #1033945 #990856 #998761 #998762 #998763 #998800 #998963 #998964 Cross-References: CVE-2016-6354 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-5596 CVE-2017-5597 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 24 vulnerabilities and has four fixes is now available. Description: Wireshark was updated to version 2.2.6, which brings several new features, enhancements and bug fixes. Thses security issues were fixed: - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936) - CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type (bsc#1033937) - CVE-2017-7702: In Wireshark the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation (bsc#1033938) - CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly (bsc#1033939) - CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value (bsc#1033940) - CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset (bsc#1033941) - CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check (bsc#1033942) - CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length (bsc#1033943) - CVE-2017-7747: In Wireshark the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree (bsc#1033944) - CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check (bsc#1033945) - CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory (bsc#1025913) - CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow (bsc#1021739) - CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow (bsc#1021739) - CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large (bsc#1010735) - CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful (bsc#1010740) - CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable (bsc#1010752) - CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings (bsc#1010754) - CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark did not properly consider whether a string is constant, which allowed remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet (bsc#998800) - CVE-2016-7179: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#998963) - CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark did not ensure that memory is allocated for certain data structures, which allowed remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet (bsc#998964) - CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark did not restrict the number of channels, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet (bsc#998763) - CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark called snprintf with one of its input buffers as the output buffer, which allowed remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet (bsc#998762) - CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark mishandled MAC address data, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet (bsc#998761) - CVE-2016-6354: Heap-based buffer overflow in the yy_get_next_buffer function in Flex might have allowed context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read (bsc#990856). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-883=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-883=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-883=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-883=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-883=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-883=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-883=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.6-44.3 wireshark-debugsource-2.2.6-44.3 wireshark-devel-2.2.6-44.3 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): wireshark-debuginfo-2.2.6-44.3 wireshark-debugsource-2.2.6-44.3 wireshark-devel-2.2.6-44.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libwireshark8-2.2.6-44.3 libwireshark8-debuginfo-2.2.6-44.3 libwiretap6-2.2.6-44.3 libwiretap6-debuginfo-2.2.6-44.3 libwscodecs1-2.2.6-44.3 libwscodecs1-debuginfo-2.2.6-44.3 libwsutil7-2.2.6-44.3 libwsutil7-debuginfo-2.2.6-44.3 wireshark-2.2.6-44.3 wireshark-debuginfo-2.2.6-44.3 wireshark-debugsource-2.2.6-44.3 wireshark-gtk-2.2.6-44.3 wireshark-gtk-debuginfo-2.2.6-44.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libwireshark8-2.2.6-44.3 libwireshark8-debuginfo-2.2.6-44.3 libwiretap6-2.2.6-44.3 libwiretap6-debuginfo-2.2.6-44.3 libwscodecs1-2.2.6-44.3 libwscodecs1-debuginfo-2.2.6-44.3 libwsutil7-2.2.6-44.3 libwsutil7-debuginfo-2.2.6-44.3 wireshark-2.2.6-44.3 wireshark-debuginfo-2.2.6-44.3 wireshark-debugsource-2.2.6-44.3 wireshark-gtk-2.2.6-44.3 wireshark-gtk-debuginfo-2.2.6-44.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libwireshark8-2.2.6-44.3 libwireshark8-debuginfo-2.2.6-44.3 libwiretap6-2.2.6-44.3 libwiretap6-debuginfo-2.2.6-44.3 libwscodecs1-2.2.6-44.3 libwscodecs1-debuginfo-2.2.6-44.3 libwsutil7-2.2.6-44.3 libwsutil7-debuginfo-2.2.6-44.3 wireshark-2.2.6-44.3 wireshark-debuginfo-2.2.6-44.3 wireshark-debugsource-2.2.6-44.3 wireshark-gtk-2.2.6-44.3 wireshark-gtk-debuginfo-2.2.6-44.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libwireshark8-2.2.6-44.3 libwireshark8-debuginfo-2.2.6-44.3 libwiretap6-2.2.6-44.3 libwiretap6-debuginfo-2.2.6-44.3 libwscodecs1-2.2.6-44.3 libwscodecs1-debuginfo-2.2.6-44.3 libwsutil7-2.2.6-44.3 libwsutil7-debuginfo-2.2.6-44.3 wireshark-2.2.6-44.3 wireshark-debuginfo-2.2.6-44.3 wireshark-debugsource-2.2.6-44.3 wireshark-gtk-2.2.6-44.3 wireshark-gtk-debuginfo-2.2.6-44.