From sle-updates at lists.suse.com Thu Feb 1 07:07:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Feb 2018 15:07:12 +0100 (CET) Subject: SUSE-RU-2018:0330-1: Recommended update for gnome-packagekit Message-ID: <20180201140712.896E7FD82@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-packagekit ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0330-1 Rating: low References: #1036542 #988167 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-packagekit provides the following fixes: - Fix gpk-update-viewer not responding after installing all available updates (bsc#1036542) - Fix logout button not working when relogin is needed (bsc#988167) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-233=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-233=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-packagekit-3.20.0-20.1 gnome-packagekit-debuginfo-3.20.0-20.1 gnome-packagekit-debugsource-3.20.0-20.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-packagekit-lang-3.20.0-20.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-packagekit-lang-3.20.0-20.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-packagekit-3.20.0-20.1 gnome-packagekit-debuginfo-3.20.0-20.1 gnome-packagekit-debugsource-3.20.0-20.1 References: https://bugzilla.suse.com/1036542 https://bugzilla.suse.com/988167 From sle-updates at lists.suse.com Thu Feb 1 07:07:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Feb 2018 15:07:51 +0100 (CET) Subject: SUSE-RU-2018:0331-1: Recommended update for osinfo-db, virt-manager Message-ID: <20180201140751.26876FD86@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db, virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0331-1 Rating: low References: #1027942 #1054986 #1055787 #1056028 #1057733 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for osinfo-db, virt-manager fixes the following issues: - Add support for openSUSE Leap 15 and SLE 15 product family. (bsc#1054986) - Fix OES 2018 installs as Xen guest. (bsc#1056028) - Fix hang on first reboot when installing PV guests from ISO images. (bsc#1055787) - Fix libosinfo database entry for SUSE CaaS Platform. (bsc#1057733) - Update osinfo database to version 20170423. (fate#322156) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-235=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-235=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): osinfo-db-20170813-3.3.1 virt-install-1.4.1-5.3.1 virt-manager-1.4.1-5.3.1 virt-manager-common-1.4.1-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): osinfo-db-20170813-3.3.1 virt-install-1.4.1-5.3.1 virt-manager-1.4.1-5.3.1 virt-manager-common-1.4.1-5.3.1 References: https://bugzilla.suse.com/1027942 https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1055787 https://bugzilla.suse.com/1056028 https://bugzilla.suse.com/1057733 From sle-updates at lists.suse.com Thu Feb 1 07:09:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Feb 2018 15:09:20 +0100 (CET) Subject: SUSE-RU-2018:0333-1: Recommended update for systemd-rpm-macros Message-ID: <20180201140920.C511AFD86@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0333-1 Rating: low References: #1071543 #1073715 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd-rpm-macros provides the following fixes: - Make sure to apply presets if packages start shipping units during upgrades. (bsc#1071543, bsc#1073715) - Remove a useless test in %service_add_pre(). The test was placed where the condition '[ "$FIRST_ARG" -gt 1 ]' was always true. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-231=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-231=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-231=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-231=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-231=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-231=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): systemd-rpm-macros-3-10.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): logrotate-3.11.0-2.8.3 logrotate-debuginfo-3.11.0-2.8.3 logrotate-debugsource-3.11.0-2.8.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-rpm-macros-3-10.6.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): systemd-rpm-macros-3-10.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): logrotate-3.11.0-2.8.3 logrotate-debuginfo-3.11.0-2.8.3 logrotate-debugsource-3.11.0-2.8.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-rpm-macros-3-10.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): systemd-rpm-macros-3-10.6.1 - SUSE CaaS Platform ALL (x86_64): logrotate-3.11.0-2.8.3 logrotate-debuginfo-3.11.0-2.8.3 logrotate-debugsource-3.11.0-2.8.3 References: https://bugzilla.suse.com/1071543 https://bugzilla.suse.com/1073715 From sle-updates at lists.suse.com Thu Feb 1 07:09:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Feb 2018 15:09:57 +0100 (CET) Subject: SUSE-SU-2018:0334-1: moderate: Security update for libXfont Message-ID: <20180201140957.E5EE7FD87@maintenance.suse.de> SUSE Security Update: Security update for libXfont ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0334-1 Rating: moderate References: #1049692 #1050459 #1054285 Cross-References: CVE-2017-13720 CVE-2017-13722 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libXfont fixes several issues. These security issues were fixed: - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-230=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-230=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-230=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-230=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-230=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-230=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-230=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libXfont-debugsource-1.5.1-11.3.12 libXfont-devel-1.5.1-11.3.12 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libXfont-debugsource-1.5.1-11.3.12 libXfont-devel-1.5.1-11.3.12 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libXfont-debugsource-1.5.1-11.3.12 libXfont1-1.5.1-11.3.12 libXfont1-debuginfo-1.5.1-11.3.12 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libXfont-debugsource-1.5.1-11.3.12 libXfont1-1.5.1-11.3.12 libXfont1-debuginfo-1.5.1-11.3.12 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libXfont-debugsource-1.5.1-11.3.12 libXfont1-1.5.1-11.3.12 libXfont1-debuginfo-1.5.1-11.3.12 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libXfont-debugsource-1.5.1-11.3.12 libXfont1-1.5.1-11.3.12 libXfont1-debuginfo-1.5.1-11.3.12 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libXfont-debugsource-1.5.1-11.3.12 libXfont1-1.5.1-11.3.12 libXfont1-debuginfo-1.5.1-11.3.12 References: https://www.suse.com/security/cve/CVE-2017-13720.html https://www.suse.com/security/cve/CVE-2017-13722.html https://bugzilla.suse.com/1049692 https://bugzilla.suse.com/1050459 https://bugzilla.suse.com/1054285 From sle-updates at lists.suse.com Thu Feb 1 07:10:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Feb 2018 15:10:51 +0100 (CET) Subject: SUSE-RU-2018:0335-1: Recommended update for patterns-sles Message-ID: <20180201141051.BCCABFD86@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0335-1 Rating: low References: #1065341 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sles provides the following fixes: - Removed puppet from base pattern. (bsc#1065341) - Re-run script to create 32bit patterns. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-232=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-232=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-232=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): patterns-sles-Basis-Devel-12-74.3.3 patterns-sles-Minimal-12-74.3.3 patterns-sles-WBEM-12-74.3.3 patterns-sles-apparmor-12-74.3.3 patterns-sles-base-12-74.3.3 patterns-sles-dhcp_dns_server-12-74.3.3 patterns-sles-directory_server-12-74.3.3 patterns-sles-documentation-12-74.3.3 patterns-sles-file_server-12-74.3.3 patterns-sles-fips-12-74.3.3 patterns-sles-gateway_server-12-74.3.3 patterns-sles-kvm_server-12-74.3.3 patterns-sles-kvm_tools-12-74.3.3 patterns-sles-lamp_server-12-74.3.3 patterns-sles-mail_server-12-74.3.3 patterns-sles-ofed-12-74.3.3 patterns-sles-printing-12-74.3.3 patterns-sles-x11-12-74.3.