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libwireshark8-2.2.6-44.3 libwireshark8-debuginfo-2.2.6-44.3 libwiretap6-2.2.6-44.3 libwiretap6-debuginfo-2.2.6-44.3 libwscodecs1-2.2.6-44.3 libwscodecs1-debuginfo-2.2.6-44.3 libwsutil7-2.2.6-44.3 libwsutil7-debuginfo-2.2.6-44.3 wireshark-2.2.6-44.3 wireshark-debuginfo-2.2.6-44.3 wireshark-debugsource-2.2.6-44.3 wireshark-gtk-2.2.6-44.3 wireshark-gtk-debuginfo-2.2.6-44.3 References: https://www.suse.com/security/cve/CVE-2016-6354.html https://www.suse.com/security/cve/CVE-2016-7175.html https://www.suse.com/security/cve/CVE-2016-7176.html https://www.suse.com/security/cve/CVE-2016-7177.html https://www.suse.com/security/cve/CVE-2016-7178.html https://www.suse.com/security/cve/CVE-2016-7179.html https://www.suse.com/security/cve/CVE-2016-7180.html https://www.suse.com/security/cve/CVE-2016-9373.html https://www.suse.com/security/cve/CVE-2016-9374.html https://www.suse.com/security/cve/CVE-2016-9375.html https://www.suse.com/security/cve/CVE-2016-9376.html https://www.suse.com/security/cve/CVE-2017-5596.html https://www.suse.com/security/cve/CVE-2017-5597.html https://www.suse.com/security/cve/CVE-2017-6014.html https://www.suse.com/security/cve/CVE-2017-7700.html https://www.suse.com/security/cve/CVE-2017-7701.html https://www.suse.com/security/cve/CVE-2017-7702.html https://www.suse.com/security/cve/CVE-2017-7703.html https://www.suse.com/security/cve/CVE-2017-7704.html https://www.suse.com/security/cve/CVE-2017-7705.html https://www.suse.com/security/cve/CVE-2017-7745.html https://www.suse.com/security/cve/CVE-2017-7746.html https://www.suse.com/security/cve/CVE-2017-7747.html https://www.suse.com/security/cve/CVE-2017-7748.html https://bugzilla.suse.com/1002981 https://bugzilla.suse.com/1010735 https://bugzilla.suse.com/1010740 https://bugzilla.suse.com/1010752 https://bugzilla.suse.com/1010754 https://bugzilla.suse.com/1010911 https://bugzilla.suse.com/1021739 https://bugzilla.suse.com/1025913 https://bugzilla.suse.com/1026507 https://bugzilla.suse.com/1027692 https://bugzilla.suse.com/1027998 https://bugzilla.suse.com/1033936 https://bugzilla.suse.com/1033937 https://bugzilla.suse.com/1033938 https://bugzilla.suse.com/1033939 https://bugzilla.suse.com/1033940 https://bugzilla.suse.com/1033941 https://bugzilla.suse.com/1033942 https://bugzilla.suse.com/1033943 https://bugzilla.suse.com/1033944 https://bugzilla.suse.com/1033945 https://bugzilla.suse.com/990856 https://bugzilla.suse.com/998761 https://bugzilla.suse.com/998762 https://bugzilla.suse.com/998763 https://bugzilla.suse.com/998800 https://bugzilla.suse.com/998963 https://bugzilla.suse.com/998964 From sle-updates at lists.suse.com Tue May 30 10:14:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 18:14:20 +0200 (CEST) Subject: SUSE-SU-2017:1443-1: important: Security update for several openstack-components Message-ID: <20170530161420.3CA0DF7A2@maintenance.suse.de> SUSE Security Update: Security update for several openstack-components ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1443-1 Rating: important References: #1024328 #1030406 #1032322 Cross-References: CVE-2017-7214 CVE-2017-7400 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for openstack-ceilometer, -cinder, -dashboard, -glance, -heat, -keystone, -manila, -magnum and -novaopenstack-keystone provides the latest code from OpenStack Newton. - nova: Add release note that legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. (bsc#1030406, CVE-2017-7214) - nova: Remove PrivTmp from openstack-nova-compute service. (bsc#1024328) - dashboard: Remove dangerous safestring declaration. (bsc#1032322, CVE-2017-7400) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-882=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-ceilometer-7.0.4~a0~dev7-3.1 openstack-ceilometer-agent-central-7.0.4~a0~dev7-3.1 openstack-ceilometer-agent-compute-7.0.4~a0~dev7-3.1 openstack-ceilometer-agent-ipmi-7.0.4~a0~dev7-3.1 openstack-ceilometer-agent-notification-7.0.4~a0~dev7-3.1 openstack-ceilometer-api-7.0.4~a0~dev7-3.1 openstack-ceilometer-collector-7.0.4~a0~dev7-3.1 openstack-ceilometer-doc-7.0.4~a0~dev7-3.2 openstack-ceilometer-polling-7.0.4~a0~dev7-3.1 openstack-cinder-9.1.5~a0~dev1-3.1 openstack-cinder-api-9.1.5~a0~dev1-3.1 openstack-cinder-backup-9.1.5~a0~dev1-3.1 openstack-cinder-doc-9.1.5~a0~dev1-3.1 openstack-cinder-scheduler-9.1.5~a0~dev1-3.1 openstack-cinder-volume-9.1.5~a0~dev1-3.1 openstack-dashboard-10.0.4~a0~dev2-3.1 openstack-glance-13.0.1~a0~dev6-3.1 openstack-glance-api-13.0.1~a0~dev6-3.1 openstack-glance-doc-13.0.1~a0~dev6-3.3 openstack-glance-glare-13.0.1~a0~dev6-3.1 openstack-glance-registry-13.0.1~a0~dev6-3.1 openstack-heat-7.0.4~a0~dev4-4.1 openstack-heat-api-7.0.4~a0~dev4-4.1 openstack-heat-api-cfn-7.0.4~a0~dev4-4.1 openstack-heat-api-cloudwatch-7.0.4~a0~dev4-4.1 openstack-heat-doc-7.0.4~a0~dev4-4.2 openstack-heat-engine-7.0.4~a0~dev4-4.1 openstack-heat-plugin-heat_docker-7.0.4~a0~dev4-4.1 openstack-heat-test-7.0.4~a0~dev4-4.1 openstack-keystone-10.0.2~a0~dev2-6.1 openstack-keystone-doc-10.0.2~a0~dev2-6.2 openstack-magnum-3.1.2~a0~dev22-13.1 openstack-magnum-api-3.1.2~a0~dev22-13.1 openstack-magnum-conductor-3.1.2~a0~dev22-13.1 openstack-magnum-doc-3.1.2~a0~dev22-13.1 openstack-manila-3.0.1~a0~dev27-3.1 openstack-manila-api-3.0.1~a0~dev27-3.1 openstack-manila-data-3.0.1~a0~dev27-3.1 openstack-manila-doc-3.0.1~a0~dev27-3.1 openstack-manila-scheduler-3.0.1~a0~dev27-3.1 openstack-manila-share-3.0.1~a0~dev27-3.1 openstack-nova-14.0.6~a0~dev16-3.1 openstack-nova-api-14.0.6~a0~dev16-3.1 openstack-nova-cells-14.0.6~a0~dev16-3.1 openstack-nova-cert-14.0.6~a0~dev16-3.1 openstack-nova-compute-14.0.6~a0~dev16-3.1 openstack-nova-conductor-14.0.6~a0~dev16-3.1 openstack-nova-console-14.0.6~a0~dev16-3.1 openstack-nova-consoleauth-14.0.6~a0~dev16-3.1 openstack-nova-doc-14.0.6~a0~dev16-3.3 openstack-nova-novncproxy-14.0.6~a0~dev16-3.1 openstack-nova-placement-api-14.0.6~a0~dev16-3.1 openstack-nova-scheduler-14.0.6~a0~dev16-3.1 openstack-nova-serialproxy-14.0.6~a0~dev16-3.1 openstack-nova-vncproxy-14.0.6~a0~dev16-3.1 python-ceilometer-7.0.4~a0~dev7-3.1 python-cinder-9.1.5~a0~dev1-3.1 python-glance-13.0.1~a0~dev6-3.1 python-heat-7.0.4~a0~dev4-4.1 