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): patterns-sles-Basis-Devel-12-74.3.3 patterns-sles-Minimal-12-74.3.3 patterns-sles-WBEM-12-74.3.3 patterns-sles-apparmor-12-74.3.3 patterns-sles-base-12-74.3.3 patterns-sles-dhcp_dns_server-12-74.3.3 patterns-sles-directory_server-12-74.3.3 patterns-sles-documentation-12-74.3.3 patterns-sles-file_server-12-74.3.3 patterns-sles-fips-12-74.3.3 patterns-sles-gateway_server-12-74.3.3 patterns-sles-lamp_server-12-74.3.3 patterns-sles-mail_server-12-74.3.3 patterns-sles-ofed-12-74.3.3 patterns-sles-printing-12-74.3.3 patterns-sles-x11-12-74.3.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 s390x x86_64): patterns-sles-kvm_server-12-74.3.3 patterns-sles-kvm_tools-12-74.3.3 - SUSE Linux Enterprise Server 12-SP2 (ppc64le s390x x86_64): patterns-sles-sap_server-12-74.3.3 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): patterns-sles-32bit-12-74.3.3 patterns-sles-Basis-Devel-32bit-12-74.3.3 patterns-sles-Minimal-32bit-12-74.3.3 patterns-sles-WBEM-32bit-12-74.3.3 patterns-sles-apparmor-32bit-12-74.3.3 patterns-sles-base-32bit-12-74.3.3 patterns-sles-dhcp_dns_server-32bit-12-74.3.3 patterns-sles-directory_server-32bit-12-74.3.3 patterns-sles-documentation-32bit-12-74.3.3 patterns-sles-file_server-32bit-12-74.3.3 patterns-sles-fips-32bit-12-74.3.3 patterns-sles-gateway_server-32bit-12-74.3.3 patterns-sles-kvm_server-32bit-12-74.3.3 patterns-sles-kvm_tools-32bit-12-74.3.3 patterns-sles-lamp_server-32bit-12-74.3.3 patterns-sles-laptop-32bit-12-74.3.3 patterns-sles-mail_server-32bit-12-74.3.3 patterns-sles-ofed-32bit-12-74.3.3 patterns-sles-oracle_server-12-74.3.3 patterns-sles-oracle_server-32bit-12-74.3.3 patterns-sles-printing-32bit-12-74.3.3 patterns-sles-sap_server-32bit-12-74.3.3 patterns-sles-x11-32bit-12-74.3.3 - SUSE Linux Enterprise Server 12-SP2 (x86_64): patterns-sles-laptop-12-74.3.3 patterns-sles-xen_server-12-74.3.3 patterns-sles-xen_server-32bit-12-74.3.3 patterns-sles-xen_tools-12-74.3.3 patterns-sles-xen_tools-32bit-12-74.3.3 - SUSE Linux Enterprise Server 12-SP2 (s390x): patterns-sles-hwcrypto-12-74.3.3 patterns-sles-hwcrypto-32bit-12-74.3.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): patterns-sles-Minimal-12-74.3.3 References: https://bugzilla.suse.com/1065341 From sle-updates at lists.suse.com Thu Feb 1 07:11:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Feb 2018 15:11:20 +0100 (CET) Subject: SUSE-SU-2018:0336-1: moderate: Security update for ecryptfs-utils Message-ID: <20180201141120.02F7CFD86@maintenance.suse.de> SUSE Security Update: Security update for ecryptfs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0336-1 Rating: moderate References: #989121 #989122 Cross-References: CVE-2015-8946 CVE-2016-6224 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ecryptfs-utils fixes the following issues: - CVE-2015-8946: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning (bsc#989121) - CVE-2016-6224: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive (bsc#989122) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-234=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-234=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-234=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-234=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-234=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ecryptfs-utils-103-8.3.1 ecryptfs-utils-debuginfo-103-8.3.1 ecryptfs-utils-debugsource-103-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ecryptfs-utils-103-8.3.1 ecryptfs-utils-debuginfo-103-8.3.1 ecryptfs-utils-debugsource-103-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): ecryptfs-utils-32bit-103-8.3.1 ecryptfs-utils-debuginfo-32bit-103-8.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ecryptfs-utils-103-8.3.1 ecryptfs-utils-debuginfo-103-8.3.1 ecryptfs-utils-debugsource-103-8.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): ecryptfs-utils-32bit-103-8.3.1 ecryptfs-utils-debuginfo-32bit-103-8.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ecryptfs-utils-103-8.3.1 ecryptfs-utils-32bit-103-8.3.1 ecryptfs-utils-debuginfo-103-8.3.1 ecryptfs-utils-debuginfo-32bit-103-8.3.1 ecryptfs-utils-debugsource-103-8.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ecryptfs-utils-103-8.3.1 ecryptfs-utils-32bit-103-8.3.1 ecryptfs-utils-debuginfo-103-8.3.1 ecryptfs-utils-debuginfo-32bit-103-8.3.1 ecryptfs-utils-debugsource-103-8.3.1 References: https://www.suse.com/security/cve/CVE-2015-8946.html https://www.suse.com/security/cve/CVE-2016-6224.html https://bugzilla.suse.com/989121 https://bugzilla.suse.com/989122 From sle-updates at lists.suse.com Thu Feb 1 10:09:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Feb 2018 18:09:52 +0100 (CET) Subject: SUSE-SU-2018:0337-1: moderate: Security update for libICE Message-ID: <20180201170952.7C93FFD86@maintenance.suse.de> SUSE Security Update: Security update for libICE ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0337-1 Rating: moderate References: #1025068 Cross-References: CVE-2017-2626 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-237=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-237=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-237=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libICE-debugsource-1.0.8-12.1 libICE-devel-1.0.8-12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libICE-debugsource-1.0.8-12.1 libICE6-1.0.8-12.1 libICE6-debuginfo-1.0.8-12.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libICE6-32bit-1.0.8-12.1 libICE6-debuginfo-32bit-1.0.8-12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libICE-debugsource-1.0.8-12.1 libICE6-1.0.8-12.1 libICE6-32bit-1.0.8-12.1 libICE6-debuginfo-1.0.8-12.1 libICE6-debuginfo-32bit-1.0.8-12.1 References: https://www.suse.com/security/cve/CVE-2017-2626.html https://bugzilla.suse.com/1025068 From sle-updates at lists.suse.com Thu Feb 1 10:10:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Feb 2018 18:10:42 +0100 (CET) Subject: SUSE-SU-2018:0338-1: moderate: Security update for libXdmcp Message-ID: <20180201171042.80386FD86@maintenance.suse.de> SUSE Security Update: Security update for libXdmcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0338-1 Rating: moderate References: #1025046 Cross-References: CVE-2017-2625 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (bsc#1025046) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-236=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-236=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-236=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libXdmcp-debugsource-1.1.1-12.1 libXdmcp-devel-1.1.1-12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libXdmcp-debugsource-1.1.1-12.1 libXdmcp6-1.1.1-12.1 libXdmcp6-debuginfo-1.1.1-12.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libXdmcp6-32bit-1.1.1-12.1 libXdmcp6-debuginfo-32bit-1.1.1-12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libXdmcp-debugsource-1.1.1-12.1 libXdmcp6-1.1.1-12.1 libXdmcp6-32bit-1.1.1-12.1 libXdmcp6-debuginfo-1.1.1-12.1 libXdmcp6-debuginfo-32bit-1.1.1-12.1 References: https://www.suse.com/security/cve/CVE-2017-2625.html https://bugzilla.suse.com/1025046 From sle-updates at lists.suse.com Thu Feb 1 13:09:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Feb 2018 21:09:37 +0100 (CET) Subject: SUSE-SU-2018:0339-1: moderate: Security update for jasper Message-ID: <20180201200937.F011CFD86@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0339-1 Rating: moderate References: #1009994 #1010756 #1010757 #1010766 #1010774 #1010782 #1010968 #1010975 #1047958 Cross-References: CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2017-1000050 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-238=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-238=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-238=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.5.1 jasper-debugsource-1.900.14-195.5.1 libjasper-devel-1.900.14-195.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.5.1 jasper-debugsource-1.900.14-195.5.1 libjasper1-1.900.14-195.5.1 libjasper1-debuginfo-1.900.14-195.5.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libjasper1-32bit-1.900.14-195.5.1 libjasper1-debuginfo-32bit-1.900.14-195.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): jasper-debuginfo-1.900.14-195.5.1 jasper-debugsource-1.900.14-195.5.1 libjasper1-1.900.14-195.5.1 libjasper1-32bit-1.900.14-195.5.1 libjasper1-debuginfo-1.900.14-195.5.1 libjasper1-debuginfo-32bit-1.900.14-195.5.1 References: https://www.suse.com/security/cve/CVE-2016-9262.html https://www.suse.com/security/cve/CVE-2016-9388.html https://www.suse.com/security/cve/CVE-2016-9389.html https://www.suse.com/security/cve/CVE-2016-9390.html https://www.suse.com/security/cve/CVE-2016-9391.html https://www.suse.com/security/cve/CVE-2016-9392.html https://www.suse.com/security/cve/CVE-2016-9393.html https://www.suse.com/security/cve/CVE-2016-9394.html https://www.suse.com/security/cve/CVE-2017-1000050.html https://bugzilla.suse.com/1009994 https://bugzilla.suse.com/1010756 https://bugzilla.suse.com/1010757 https://bugzilla.suse.com/1010766 https://bugzilla.suse.com/1010774 https://bugzilla.suse.com/1010782 https://bugzilla.suse.com/1010968 https://bugzilla.suse.com/1010975 https://bugzilla.suse.com/1047958 From sle-updates at lists.suse.com Thu Feb 1 16:08:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 00:08:18 +0100 (CET) Subject: SUSE-SU-2018:0340-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) Message-ID: <20180201230818.853D8FD82@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0340-1 Rating: important References: #1069708 #1073230 Cross-References: CVE-2017-16939 CVE-2017-17712 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.82-6_6 fixes several issues. The following security issues were fixed: - CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230). - CVE-2017-16939: The XFRM dump policy implementation allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-241=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_6-default-4-2.1 kgraft-patch-4_4_82-6_6-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2017-17712.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1073230 From sle-updates at lists.suse.com Thu Feb 1 16:11:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 00:11:45 +0100 (CET) Subject: SUSE-SU-2018:0345-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) Message-ID: <20180201231145.4FFD8FD86@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0345-1 Rating: important References: #1069708 #1073230 Cross-References: CVE-2017-16939 CVE-2017-17712 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.90-6_12 fixes several issues. The following security issues were fixed: - CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230). - CVE-2017-16939: The XFRM dump policy implementation allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-242=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_92-6_18-default-3-2.1 kgraft-patch-4_4_92-6_18-default-debuginfo-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2017-17712.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1073230 From sle-updates at lists.suse.com Thu Feb 1 16:12:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 00:12:32 +0100 (CET) Subject: SUSE-SU-2018:0346-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) Message-ID: <20180201231232.9B0B2FD86@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0346-1 Rating: important References: #1069708 #1073230 Cross-References: CVE-2017-16939 CVE-2017-17712 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.82-6_3 fixes several issues. The following security issues were fixed: - CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230). - CVE-2017-16939: The XFRM dump policy implementation allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-239=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_3-default-5-2.1 kgraft-patch-4_4_82-6_3-default-debuginfo-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2017-17712.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1073230 From sle-updates at lists.suse.com Thu Feb 1 16:13:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 00:13:16 +0100 (CET) Subject: SUSE-SU-2018:0347-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) Message-ID: <20180201231316.D27DBFD86@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0347-1 Rating: important References: #1069708 #1073230 Cross-References: CVE-2017-16939 CVE-2017-17712 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issues were fixed: - CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230). - CVE-2017-16939: The XFRM dump policy implementation allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-240=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_9-default-4-2.1 kgraft-patch-4_4_82-6_9-default-debuginfo-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2017-17712.html https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1073230 From sle-updates at lists.suse.com Fri Feb 2 07:07:23 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 15:07:23 +0100 (CET) Subject: SUSE-RU-2018:0348-1: important: Recommended update for mozilla-nss Message-ID: <20180202140723.4E2C5FD0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0348-1 Rating: important References: #1078190 #1078333 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issue: - This update remedies a regression caused by a previous update of mozilla-nss that affected users of FIPS mode. [bsc#1078333, bsc#1078190] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-243=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-243=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-243=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-243=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-243=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-243=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-243=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-243=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-243=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-243=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): libfreebl3-3.29.5-58.12.1 libfreebl3-32bit-3.29.5-58.12.1 libfreebl3-debuginfo-3.29.5-58.12.1 libfreebl3-debuginfo-32bit-3.29.5-58.12.1 libfreebl3-hmac-3.29.5-58.12.1 libfreebl3-hmac-32bit-3.29.5-58.12.1 libsoftokn3-3.29.5-58.12.1 libsoftokn3-32bit-3.29.5-58.12.1 libsoftokn3-debuginfo-3.29.5-58.12.1 libsoftokn3-debuginfo-32bit-3.29.5-58.12.1 libsoftokn3-hmac-3.29.5-58.12.1 libsoftokn3-hmac-32bit-3.29.5-58.12.1 mozilla-nss-3.29.5-58.12.1 mozilla-nss-32bit-3.29.5-58.12.1 mozilla-nss-certs-3.29.5-58.12.1 mozilla-nss-certs-32bit-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 mozilla-nss-devel-3.29.5-58.12.1 mozilla-nss-sysinit-3.29.5-58.12.1 mozilla-nss-sysinit-32bit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-tools-3.29.5-58.12.1 mozilla-nss-tools-debuginfo-3.29.5-58.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 mozilla-nss-devel-3.29.5-58.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 mozilla-nss-devel-3.29.5-58.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libfreebl3-3.29.5-58.12.1 libfreebl3-debuginfo-3.29.5-58.12.1 libfreebl3-hmac-3.29.5-58.12.1 libsoftokn3-3.29.5-58.12.1 libsoftokn3-debuginfo-3.29.5-58.12.1 libsoftokn3-hmac-3.29.5-58.12.1 mozilla-nss-3.29.5-58.12.1 mozilla-nss-certs-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-3.29.5-58.12.1 mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 mozilla-nss-devel-3.29.5-58.12.1 mozilla-nss-sysinit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.12.1 mozilla-nss-tools-3.29.5-58.12.1 mozilla-nss-tools-debuginfo-3.29.5-58.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libfreebl3-32bit-3.29.5-58.12.1 libfreebl3-debuginfo-32bit-3.29.5-58.12.1 libfreebl3-hmac-32bit-3.29.5-58.12.1 libsoftokn3-32bit-3.29.5-58.12.1 libsoftokn3-debuginfo-32bit-3.29.5-58.12.1 libsoftokn3-hmac-32bit-3.29.5-58.12.1 mozilla-nss-32bit-3.29.5-58.12.1 mozilla-nss-certs-32bit-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-sysinit-32bit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libfreebl3-3.29.5-58.12.1 libfreebl3-debuginfo-3.29.5-58.12.1 libfreebl3-hmac-3.29.5-58.12.1 libsoftokn3-3.29.5-58.12.1 libsoftokn3-debuginfo-3.29.5-58.12.1 libsoftokn3-hmac-3.29.5-58.12.1 mozilla-nss-3.29.5-58.12.1 mozilla-nss-certs-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-3.29.5-58.12.1 mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 mozilla-nss-sysinit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.12.1 mozilla-nss-tools-3.29.5-58.12.1 mozilla-nss-tools-debuginfo-3.29.5-58.