python-horizon-10.0.4~a0~dev2-3.1 python-keystone-10.0.2~a0~dev2-6.1 python-magnum-3.1.2~a0~dev22-13.1 python-manila-3.0.1~a0~dev27-3.1 python-nova-14.0.6~a0~dev16-3.1 References: https://www.suse.com/security/cve/CVE-2017-7214.html https://www.suse.com/security/cve/CVE-2017-7400.html https://bugzilla.suse.com/1024328 https://bugzilla.suse.com/1030406 https://bugzilla.suse.com/1032322 From sle-updates at lists.suse.com Tue May 30 10:14:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 18:14:59 +0200 (CEST) Subject: SUSE-SU-2017:1444-1: important: Security update for java-1_6_0-ibm Message-ID: <20170530161459.85800101C9@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1444-1 Rating: important References: #1027038 #1038505 Cross-References: CVE-2016-2183 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues: - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - Version update to 6.0-16.40 bsc#1027038 CVE-2016-2183 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_6_0-ibm-13130=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_6_0-ibm-13130=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.45-84.1 java-1_6_0-ibm-devel-1.6.0_sr16.45-84.1 java-1_6_0-ibm-fonts-1.6.0_sr16.45-84.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.45-84.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.45-84.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.45-84.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_6_0-ibm-1.6.0_sr16.45-84.1 java-1_6_0-ibm-alsa-1.6.0_sr16.45-84.1 java-1_6_0-ibm-devel-1.6.0_sr16.45-84.1 java-1_6_0-ibm-fonts-1.6.0_sr16.45-84.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.45-84.1 java-1_6_0-ibm-plugin-1.6.0_sr16.45-84.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-1289.html https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3514.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1027038 https://bugzilla.suse.com/1038505 From sle-updates at lists.suse.com Tue May 30 10:15:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 18:15:31 +0200 (CEST) Subject: SUSE-SU-2017:1445-1: important: Security update for java-1_8_0-openjdk Message-ID: <20170530161531.AA716101C9@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1445-1 Rating: important References: #1034849 Cross-References: CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u131 (icedtea 3.4.0) - bsc#1034849 * Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-3514: Windows peering issue - S8168699: Validate special case invocations - S8169011, CVE-2017-3526: Resizing XML parse trees - S8170222, CVE-2017-3533: Better transfers of files - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172299: Improve class processing * New features - PR1969: Add AArch32 JIT port - PR3297: Allow Shenandoah to be used on AArch64 - PR3340: jstack.stp should support AArch64 * Import of OpenJDK 8 u131 build 11 - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6515172, PR3346: Runtime.availableProcessors() ignores Linux taskset command - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7167293: FtpURLConnection connection leak on FileNotFoundException - S8035568: [macosx] Cursor management unification - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8130769: The new menu can't be shown on the menubar after clicking the "Add" button. - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException - S8147842: IME Composition Window is displayed at incorrect location - S8147910, PR3346: Cache initial active_processor_count - S8150490: Update OS detection code to recognize Windows Server 2016 - S8160951: [TEST_BUG] javax/xml/bind/marshal/8134111/UnmarshalTest.java should be added into :needs_jre group - S8160958: [TEST_BUG] java/net/SetFactoryPermission/SetFactoryPermission.java should be added into :needs_compact2 group - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161993, PR3346: G1 crashes if active_processor_count changes during startup - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently - S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with "Error while cleaning up threads after test" - S8167179: Make XSL generated namespace prefixes local to transformation process - S8168774: Polymorhic signature method check crashes javac - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections - S8169589: [macosx] Activating a JDialog puts to back another dialog - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments - S8171388: Update JNDI Thread contexts - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. - S8173030: Temporary backout fix #8035568 from 8u131-b03 - S8173031: Temporary backout fix #8171952 from 8u131-b03 - S8173783, PR3328: IllegalArgumentException: jdk.tls.namedGroups - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8174985: NTLM authentication doesn't work with IIS if NTLM cache is disabled - S8176044: (tz) Support tzdata2017a * Backports - S6457406, PR3335: javadoc doesn't handle properly in producing index pages - S8030245, PR3335: Update langtools to use try-with-resources and multi-catch - S8030253, PR3335: Update langtools to use strings-in-switch - S8030262, PR3335: Update langtools to use foreach loops - S8031113, PR3337: TEST_BUG: java/nio/channels/AsynchronousChannelGroup/Basic.java fails intermittently - S8031625, PR3335: javadoc problems referencing inner class constructors - S8031649, PR3335: Clean up javadoc tests - S8031670, PR3335: Remove unneeded -source options in javadoc tests - S8032066, PR3335: Serialized form has broken links to non private inner classes of package private - S8034174, PR2290: Remove use of JVM_* functions from java.net code - S8034182, PR2290: Misc. warnings in java.net code - S8035876, PR2290: AIX build issues after '8034174: Remove use of JVM_* functions