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.29.5-58.12.1 libfreebl3-debuginfo-3.29.5-58.12.1 libfreebl3-hmac-3.29.5-58.12.1 libsoftokn3-3.29.5-58.12.1 libsoftokn3-debuginfo-3.29.5-58.12.1 libsoftokn3-hmac-3.29.5-58.12.1 mozilla-nss-3.29.5-58.12.1 mozilla-nss-certs-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-3.29.5-58.12.1 mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 mozilla-nss-sysinit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.12.1 mozilla-nss-tools-3.29.5-58.12.1 mozilla-nss-tools-debuginfo-3.29.5-58.12.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libfreebl3-32bit-3.29.5-58.12.1 libfreebl3-debuginfo-32bit-3.29.5-58.12.1 libfreebl3-hmac-32bit-3.29.5-58.12.1 libsoftokn3-32bit-3.29.5-58.12.1 libsoftokn3-debuginfo-32bit-3.29.5-58.12.1 libsoftokn3-hmac-32bit-3.29.5-58.12.1 mozilla-nss-32bit-3.29.5-58.12.1 mozilla-nss-certs-32bit-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-sysinit-32bit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libfreebl3-3.29.5-58.12.1 libfreebl3-debuginfo-3.29.5-58.12.1 libfreebl3-hmac-3.29.5-58.12.1 libsoftokn3-3.29.5-58.12.1 libsoftokn3-debuginfo-3.29.5-58.12.1 libsoftokn3-hmac-3.29.5-58.12.1 mozilla-nss-3.29.5-58.12.1 mozilla-nss-certs-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-3.29.5-58.12.1 mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 mozilla-nss-sysinit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.12.1 mozilla-nss-tools-3.29.5-58.12.1 mozilla-nss-tools-debuginfo-3.29.5-58.12.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libfreebl3-32bit-3.29.5-58.12.1 libfreebl3-debuginfo-32bit-3.29.5-58.12.1 libfreebl3-hmac-32bit-3.29.5-58.12.1 libsoftokn3-32bit-3.29.5-58.12.1 libsoftokn3-debuginfo-32bit-3.29.5-58.12.1 libsoftokn3-hmac-32bit-3.29.5-58.12.1 mozilla-nss-32bit-3.29.5-58.12.1 mozilla-nss-certs-32bit-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-sysinit-32bit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libfreebl3-3.29.5-58.12.1 libfreebl3-32bit-3.29.5-58.12.1 libfreebl3-debuginfo-3.29.5-58.12.1 libfreebl3-debuginfo-32bit-3.29.5-58.12.1 libsoftokn3-3.29.5-58.12.1 libsoftokn3-32bit-3.29.5-58.12.1 libsoftokn3-debuginfo-3.29.5-58.12.1 libsoftokn3-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-3.29.5-58.12.1 mozilla-nss-32bit-3.29.5-58.12.1 mozilla-nss-certs-3.29.5-58.12.1 mozilla-nss-certs-32bit-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 mozilla-nss-sysinit-3.29.5-58.12.1 mozilla-nss-sysinit-32bit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-tools-3.29.5-58.12.1 mozilla-nss-tools-debuginfo-3.29.5-58.12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libfreebl3-3.29.5-58.12.1 libfreebl3-32bit-3.29.5-58.12.1 libfreebl3-debuginfo-3.29.5-58.12.1 libfreebl3-debuginfo-32bit-3.29.5-58.12.1 libsoftokn3-3.29.5-58.12.1 libsoftokn3-32bit-3.29.5-58.12.1 libsoftokn3-debuginfo-3.29.5-58.12.1 libsoftokn3-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-3.29.5-58.12.1 mozilla-nss-32bit-3.29.5-58.12.1 mozilla-nss-certs-3.29.5-58.12.1 mozilla-nss-certs-32bit-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 mozilla-nss-sysinit-3.29.5-58.12.1 mozilla-nss-sysinit-32bit-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-3.29.5-58.12.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.12.1 mozilla-nss-tools-3.29.5-58.12.1 mozilla-nss-tools-debuginfo-3.29.5-58.12.1 - SUSE CaaS Platform ALL (x86_64): libfreebl3-3.29.5-58.12.1 libfreebl3-debuginfo-3.29.5-58.12.1 libsoftokn3-3.29.5-58.12.1 libsoftokn3-debuginfo-3.29.5-58.12.1 mozilla-nss-3.29.5-58.12.1 mozilla-nss-certs-3.29.5-58.12.1 mozilla-nss-certs-debuginfo-3.29.5-58.12.1 mozilla-nss-debuginfo-3.29.5-58.12.1 mozilla-nss-debugsource-3.29.5-58.12.1 References: https://bugzilla.suse.com/1078190 https://bugzilla.suse.com/1078333 From sle-updates at lists.suse.com Fri Feb 2 07:08:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 15:08:14 +0100 (CET) Subject: SUSE-SU-2018:0349-1: moderate: Security update for ImageMagick Message-ID: <20180202140814.18EF3FCC0@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0349-1 Rating: moderate References: #1043353 #1043354 #1047908 #1050037 #1050072 #1050098 #1050100 #1050635 #1051442 #1052470 #1052708 #1052717 #1052721 #1052768 #1052777 #1052781 #1054600 #1055068 #1055374 #1055455 #1055456 #1057000 #1060162 #1062752 #1072362 #1072901 #1074120 #1074125 #1074185 #1074309 #1075939 #1076021 #1076051 Cross-References: CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13059 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14649 CVE-2017-15218 CVE-2017-17504 CVE-2017-17681 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18008 CVE-2017-18027 CVE-2017-18029 CVE-2017-9261 CVE-2017-9262 CVE-2018-5246 CVE-2018-5685 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 34 vulnerabilities is now available. Description: This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051) - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021) - CVE-2017-17681: Prevent infinite loop in the function ReadPSDChannelZip in coders/psd.c, which allowed attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file (bsc#1072901). - CVE-2017-18008: Prevent memory Leak in ReadPWPImage which allowed attackers to cause a denial of service via a PWP file (bsc#1074309). - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939) - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635) - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098) - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353). - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354). - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908). - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037). - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072). - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100). - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442). - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470). - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708). - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717). - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721). - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768). - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777). - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781). - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600). - CVE-2017-13059: Prevent memory leak in the function WriteOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file (bsc#1055068). - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374). - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455). - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456). - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000). - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162). - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752). - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362). - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120). - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125). - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-244=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-244=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-244=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-244=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-244=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-244=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-244=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-244=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-244=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.33.1 ImageMagick-debuginfo-6.8.8.1-71.33.1 ImageMagick-debugsource-6.8.8.1-71.33.1 libMagick++-6_Q16-3-6.8.8.1-71.33.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.33.1 ImageMagick-debuginfo-6.8.8.1-71.33.1 ImageMagick-debugsource-6.8.8.1-71.33.1 libMagick++-6_Q16-3-6.8.8.1-71.33.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.33.1 ImageMagick-debuginfo-6.8.8.1-71.33.1 ImageMagick-debugsource-6.8.8.1-71.33.1 ImageMagick-devel-6.8.8.1-71.33.1 libMagick++-6_Q16-3-6.8.8.1-71.33.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1 libMagick++-devel-6.8.8.1-71.33.1 perl-PerlMagick-6.8.8.1-71.33.1 perl-PerlMagick-debuginfo-6.8.8.1-71.33.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.33.1 ImageMagick-debuginfo-6.8.8.1-71.33.1 ImageMagick-debugsource-6.8.8.1-71.33.1 ImageMagick-devel-6.8.8.1-71.33.1 libMagick++-6_Q16-3-6.8.8.1-71.33.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1 libMagick++-devel-6.8.8.1-71.33.1 perl-PerlMagick-6.8.8.1-71.33.1 perl-PerlMagick-debuginfo-6.8.8.1-71.33.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-71.33.1 ImageMagick-debugsource-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.33.1 ImageMagick-debugsource-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.33.1 ImageMagick-debugsource-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.33.1 ImageMagick-debuginfo-6.8.8.1-71.33.1 ImageMagick-debugsource-6.8.8.1-71.33.1 libMagick++-6_Q16-3-6.8.8.1-71.33.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.33.1 ImageMagick-debuginfo-6.8.8.1-71.33.1 ImageMagick-debugsource-6.8.8.1-71.33.1 libMagick++-6_Q16-3-6.8.8.1-71.33.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.33.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-6.8.8.1-71.33.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.33.1 References: https://www.suse.com/security/cve/CVE-2017-10995.html https://www.suse.com/security/cve/CVE-2017-11505.html https://www.suse.com/security/cve/CVE-2017-11525.html https://www.suse.com/security/cve/CVE-2017-11526.html https://www.suse.com/security/cve/CVE-2017-11539.html https://www.suse.com/security/cve/CVE-2017-11639.html https://www.suse.com/security/cve/CVE-2017-11750.html https://www.suse.com/security/cve/CVE-2017-12565.html https://www.suse.com/security/cve/CVE-2017-12640.html https://www.suse.com/security/cve/CVE-2017-12641.html https://www.suse.com/security/cve/CVE-2017-12643.html https://www.suse.com/security/cve/CVE-2017-12671.html https://www.suse.com/security/cve/CVE-2017-12673.html https://www.suse.com/security/cve/CVE-2017-12676.html https://www.suse.com/security/cve/CVE-2017-12935.html https://www.suse.com/security/cve/CVE-2017-13059.html https://www.suse.com/security/cve/CVE-2017-13141.html https://www.suse.com/security/cve/CVE-2017-13142.html https://www.suse.com/security/cve/CVE-2017-13147.html https://www.suse.com/security/cve/CVE-2017-14103.html https://www.suse.com/security/cve/CVE-2017-14649.html https://www.suse.com/security/cve/CVE-2017-15218.html https://www.suse.com/security/cve/CVE-2017-17504.html https://www.suse.com/security/cve/CVE-2017-17681.html https://www.suse.com/security/cve/CVE-2017-17879.html https://www.suse.com/security/cve/CVE-2017-17884.html https://www.suse.com/security/cve/CVE-2017-17914.html https://www.suse.com/security/cve/CVE-2017-18008.html https://www.suse.com/security/cve/CVE-2017-18027.html https://www.suse.com/security/cve/CVE-2017-18029.html https://www.suse.com/security/cve/CVE-2017-9261.html https://www.suse.com/security/cve/CVE-2017-9262.html https://www.suse.com/security/cve/CVE-2018-5246.html https://www.suse.com/security/cve/CVE-2018-5685.html https://bugzilla.suse.com/1043353 https://bugzilla.suse.com/1043354 https://bugzilla.suse.com/1047908 https://bugzilla.suse.com/1050037 https://bugzilla.suse.com/1050072 https://bugzilla.suse.com/1050098 https://bugzilla.suse.com/1050100 https://bugzilla.suse.com/1050635 https://bugzilla.suse.com/1051442 https://bugzilla.suse.com/1052470 https://bugzilla.suse.com/1052708 https://bugzilla.suse.com/1052717 https://bugzilla.suse.com/1052721 https://bugzilla.suse.com/1052768 https://bugzilla.suse.com/1052777 https://bugzilla.suse.com/1052781 https://bugzilla.suse.com/1054600 https://bugzilla.suse.com/1055068 https://bugzilla.suse.com/1055374 https://bugzilla.suse.com/1055455 https://bugzilla.suse.com/1055456 https://bugzilla.suse.com/1057000 https://bugzilla.suse.com/1060162 https://bugzilla.suse.com/1062752 https://bugzilla.suse.com/1072362 https://bugzilla.suse.com/1072901 https://bugzilla.suse.com/1074120 https://bugzilla.suse.com/1074125 https://bugzilla.suse.com/1074185 https://bugzilla.suse.com/1074309 https://bugzilla.suse.com/1075939 https://bugzilla.suse.com/1076021 https://bugzilla.suse.com/1076051 From sle-updates at lists.suse.com Fri Feb 2 10:08:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 18:08:43 +0100 (CET) Subject: SUSE-SU-2018:0351-1: moderate: Recommended update for libsndfile Message-ID: <20180202170843.A6E75FD0E@maintenance.suse.de> SUSE Security Update: Recommended update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0351-1 Rating: moderate References: #1038856 #1059911 #1059912 #1059913 #1069874 Cross-References: CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: - This update for libsndfile fixes a memory leak in an error path.(bsc#1038856) - CVE-2017-16942: A divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. (bsc#1069874) - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911) - CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912) - CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libsndfile-13454=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libsndfile-13454=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libsndfile-13454=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-devel-1.0.20-2.19.7.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-1.0.20-2.19.7.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsndfile-32bit-1.0.20-2.19.7.3 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsndfile-x86-1.0.20-2.19.7.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-debuginfo-1.0.20-2.19.7.3 libsndfile-debugsource-1.0.20-2.19.7.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libsndfile-debuginfo-32bit-1.0.20-2.19.7.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libsndfile-debuginfo-x86-1.0.20-2.19.7.3 References: https://www.suse.com/security/cve/CVE-2017-14245.html https://www.suse.com/security/cve/CVE-2017-14246.html https://www.suse.com/security/cve/CVE-2017-14634.html https://www.suse.com/security/cve/CVE-2017-16942.html https://bugzilla.suse.com/1038856 https://bugzilla.suse.com/1059911 https://bugzilla.suse.com/1059912 https://bugzilla.suse.com/1059913 https://bugzilla.suse.com/1069874 From sle-updates at lists.suse.com Fri Feb 2 10:09:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 18:09:53 +0100 (CET) Subject: SUSE-SU-2018:0352-1: moderate: Security update for libsndfile Message-ID: <20180202170953.F1BACFCC0@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0352-1 Rating: moderate References: #1043978 #1059911 #1059912 #1059913 #1069874 Cross-References: CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-6892 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: - CVE-2017-16942: Divide-by-zero in the function wav_w64_read_fmt_chunk(), which may lead to Denial of service (bsc#1069874). - CVE-2017-6892: Fixed an out-of-bounds read memory access in the aiff_read_chanmap() (bsc#1043978). - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911) - CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912) - CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-247=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-247=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-247=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-247=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-247=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-247=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-247=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.7.2 libsndfile-devel-1.0.25-36.7.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.7.2 libsndfile-devel-1.0.25-36.7.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsndfile-debugsource-1.0.25-36.7.2 libsndfile1-1.0.25-36.7.2 libsndfile1-debuginfo-1.0.25-36.7.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.7.2 libsndfile1-1.0.25-36.7.2 libsndfile1-debuginfo-1.0.25-36.7.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsndfile1-32bit-1.0.25-36.7.2 libsndfile1-debuginfo-32bit-1.0.25-36.7.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.7.2 libsndfile1-1.0.25-36.7.2 libsndfile1-debuginfo-1.0.25-36.7.2 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libsndfile1-32bit-1.0.25-36.7.2 libsndfile1-debuginfo-32bit-1.0.25-36.7.