from java.net code' - S8038730, PR3335: Clean up the way JavadocTester is invoked, and checks for errors. - S8040903, PR3335: Clean up use of BUG_ID in javadoc tests - S8040904, PR3335: Ensure javadoc tests do not overwrite results within tests - S8040908, PR3335: javadoc test TestDocEncoding should use -notimestamp - S8041150, PR3335: Avoid silly use of static methods in JavadocTester - S8041253, PR3335: Avoid redundant synonyms of NO_TEST - S8043780, PR3368: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC) - S8061305, PR3335: Javadoc crashes when method name ends with "Property" - S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits - S8075565, PR3337: Define @intermittent jtreg keyword and mark intermittently failing jdk tests - S8075670, PR3337: Remove intermittent keyword from some tests - S8078334, PR3337: Mark regression tests using randomness - S8078880, PR3337: Mark a few more intermittently failuring security-libs - S8133318, PR3337: Exclude intermittent failing PKCS11 tests on Solaris SPARC 11.1 and earlier - S8144539, PR3337: Update PKCS11 tests to run with security manager - S8144566, PR3352: Custom HostnameVerifier disables SNI extension - S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command - S8155049, PR3352: New tests from 8144566 fail with "No expected Server Name Indication" - S8173941, PR3326: SA does not work if executable is DSO - S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes breaks with irreducible loops - S8174729, PR3336, RH1420518: Race Condition in java.lang.reflect.WeakCache - S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the test * Bug fixes - PR3348: Architectures unsupported by SystemTap tapsets throw a parse error - PR3378: Perl should be mandatory - PR3389: javac.in and javah.in should use @PERL@ rather than a hardcoded path * AArch64 port - S8168699, PR3372: Validate special case invocations [AArch64 support] - S8170100, PR3372: AArch64: Crash in C1-compiled code accessing References - S8172881, PR3372: AArch64: assertion failure: the int pressure is incorrect - S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit instructions - S8177661, PR3372: Correct ad rule output register types from iRegX to iRegXNoSp * AArch32 port - PR3380: Zero should not be enabled by default on arm with the AArch32 HotSpot build - PR3384, S8139303, S8167584: Add support for AArch32 architecture to configure and jdk makefiles - PR3385: aarch32 does not support -Xshare:dump - PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build - PR3387: Installation fails on arm with AArch32 port as INSTALL_ARCH_DIR is arm, not aarch32 - PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build * Shenandoah - Fix Shenandoah argument checking on 32bit builds. - Import from Shenandoah tag aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-879=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-879=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-879=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_8_0-openjdk-1.8.0.131-26.3 java-1_8_0-openjdk-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-debugsource-1.8.0.131-26.3 java-1_8_0-openjdk-demo-1.8.0.131-26.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-devel-1.8.0.131-26.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-headless-1.8.0.131-26.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-26.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): java-1_8_0-openjdk-1.8.0.131-26.3 java-1_8_0-openjdk-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-debugsource-1.8.0.131-26.3 java-1_8_0-openjdk-demo-1.8.0.131-26.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-devel-1.8.0.131-26.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-headless-1.8.0.131-26.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-26.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_8_0-openjdk-1.8.0.131-26.3 java-1_8_0-openjdk-debuginfo-1.8.0.131-26.3 java-1_8_0-openjdk-debugsource-1.8.0.131-26.3 java-1_8_0-openjdk-headless-1.8.0.131-26.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.131-26.3 References: https://www.suse.com/security/cve/CVE-2017-3509.html https://www.suse.com/security/cve/CVE-2017-3511.html https://www.suse.com/security/cve/CVE-2017-3512.html https://www.suse.com/security/cve/CVE-2017-3514.html https://www.suse.com/security/cve/CVE-2017-3526.html https://www.suse.com/security/cve/CVE-2017-3533.html https://www.suse.com/security/cve/CVE-2017-3539.html https://www.suse.com/security/cve/CVE-2017-3544.html https://bugzilla.suse.com/1034849 From sle-updates at lists.suse.com Tue May 30 13:08:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 21:08:58 +0200 (CEST) Subject: SUSE-SU-2017:1446-1: important: Security update for sudo Message-ID: <20170530190858.5AEDD101C9@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1446-1 Rating: important References: #1015351 #1024145 #1039361 #981124 Cross-References: CVE-2017-1000367 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for hostname. [bsc#1024145] - Filter netgroups, they aren't handled by SSSD. [bsc#1015351] - Fix problems related to "krb5_ccname" option [bsc#981124] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-888=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-888=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-888=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-888=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-888=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 sudo-devel-1.8.10p3-2.11.