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsndfile-debugsource-1.0.25-36.7.2 libsndfile1-1.0.25-36.7.2 libsndfile1-32bit-1.0.25-36.7.2 libsndfile1-debuginfo-1.0.25-36.7.2 libsndfile1-debuginfo-32bit-1.0.25-36.7.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsndfile-debugsource-1.0.25-36.7.2 libsndfile1-1.0.25-36.7.2 libsndfile1-32bit-1.0.25-36.7.2 libsndfile1-debuginfo-1.0.25-36.7.2 libsndfile1-debuginfo-32bit-1.0.25-36.7.2 References: https://www.suse.com/security/cve/CVE-2017-14245.html https://www.suse.com/security/cve/CVE-2017-14246.html https://www.suse.com/security/cve/CVE-2017-14634.html https://www.suse.com/security/cve/CVE-2017-16942.html https://www.suse.com/security/cve/CVE-2017-6892.html https://bugzilla.suse.com/1043978 https://bugzilla.suse.com/1059911 https://bugzilla.suse.com/1059912 https://bugzilla.suse.com/1059913 https://bugzilla.suse.com/1069874 From sle-updates at lists.suse.com Fri Feb 2 13:08:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 21:08:03 +0100 (CET) Subject: SUSE-RU-2018:0353-1: moderate: Recommended update for multipath-tools Message-ID: <20180202200803.72D68FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0353-1 Rating: moderate References: #1030314 #1032487 #1037299 #1039045 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Add configuration files /usr/lib/dracut/dracut.conf.d/50-multipath-tools.conf and /usr/lib/modules-load.d/multipath.conf. (bsc#1039045, bsc#1030314, bsc#1032487, bsc#1037299) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-251=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-251=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-251=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): kpartx-0.5.0-62.14.1 kpartx-debuginfo-0.5.0-62.14.1 multipath-tools-0.5.0-62.14.1 multipath-tools-debuginfo-0.5.0-62.14.1 multipath-tools-debugsource-0.5.0-62.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kpartx-0.5.0-62.14.1 kpartx-debuginfo-0.5.0-62.14.1 multipath-tools-0.5.0-62.14.1 multipath-tools-debuginfo-0.5.0-62.14.1 multipath-tools-debugsource-0.5.0-62.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kpartx-0.5.0-62.14.1 kpartx-debuginfo-0.5.0-62.14.1 multipath-tools-0.5.0-62.14.1 multipath-tools-debuginfo-0.5.0-62.14.1 multipath-tools-debugsource-0.5.0-62.14.1 References: https://bugzilla.suse.com/1030314 https://bugzilla.suse.com/1032487 https://bugzilla.suse.com/1037299 https://bugzilla.suse.com/1039045 From sle-updates at lists.suse.com Fri Feb 2 13:09:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 21:09:21 +0100 (CET) Subject: SUSE-RU-2018:0354-1: Recommended update for timezone, timezone-java Message-ID: <20180202200921.37753FD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone, timezone-java ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0354-1 Rating: low References: #1073275 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2018c) for your system, including following changes: - Sao Tome and Principe switched from +00 to +01 on 2018-01-01. - Southern Brazil's DST will now start on November's first Sunday. (bsc#1073275) - New zic option -t to specify the time zone file if TZ is unset. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-250=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-250=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-250=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-250=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-250=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-250=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-250=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-250=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-250=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-250=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-250=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - SUSE OpenStack Cloud 6 (noarch): timezone-java-2018c-0.74.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): timezone-java-2018c-0.74.6.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): timezone-java-2018c-0.74.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): timezone-java-2018c-0.74.6.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): timezone-java-2018c-0.74.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): timezone-java-2018c-0.74.6.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): timezone-java-2018c-0.74.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): timezone-java-2018c-0.74.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): timezone-java-2018c-0.74.6.1 - SUSE CaaS Platform ALL (x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): timezone-2018c-74.6.1 timezone-debuginfo-2018c-74.6.1 timezone-debugsource-2018c-74.6.1 References: https://bugzilla.suse.com/1073275 From sle-updates at lists.suse.com Fri Feb 2 13:09:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 21:09:49 +0100 (CET) Subject: SUSE-RU-2018:0355-1: Recommended update for ibus Message-ID: <20180202200949.95A9FFD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ibus ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0355-1 Rating: low References: #1036729 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ibus provides the following fix: - Disable load preload-engines actions which may cause CJK user login failed (bsc#1036729) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-249=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-249=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-249=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-249=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ibus-debuginfo-1.5.13-15.2.1 ibus-debugsource-1.5.13-15.2.1 ibus-gtk3-32bit-1.5.13-15.2.1 ibus-gtk3-debuginfo-32bit-1.5.13-15.2.1 libibus-1_0-5-32bit-1.5.13-15.2.1 libibus-1_0-5-debuginfo-32bit-1.5.13-15.2.1 python-ibus-1.5.13-15.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ibus-debuginfo-1.5.13-15.2.1 ibus-debugsource-1.5.13-15.2.1 ibus-devel-1.5.13-15.2.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ibus-1.5.13-15.2.1 ibus-debuginfo-1.5.13-15.2.1 ibus-debugsource-1.5.13-15.2.1 ibus-gtk-1.5.13-15.2.1 ibus-gtk-debuginfo-1.5.13-15.2.1 ibus-gtk3-1.5.13-15.2.1 ibus-gtk3-debuginfo-1.5.13-15.2.1 libibus-1_0-5-1.5.13-15.2.1 libibus-1_0-5-debuginfo-1.5.13-15.2.1 typelib-1_0-IBus-1_0-1.5.13-15.2.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): ibus-lang-1.5.13-15.2.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ibus-1.5.13-15.2.1 ibus-debuginfo-1.5.13-15.2.1 ibus-debugsource-1.5.13-15.2.1 ibus-gtk-1.5.13-15.2.1 ibus-gtk-debuginfo-1.5.13-15.2.1 ibus-gtk3-1.5.13-15.2.1 ibus-gtk3-32bit-1.5.13-15.2.1 ibus-gtk3-debuginfo-1.5.13-15.2.1 ibus-gtk3-debuginfo-32bit-1.5.13-15.2.1 libibus-1_0-5-1.5.13-15.2.1 libibus-1_0-5-32bit-1.5.13-15.2.1 libibus-1_0-5-debuginfo-1.5.13-15.2.1 libibus-1_0-5-debuginfo-32bit-1.5.13-15.2.1 python-ibus-1.5.13-15.2.1 typelib-1_0-IBus-1_0-1.5.13-15.2.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): ibus-lang-1.5.13-15.2.1 References: https://bugzilla.suse.com/1036729 From sle-updates at lists.suse.com Fri Feb 2 13:10:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Feb 2018 21:10:16 +0100 (CET) Subject: SUSE-RU-2018:0356-1: Recommended update for patterns-sles Message-ID: <20180202201016.8CBDFFD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0356-1 Rating: low References: #1065341 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sles provides the following fixes: - Removed puppet from base pattern. (bsc#1065341) - Re-run script to create 32bit patterns. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-248=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): patterns-sles-Basis-Devel-12-79.3.3 patterns-sles-Minimal-12-79.3.3 patterns-sles-WBEM-12-79.3.3 patterns-sles-apparmor-12-79.3.3 patterns-sles-base-12-79.3.3 patterns-sles-dhcp_dns_server-12-79.3.3 patterns-sles-directory_server-12-79.3.3 patterns-sles-documentation-12-79.3.3 patterns-sles-file_server-12-79.3.3 patterns-sles-fips-12-79.3.3 patterns-sles-gateway_server-12-79.3.3 patterns-sles-lamp_server-12-79.3.3 patterns-sles-mail_server-12-79.3.3 patterns-sles-ofed-12-79.3.3 patterns-sles-printing-12-79.3.3 patterns-sles-x11-12-79.3.3 patterns-sles-yast2-12-79.3.3 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): patterns-sles-sap_server-12-79.3.