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): sudo-1.8.10p3-2.11.1 sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): sudo-1.8.10p3-2.11.1 sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.11.1 sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): sudo-1.8.10p3-2.11.1 sudo-debuginfo-1.8.10p3-2.11.1 sudo-debugsource-1.8.10p3-2.11.1 References: https://www.suse.com/security/cve/CVE-2017-1000367.html https://bugzilla.suse.com/1015351 https://bugzilla.suse.com/1024145 https://bugzilla.suse.com/1039361 https://bugzilla.suse.com/981124 From sle-updates at lists.suse.com Tue May 30 13:09:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 21:09:53 +0200 (CEST) Subject: SUSE-RU-2017:1447-1: Recommended update for python-ipaddr Message-ID: <20170530190953.07AAD101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ipaddr ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1447-1 Rating: low References: #1002895 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-ipaddr provides fixes for the following issues: - Hostmask parsing bug fixed by rewriting of the mask parsing code. - Incorrect parsing of some IPv6 addresses. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-890=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-890=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-890=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-890=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-890=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): python-ipaddr-2.1.11-14.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): python-ipaddr-2.1.11-14.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-ipaddr-2.1.11-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): python-ipaddr-2.1.11-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): python-ipaddr-2.1.11-14.1 References: https://bugzilla.suse.com/1002895 From sle-updates at lists.suse.com Tue May 30 13:10:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 21:10:18 +0200 (CEST) Subject: SUSE-RU-2017:1448-1: Recommended update for resource-agents Message-ID: <20170530191018.B181E101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1448-1 Rating: low References: #1022223 #1036486 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents provides the following fixes: - SAPInstance: Add IS_ERS parameter. (bsc#1036486) - exportfs: Only strip brackets from edges of clientspec. (bsc#1022223) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-886=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ldirectord-3.9.7+git.1461938976.cb7c36a-14.5.1 monitoring-plugins-metadata-3.9.7+git.1461938976.cb7c36a-14.5.1 resource-agents-3.9.7+git.1461938976.cb7c36a-14.5.1 resource-agents-debuginfo-3.9.7+git.1461938976.cb7c36a-14.5.1 resource-agents-debugsource-3.9.7+git.1461938976.cb7c36a-14.5.1 References: https://bugzilla.suse.com/1022223 https://bugzilla.suse.com/1036486 From sle-updates at lists.suse.com Tue May 30 13:10:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 21:10:51 +0200 (CEST) Subject: SUSE-RU-2017:1449-1: Recommended update for resource-agents Message-ID: <20170530191051.EEF39101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1449-1 Rating: low References: #1036486 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents provides the following fix: - SAPInstance: Add IS_ERS parameter (bsc#1036486) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-885=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ldirectord-3.9.6+git.1442374860.7f3628a-25.1 monitoring-plugins-metadata-3.9.6+git.1442374860.7f3628a-25.1 resource-agents-3.9.6+git.1442374860.7f3628a-25.1 resource-agents-debuginfo-3.9.6+git.1442374860.7f3628a-25.1 resource-agents-debugsource-3.9.6+git.1442374860.7f3628a-25.1 References: https://bugzilla.suse.com/1036486 From sle-updates at lists.suse.com Tue May 30 13:11:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 21:11:15 +0200 (CEST) Subject: SUSE-SU-2017:1450-1: important: Security update for sudo Message-ID: <20170530191115.2F8B7101C9@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1450-1 Rating: important References: #1015351 #1024145 #1039361 #981124 Cross-References: CVE-2017-1000367 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for hostname. [bsc#1024145] - Filter netgroups, they aren't handled by SSSD. [bsc#1015351] - Fix problems related to "krb5_ccname" option [bsc#981124] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-889=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-889=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-889=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-889=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-889=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 sudo-devel-1.8.10p3-10.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sudo-1.8.10p3-10.5.1 sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sudo-1.8.10p3-10.5.1 sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sudo-1.8.10p3-10.5.1 sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): sudo-1.8.10p3-10.5.1 sudo-debuginfo-1.8.10p3-10.5.1 sudo-debugsource-1.8.10p3-10.5.1 References: https://www.suse.com/security/cve/CVE-2017-1000367.html https://bugzilla.suse.com/1015351 https://bugzilla.suse.com/1024145 https://bugzilla.suse.com/1039361 https://bugzilla.suse.com/981124 From sle-updates at lists.suse.com Tue May 30 13:11:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 21:11:57 +0200 (CEST) Subject: SUSE-OU-2017:1451-1: Initial release of python-rpm-macros Message-ID: <20170530191157.23943101C9@maintenance.suse.de> SUSE Optional Update: Initial release of python-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1451-1 Rating: low References: #1039368 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds python-rpm-macros to SUSE Linux Enterprise Software Development Kit 12. This package contains RPM macros that ease packaging and building of Python singlespec packages. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-884=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-884=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): python-rpm-macros-2017.05.09.fc237de-2.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): python-rpm-macros-2017.05.09.fc237de-2.1 References: https://bugzilla.suse.com/1039368 From sle-updates at lists.suse.com Tue May 30 13:12:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 May 2017 21:12:20 +0200 (CEST) Subject: SUSE-RU-2017:1452-1: Recommended update for smt Message-ID: <20170530191220.5EBC7101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1452-1 Rating: low References: #1026417 #944291 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for smt provides fixes and enhancements: - Add single product deactivation endpoint. - Add info about repositories with errors to summary. (bsc#944291) - Add an option to exclude optional packages (--exclude-optional or -x). - Allow 12-digit service request numbers. (bsc#1026417) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-887=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-887=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-887=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-887=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): res-signingkeys-3.0.25-48.1 smt-3.0.25-48.1 smt-debuginfo-3.0.25-48.1 smt-debugsource-3.0.25-48.1 smt-support-3.0.25-48.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): res-signingkeys-3.0.25-48.1 smt-3.0.25-48.1 smt-debuginfo-3.0.25-48.1 smt-debugsource-3.0.25-48.1 smt-support-3.0.25-48.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): res-signingkeys-3.0.25-48.1 smt-3.0.25-48.1 smt-debuginfo-3.0.25-48.1 smt-debugsource-3.0.25-48.1 smt-support-3.0.25-48.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.25-48.1 References: https://bugzilla.suse.com/1026417 https://bugzilla.suse.com/944291 From sle-updates at lists.suse.com Tue May 30 19:08:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2017 03:08:51 +0200 (CEST) Subject: SUSE-SU-2017:1454-1: moderate: Security update for libxml2 Message-ID: <20170531010851.600B7101C9@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1454-1 Rating: moderate References: #1039063 #1039064 #1039066 #1039069 #1039661 #981114 Cross-References: CVE-2016-1839 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for libxml2 fixes the following issues: - CVE-2017-9047, CVE-2017-9048: The function xmlSnprintfElementContent in valid.c was vulnerable to a stack buffer overflow (bsc#1039063, bsc#1039064) - CVE-2017-9049: The function xmlDictComputeFastKey in dict.c was vulnerable to a heap-based buffer over-read. (bsc#1039066) - CVE-2017-9050: The function xmlDictAddString was vulnerable to a heap-based buffer over-read (bsc#1039661) - CVE-2016-1839: heap-based buffer overflow (xmlDictAddString func) (bnc#1039069) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-891=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-891=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-891=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-891=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-891=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-36.1 libxml2-devel-2.9.4-36.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxml2-2-2.9.4-36.1 libxml2-2-debuginfo-2.9.4-36.1 libxml2-debugsource-2.9.4-36.1 libxml2-tools-2.9.4-36.1 libxml2-tools-debuginfo-2.9.4-36.1 python-libxml2-2.9.4-36.1 python-libxml2-debuginfo-2.9.4-36.1 python-libxml2-debugsource-2.9.4-36.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libxml2-doc-2.9.4-36.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libxml2-2-2.9.4-36.1 libxml2-2-debuginfo-2.9.4-36.1 libxml2-debugsource-2.9.4-36.1 libxml2-tools-2.9.4-36.1 libxml2-tools-debuginfo-2.9.4-36.1 python-libxml2-2.9.4-36.1 python-libxml2-debuginfo-2.9.4-36.1 python-libxml2-debugsource-2.9.4-36.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): libxml2-doc-2.9.4-36.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libxml2-2-32bit-2.9.4-36.1 libxml2-2-debuginfo-32bit-2.9.4-36.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libxml2-2-2.9.4-36.1 libxml2-2-32bit-2.9.4-36.1 libxml2-2-debuginfo-2.9.4-36.1 libxml2-2-debuginfo-32bit-2.9.4-36.1 libxml2-debugsource-2.9.4-36.1 libxml2-tools-2.9.4-36.1 libxml2-tools-debuginfo-2.9.4-36.1 python-libxml2-2.9.4-36.1 python-libxml2-debuginfo-2.9.4-36.1 python-libxml2-debugsource-2.9.4-36.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libxml2-2-2.9.4-36.1 libxml2-2-debuginfo-2.9.4-36.1 libxml2-debugsource-2.9.4-36.1 References: https://www.suse.com/security/cve/CVE-2016-1839.html https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://bugzilla.suse.com/1039063 https://bugzilla.suse.com/1039064 https://bugzilla.suse.com/1039066 https://bugzilla.suse.com/1039069 https://bugzilla.suse.com/1039661 https://bugzilla.suse.com/981114 From sle-updates at lists.suse.com Wed May 31 10:10:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2017 18:10:23 +0200 (CEST) Subject: SUSE-RU-2017:1461-1: Recommended update for python-pyasn1 Message-ID: <20170531161023.53D25101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pyasn1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1461-1 Rating: low References: #1002895 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The python-pyasn1 module was updated to version 0.1.9, which provides the following fixes and enhancements: - Wheel distribution format is now supported. - Fix to make uninitialized pyasn1 objects fail properly on hash(). - Fix to ObjectIdentifier initialization from unicode string. - Fix to CER/DER Boolean decoder: fail on non single-octet payload. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-895=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-895=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-895=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-895=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-895=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-895=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): python-pyasn1-0.1.9-3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): python-pyasn1-0.1.9-3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-pyasn1-0.1.9-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): python-pyasn1-0.1.9-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): python-pyasn1-0.1.9-3.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-pyasn1-0.1.9-3.1 References: https://bugzilla.suse.com/1002895 From sle-updates at lists.suse.com Wed May 31 10:10:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2017 18:10:47 +0200 (CEST) Subject: SUSE-RU-2017:1462-1: Recommended update for puppet Message-ID: <20170531161047.9DC56101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for puppet ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1462-1 Rating: low References: #1032103 #971223 #995975 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides Puppet 4 client for the Advanced Systems Management 12 Module. The Puppet Server package for SLES is provided by upstream now and can be downloaded at https://yum.puppetlabs.com/sles/12/PC1/x86_64/ For a period of 6 months after the release of the Puppet 4 package, SUSE will continue to provide and support packages for Puppet 3. SUSE will not support the migration of the server package. Before updating the client packages to version 4, see the prerequisites listed at https://docs.puppet.com/puppet/4.8/ (Section "Installing and upgrading", Subsection "Upgrade: From Puppet 3.x"). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-894=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-894=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-894=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): facter-2.4.6-11.3 puppet-3.8.5-14.1 puppet-server-3.8.5-14.1 ruby2.1-rubygem-deep_merge-1.1.1-4.3 ruby2.1-rubygem-hiera-1-1.2.1-8.3 ruby2.1-rubygem-hiera-3.2.2-18.3 ruby2.1-rubygem-pathspec-0.0.2-4.3 ruby2.1-rubygem-puppet-4.8.1-31.13 ruby2.1-rubygem-rgen-0.8.2-4.3 rubygem-hiera-1-1.2.1-8.3 rubygem-hiera-3.2.2-18.3 rubygem-puppet-4.8.1-31.13 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): facter-2.4.6-11.3 puppet-3.8.5-14.1 ruby2.1-rubygem-hiera-1-1.2.1-8.3 rubygem-hiera-1-1.2.1-8.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): facter-2.4.6-11.3 puppet-3.8.5-14.1 ruby2.1-rubygem-hiera-1-1.2.1-8.3 rubygem-hiera-1-1.2.1-8.3 References: https://bugzilla.suse.com/1032103 https://bugzilla.suse.com/971223 https://bugzilla.suse.com/995975 From sle-updates at lists.suse.com Wed May 31 10:11:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2017 18:11:24 +0200 (CEST) Subject: SUSE-OU-2017:1463-1: Initial release of Google Cloud SDK dependencies Message-ID: <20170531161124.8FD9A101C9@maintenance.suse.de> SUSE Optional Update: Initial release of Google Cloud SDK dependencies ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1463-1 Rating: low References: #1002895 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update contains a set of Python modules required by newer versions of the Google Cloud SDK. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-893=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 s390x x86_64): python-dulwich-0.16.3-2.1 python-ruamel.ordereddict-0.4.9-2.1 python-ruamel.yaml-0.12.14-2.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Pygments-1.6-6.1 python-fasteners-0.14.1-2.1 python-monotonic-1.2-2.1 python-ruamel.base-1.0.0-2.1 python-wcwidth-0.1.4-2.1 References: https://bugzilla.suse.com/1002895 From sle-updates at lists.suse.com Wed May 31 13:09:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2017 21:09:11 +0200 (CEST) Subject: SUSE-OU-2017:1464-1: Initial release of sles-ltss-release Message-ID: <20170531190911.D45E1101C9@maintenance.suse.de> SUSE Optional Update: Initial release of sles-ltss-release ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:1464-1 Rating: low References: #1039896 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides product definitions for SUSE Linux Enterprise Server 12 SP1 LTSS. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-900=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): sles-ltss-release-12.1-5.1 sles-ltss-release-POOL-12.1-5.1 References: https://bugzilla.suse.com/1039896 From sle-updates at lists.suse.com Wed May 31 13:09:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2017 21:09:32 +0200 (CEST) Subject: SUSE-RU-2017:1465-1: Recommended update for nfs-utils Message-ID: <20170531190932.C8E94101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1465-1 Rating: low References: #1028376 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-utils provides the following fix: - Fix migration so that nfsserver is still enabled after upgrade to SP1 (bsc#1028376) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-902=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-902=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-902=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): nfs-client-1.3.0-33.7 nfs-client-debuginfo-1.3.0-33.7 nfs-doc-1.3.0-33.7 nfs-kernel-server-1.3.0-33.7 nfs-kernel-server-debuginfo-1.3.0-33.7 nfs-utils-debugsource-1.3.0-33.7 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): nfs-client-1.3.0-33.7 nfs-client-debuginfo-1.3.0-33.7 nfs-doc-1.3.0-33.7 nfs-kernel-server-1.3.0-33.7 nfs-kernel-server-debuginfo-1.3.0-33.7 nfs-utils-debugsource-1.3.0-33.7 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): nfs-client-1.3.0-33.7 nfs-client-debuginfo-1.3.0-33.7 nfs-kernel-server-1.3.0-33.7 