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 s390x x86_64): patterns-sles-kvm_server-12-79.3.3 patterns-sles-kvm_tools-12-79.3.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): patterns-sles-32bit-12-79.3.3 patterns-sles-Basis-Devel-32bit-12-79.3.3 patterns-sles-Minimal-32bit-12-79.3.3 patterns-sles-WBEM-32bit-12-79.3.3 patterns-sles-apparmor-32bit-12-79.3.3 patterns-sles-base-32bit-12-79.3.3 patterns-sles-dhcp_dns_server-32bit-12-79.3.3 patterns-sles-directory_server-32bit-12-79.3.3 patterns-sles-documentation-32bit-12-79.3.3 patterns-sles-file_server-32bit-12-79.3.3 patterns-sles-fips-32bit-12-79.3.3 patterns-sles-gateway_server-32bit-12-79.3.3 patterns-sles-kvm_server-32bit-12-79.3.3 patterns-sles-kvm_tools-32bit-12-79.3.3 patterns-sles-lamp_server-32bit-12-79.3.3 patterns-sles-laptop-32bit-12-79.3.3 patterns-sles-mail_server-32bit-12-79.3.3 patterns-sles-ofed-32bit-12-79.3.3 patterns-sles-oracle_server-12-79.3.3 patterns-sles-oracle_server-32bit-12-79.3.3 patterns-sles-printing-32bit-12-79.3.3 patterns-sles-sap_server-32bit-12-79.3.3 patterns-sles-x11-32bit-12-79.3.3 - SUSE Linux Enterprise Server 12-SP3 (x86_64): patterns-sles-laptop-12-79.3.3 patterns-sles-xen_server-12-79.3.3 patterns-sles-xen_server-32bit-12-79.3.3 patterns-sles-xen_tools-12-79.3.3 patterns-sles-xen_tools-32bit-12-79.3.3 patterns-sles-yast2-32bit-12-79.3.3 - SUSE Linux Enterprise Server 12-SP3 (s390x): patterns-sles-hwcrypto-12-79.3.3 patterns-sles-hwcrypto-32bit-12-79.3.3 References: https://bugzilla.suse.com/1065341 From sle-updates at lists.suse.com Fri Feb 2 16:07:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Feb 2018 00:07:26 +0100 (CET) Subject: SUSE-RU-2018:0357-1: Recommended update for ispell Message-ID: <20180202230726.C0959FD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for ispell ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0357-1 Rating: low References: #1075882 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ispell provides the following fix: - Avoid `set -e' in munchlist to make it work correctly. (bsc#1075882) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-252=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-252=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-252=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-252=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-252=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-252=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ispell-3.3.02-114.3.1 ispell-american-3.3.02-114.3.1 ispell-british-3.3.02-114.3.1 ispell-debuginfo-3.3.02-114.3.1 ispell-debugsource-3.3.02-114.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ispell-3.3.02-114.3.1 ispell-american-3.3.02-114.3.1 ispell-british-3.3.02-114.3.1 ispell-debuginfo-3.3.02-114.3.1 ispell-debugsource-3.3.02-114.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ispell-3.3.02-114.3.1 ispell-american-3.3.02-114.3.1 ispell-british-3.3.02-114.3.1 ispell-debuginfo-3.3.02-114.3.1 ispell-debugsource-3.3.02-114.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ispell-3.3.02-114.3.1 ispell-american-3.3.02-114.3.1 ispell-british-3.3.02-114.3.1 ispell-debuginfo-3.3.02-114.3.1 ispell-debugsource-3.3.02-114.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ispell-3.3.02-114.3.1 ispell-american-3.3.02-114.3.1 ispell-british-3.3.02-114.3.1 ispell-debuginfo-3.3.02-114.3.1 ispell-debugsource-3.3.02-114.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ispell-3.3.02-114.3.1 ispell-american-3.3.02-114.3.1 ispell-british-3.3.02-114.3.1 ispell-debuginfo-3.3.02-114.3.1 ispell-debugsource-3.3.02-114.3.1 References: https://bugzilla.suse.com/1075882 From sle-updates at lists.suse.com Mon Feb 5 04:10:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Feb 2018 12:10:17 +0100 (CET) Subject: SUSE-SU-2018:0361-1: important: Security update for MozillaFirefox Message-ID: <20180205111017.1AACFFD26@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0361-1 Rating: important References: #1077291 Cross-References: CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291). - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5089: Various memory safety bugs (bsc#1077291). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-13456=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-13456=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-13456=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-13456=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-13456=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-13456=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-52.6.0esr-72.20.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-52.6.0esr-72.20.2 MozillaFirefox-translations-52.6.0esr-72.20.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-52.6.0esr-72.20.2 MozillaFirefox-translations-52.6.0esr-72.20.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-52.6.0esr-72.20.2 MozillaFirefox-translations-52.6.0esr-72.20.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-52.6.0esr-72.20.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-52.6.0esr-72.20.2 References: https://www.suse.com/security/cve/CVE-2018-5089.html https://www.suse.com/security/cve/CVE-2018-5091.html https://www.suse.com/security/cve/CVE-2018-5095.html https://www.suse.com/security/cve/CVE-2018-5096.html https://www.suse.com/security/cve/CVE-2018-5097.html https://www.suse.com/security/cve/CVE-2018-5098.html https://www.suse.com/security/cve/CVE-2018-5099.html https://www.suse.com/security/cve/CVE-2018-5102.html https://www.suse.com/security/cve/CVE-2018-5103.html https://www.suse.com/security/cve/CVE-2018-5104.html https://www.suse.com/security/cve/CVE-2018-5117.html https://bugzilla.suse.com/1077291 From sle-updates at lists.suse.com Mon Feb 5 04:11:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Feb 2018 12:11:02 +0100 (CET) Subject: SUSE-SU-2018:0362-1: important: Security update for bind Message-ID: <20180205111102.139E2FD2B@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0362-1 Rating: important References: #1040039 #1047184 #1076118 Cross-References: CVE-2017-3145 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118). These non-security issues were fixed: - Updated named.root file (bsc#1040039) - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13455=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13455=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-13455=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-13455=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13455=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-13455=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.51.7.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.51.7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.51.7.1 bind-chrootenv-9.9.6P1-0.51.7.1 bind-doc-9.9.6P1-0.51.7.1 bind-libs-9.9.6P1-0.51.7.1 bind-utils-9.9.6P1-0.51.7.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.51.7.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.51.7.1 bind-chrootenv-9.9.6P1-0.51.7.1 bind-devel-9.9.6P1-0.51.7.1 bind-doc-9.9.6P1-0.51.7.1 bind-libs-9.9.6P1-0.51.7.1 bind-utils-9.9.6P1-0.51.7.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.51.7.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.51.7.1 bind-chrootenv-9.9.6P1-0.51.7.1 bind-devel-9.9.6P1-0.51.7.1 bind-doc-9.9.6P1-0.51.7.1 bind-libs-9.9.6P1-0.51.7.1 bind-utils-9.9.6P1-0.51.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.51.7.1 bind-debugsource-9.9.6P1-0.51.7.