nfs-kernel-server-debuginfo-1.3.0-33.7 nfs-utils-debugsource-1.3.0-33.7 References: https://bugzilla.suse.com/1028376 From sle-updates at lists.suse.com Wed May 31 13:10:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2017 21:10:00 +0200 (CEST) Subject: SUSE-RU-2017:1466-1: Recommended update for yast2-installation Message-ID: <20170531191000.22CA1101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1466-1 Rating: low References: #1031840 #956473 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-installation provides the following fixes: - Changed CheckFreeSpaceNow to use LANG=en_US.UTF-8 (bsc#1031840) - Improved formatting of network interfaces listing (bsc#956473) - Network interfaces listing shows all IPv4 / IPv6 addresses per device (bsc#956473) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-903=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-903=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): yast2-installation-devel-doc-3.1.162.8-10.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): yast2-installation-3.1.162.8-10.1 References: https://bugzilla.suse.com/1031840 https://bugzilla.suse.com/956473 From sle-updates at lists.suse.com Wed May 31 13:10:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2017 21:10:33 +0200 (CEST) Subject: SUSE-RU-2017:1467-1: Recommended update for python-xattr, python3-xattr Message-ID: <20170531191033.13880101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-xattr, python3-xattr ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1467-1 Rating: low References: #1033325 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-xattr and python3-xattr provides the following fix: - Fix file conflict between python3-xattr and python-xattr (bsc#1033325) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-901=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-901=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-901=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): python-xattr-0.7.5-5.5 python-xattr-debuginfo-0.7.5-5.5 python-xattr-debugsource-0.7.5-5.5 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): python-xattr-0.7.5-5.5 python-xattr-debuginfo-0.7.5-5.5 python-xattr-debugsource-0.7.5-5.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): python-xattr-0.7.5-5.5 python-xattr-debuginfo-0.7.5-5.5 python-xattr-debugsource-0.7.5-5.5 References: https://bugzilla.suse.com/1033325 From sle-updates at lists.suse.com Wed May 31 13:10:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 May 2017 21:10:59 +0200 (CEST) Subject: SUSE-SU-2017:1468-1: important: Security update for libtirpc, rpcbind Message-ID: <20170531191059.8579D101C9@maintenance.suse.de> SUSE Security Update: Security update for libtirpc, rpcbind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1468-1 Rating: important References: #1037559 Cross-References: CVE-2017-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtirpc and rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rpcbind to remote denial-of-service. (bsc#1037559) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libtirpc-13135=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libtirpc-13135=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-libtirpc-13135=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libtirpc-13135=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libtirpc-13135=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libtirpc-13135=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-devel-0.2.1-1.12.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc1-0.2.1-1.12.3 rpcbind-0.1.6+git20080930-6.27.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libtirpc1-0.2.1-1.12.3 rpcbind-0.1.6+git20080930-6.27.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libtirpc1-0.2.1-1.12.3 rpcbind-0.1.6+git20080930-6.27.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtirpc-debuginfo-0.2.1-1.12.3 libtirpc-debugsource-0.2.1-1.12.3 rpcbind-debuginfo-0.1.6+git20080930-6.27.2 rpcbind-debugsource-0.1.6+git20080930-6.27.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libtirpc-debuginfo-0.2.1-1.12.3 libtirpc-debugsource-0.2.1-1.12.3 rpcbind-debuginfo-0.1.6+git20080930-6.27.2 rpcbind-debugsource-0.1.6+git20080930-6.27.2 References: https://www.suse.com/security/cve/CVE-2017-8779.html https://bugzilla.suse.com/1037559 From sle-updates at lists.suse.com Wed May 31 16:09:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2017 00:09:04 +0200 (CEST) Subject: SUSE-RU-2017:1469-1: moderate: Recommended update for md_monitor Message-ID: <20170531220904.22395101C9@maintenance.suse.de> SUSE Recommended Update: Recommended update for md_monitor ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:1469-1 Rating: moderate References: #1013061 #1033734 #951211 #954769 #955975 #959718 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update provides md_monitor 6.3, which brings fixes and enhancements: - Work around dirty bitmap issue. (bsc#951211) - Work around changed output in mdadm. (bsc#954769) - Ignore EBUSY returns from mdadm --fail. (bsc#955975) - Handle empty device-mapper UUIDs. - Compare the device name length fo the testing devices. (bsc#959718) - Add 'mdadm --wait-clean' to monitor_testcase_functions. (bsc#951211) - Fix return value from reset_md(). (bsc#1013061) - Fix uninitialized return value. (bsc#1033734) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-904=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (s390x): md_monitor-6.3-3.1 md_monitor-debuginfo-6.3-3.1 md_monitor-debugsource-6.3-3.1 References: https://bugzilla.suse.com/1013061 https://bugzilla.suse.com/1033734 https://bugzilla.suse.com/951211 https://bugzilla.suse.com/954769 https://bugzilla.suse.com/955975 https://bugzilla.suse.com/959718