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.51.7.1 bind-debugsource-9.9.6P1-0.51.7.1 References: https://www.suse.com/security/cve/CVE-2017-3145.html https://bugzilla.suse.com/1040039 https://bugzilla.suse.com/1047184 https://bugzilla.suse.com/1076118 From sle-updates at lists.suse.com Mon Feb 5 07:07:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Feb 2018 15:07:31 +0100 (CET) Subject: SUSE-RU-2018:0363-1: Recommended update for LibreOffice Message-ID: <20180205140731.3B363FD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0363-1 Rating: low References: #1070588 #1072061 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: LibreOffice was updated to version 5.4.4.2, bringing new features and enhancements: General: - Fix providing libgpg-error0 when bundling. (bsc#1072061) Writer: - AutoText import from .dotx and .dotm files - RTF filter now supports all types of custom document properties - New "Edit Section" UNO command which works if cursor is in a section, has been created and added in context menu - New "Footnotes and Endnotes" UNO command which works if cursor is in a footnote or endnote, has been created and added in context menu - Huge improvement in the export of bullets and numbering via copy and paste commit - New formatting toolbar focused on the use of styles is accessible through View -> Toolbars -> Formatting (Styles) - Custom Watermark inserting in Format -> Watermarks - Styles submenu was added to Context Menu, which includes basic character styles - AutoCorrect options for markup strikeout and italic are added - Rename Moderate business letter templates to Modern business letter. Calc: - Calculate with Precision as shown option now works also with fraction format, several subformats, engineering notation, thousands divisors - CSV export settings are now remembered - Priority of conditional formatting rules can be changed with new up/down buttons - New cell comment commands added - While building formulas, when selecting a cell or range on another sheet with the pointer, absolute sheet references are now created instead of relative - Support negative year date (BCE) in cell input and date display - A new Cell Protection toggle command was added to Edit -> Cell Protection to change the protection status of the cell - Cell styles now accessible in their own dedicated Styles menu in Format -> Styles - Standard and Percent buttons of number format became toggle - New function ROUNDSIG to round a value at a number of significant digits - The semantics of the COUNTIF, SUMIF and AVERAGEIF Criteria argument has been changed Impress and Draw: - Enable fractional angle - Save previous parameters - Ctrl+M shortcut assigned to inserting a new slide in Impress. For a comprehensive list of changes please refer to the upstream release notes: https://wiki.documentfoundation.org/ReleaseNotes/5.4 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-257=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-257=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-257=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-257=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-257=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-257=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libreoffice-icon-theme-galaxy-5.4.4.2-43.15.4 libreoffice-icon-theme-tango-5.4.4.2-43.15.4 libreoffice-l10n-af-5.4.4.2-43.15.4 libreoffice-l10n-ar-5.4.4.2-43.15.4 libreoffice-l10n-bg-5.4.4.2-43.15.4 libreoffice-l10n-ca-5.4.4.2-43.15.4 libreoffice-l10n-cs-5.4.4.2-43.15.4 libreoffice-l10n-da-5.4.4.2-43.15.4 libreoffice-l10n-de-5.4.4.2-43.15.4 libreoffice-l10n-en-5.4.4.2-43.15.4 libreoffice-l10n-es-5.4.4.2-43.15.4 libreoffice-l10n-fi-5.4.4.2-43.15.4 libreoffice-l10n-fr-5.4.4.2-43.15.4 libreoffice-l10n-gu-5.4.4.2-43.15.4 libreoffice-l10n-hi-5.4.4.2-43.15.4 libreoffice-l10n-hr-5.4.4.2-43.15.4 libreoffice-l10n-hu-5.4.4.2-43.15.4 libreoffice-l10n-it-5.4.4.2-43.15.4 libreoffice-l10n-ja-5.4.4.2-43.15.4 libreoffice-l10n-ko-5.4.4.2-43.15.4 libreoffice-l10n-lt-5.4.4.2-43.15.4 libreoffice-l10n-nb-5.4.4.2-43.15.4 libreoffice-l10n-nl-5.4.4.2-43.15.4 libreoffice-l10n-nn-5.4.4.2-43.15.4 libreoffice-l10n-pl-5.4.4.2-43.15.4 libreoffice-l10n-pt_BR-5.4.4.2-43.15.4 libreoffice-l10n-pt_PT-5.4.4.2-43.15.4 libreoffice-l10n-ro-5.4.4.2-43.15.4 libreoffice-l10n-ru-5.4.4.2-43.15.4 libreoffice-l10n-sk-5.4.4.2-43.15.4 libreoffice-l10n-sv-5.4.4.2-43.15.4 libreoffice-l10n-uk-5.4.4.2-43.15.4 libreoffice-l10n-xh-5.4.4.2-43.15.4 libreoffice-l10n-zh_CN-5.4.4.2-43.15.4 libreoffice-l10n-zh_TW-5.4.4.2-43.15.4 libreoffice-l10n-zu-5.4.4.2-43.15.4 myspell-af_NA-20171102-16.5.1 myspell-af_ZA-20171102-16.5.1 myspell-ar-20171102-16.5.1 myspell-ar_AE-20171102-16.5.1 myspell-ar_BH-20171102-16.5.1 myspell-ar_DZ-20171102-16.5.1 myspell-ar_EG-20171102-16.5.1 myspell-ar_IQ-20171102-16.5.1 myspell-ar_JO-20171102-16.5.1 myspell-ar_KW-20171102-16.5.1 myspell-ar_LB-20171102-16.5.1 myspell-ar_LY-20171102-16.5.1 myspell-ar_MA-20171102-16.5.1 myspell-ar_OM-20171102-16.5.1 myspell-ar_QA-20171102-16.5.1 myspell-ar_SA-20171102-16.5.1 myspell-ar_SD-20171102-16.5.1 myspell-ar_SY-20171102-16.5.1 myspell-ar_TN-20171102-16.5.1 myspell-ar_YE-20171102-16.5.1 myspell-be_BY-20171102-16.5.1 myspell-bg_BG-20171102-16.5.1 myspell-bn_BD-20171102-16.5.1 myspell-bn_IN-20171102-16.5.1 myspell-bs-20171102-16.5.1 myspell-bs_BA-20171102-16.5.1 myspell-ca-20171102-16.5.1 myspell-ca_AD-20171102-16.5.1 myspell-ca_ES-20171102-16.5.1 myspell-ca_ES_valencia-20171102-16.5.1 myspell-ca_FR-20171102-16.5.1 myspell-ca_IT-20171102-16.5.1 myspell-cs_CZ-20171102-16.5.1 myspell-da_DK-20171102-16.5.1 myspell-de-20171102-16.5.1 myspell-de_AT-20171102-16.5.1 myspell-de_CH-20171102-16.5.1 myspell-de_DE-20171102-16.5.1 myspell-el_GR-20171102-16.5.1 myspell-en-20171102-16.5.1 myspell-en_AU-20171102-16.5.1 myspell-en_BS-20171102-16.5.1 myspell-en_BZ-20171102-16.5.1 myspell-en_CA-20171102-16.5.1 myspell-en_GB-20171102-16.5.1 myspell-en_GH-20171102-16.5.1 myspell-en_IE-20171102-16.5.1 myspell-en_IN-20171102-16.5.1 myspell-en_JM-20171102-16.5.1 myspell-en_MW-20171102-16.5.1 myspell-en_NA-20171102-16.5.1 myspell-en_NZ-20171102-16.5.1 myspell-en_PH-20171102-16.5.1 myspell-en_TT-20171102-16.5.1 myspell-en_US-20171102-16.5.1 myspell-en_ZA-20171102-16.5.1 myspell-en_ZW-20171102-16.5.1 myspell-es-20171102-16.5.1 myspell-es_AR-20171102-16.5.1 myspell-es_BO-20171102-16.5.1 myspell-es_CL-20171102-16.5.1 myspell-es_CO-20171102-16.5.1 myspell-es_CR-20171102-16.5.1 myspell-es_CU-20171102-16.5.1 myspell-es_DO-20171102-16.5.1 myspell-es_EC-20171102-16.5.1 myspell-es_ES-20171102-16.5.1 myspell-es_GT-20171102-16.5.1 myspell-es_HN-20171102-16.5.1 myspell-es_MX-20171102-16.5.1 myspell-es_NI-20171102-16.5.1 myspell-es_PA-20171102-16.5.1 myspell-es_PE-20171102-16.5.1 myspell-es_PR-20171102-16.5.1 myspell-es_PY-20171102-16.5.1 myspell-es_SV-20171102-16.5.1 myspell-es_UY-20171102-16.5.1 myspell-es_VE-20171102-16.5.1 myspell-et_EE-20171102-16.5.1 myspell-fr_BE-20171102-16.5.1 myspell-fr_CA-20171102-16.5.1 myspell-fr_CH-20171102-16.5.1 myspell-fr_FR-20171102-16.5.1 myspell-fr_LU-20171102-16.5.1 myspell-fr_MC-20171102-16.5.1 myspell-gu_IN-20171102-16.5.1 myspell-he_IL-20171102-16.5.1 myspell-hi_IN-20171102-16.5.1 myspell-hr_HR-20171102-16.5.1 myspell-hu_HU-20171102-16.5.1 myspell-it_IT-20171102-16.5.1 myspell-lo_LA-20171102-16.5.1 myspell-lt_LT-20171102-16.5.1 myspell-lv_LV-20171102-16.5.1 myspell-nb_NO-20171102-16.5.1 myspell-nl_BE-20171102-16.5.1 myspell-nl_NL-20171102-16.5.1 myspell-nn_NO-20171102-16.5.1 myspell-no-20171102-16.5.1 myspell-pl_PL-20171102-16.5.1 myspell-pt_AO-20171102-16.5.1 myspell-pt_BR-20171102-16.5.1 myspell-pt_PT-20171102-16.5.1 myspell-ro-20171102-16.5.1 myspell-ro_RO-20171102-16.5.1 myspell-ru_RU-20171102-16.5.1 myspell-sk_SK-20171102-16.5.1 myspell-sl_SI-20171102-16.5.1 myspell-sr-20171102-16.5.1 myspell-sr_CS-20171102-16.5.1 myspell-sr_Latn_CS-20171102-16.5.1 myspell-sr_Latn_RS-20171102-16.5.1 myspell-sr_RS-20171102-16.5.1 myspell-sv_FI-20171102-16.5.1 myspell-sv_SE-20171102-16.5.1 myspell-te-20171102-16.5.1 myspell-te_IN-20171102-16.5.1 myspell-th_TH-20171102-16.5.1 myspell-uk_UA-20171102-16.5.1 myspell-vi-20171102-16.5.1 myspell-vi_VN-20171102-16.5.1 myspell-zu_ZA-20171102-16.5.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): cppunit-debugsource-1.14.0-2.3.3 libcdr-0_1-1-0.1.4-9.3.3 libcdr-0_1-1-debuginfo-0.1.4-9.3.3 libcdr-debugsource-0.1.4-9.3.3 libcppunit-1_14-0-1.14.0-2.3.3 libcppunit-1_14-0-debuginfo-1.14.0-2.3.3 libeot-debugsource-0.01-1.3.2 libeot0-0.01-1.3.2 libeot0-debuginfo-0.01-1.3.2 libetonyek-0_1-1-0.1.7-10.3.5 libetonyek-0_1-1-debuginfo-0.1.7-10.3.5 libetonyek-debugsource-0.1.7-10.3.5 libgltf-0_1-1-0.1.0-3.3.3 libgltf-0_1-1-debuginfo-0.1.0-3.3.3 libgltf-debugsource-0.1.0-3.3.3 libodfgen-0_1-1-0.1.6-4.3.3 libodfgen-0_1-1-debuginfo-0.1.6-4.3.3 libodfgen-debugsource-0.1.6-4.3.3 libreoffice-5.4.4.2-43.15.4 libreoffice-base-5.4.4.2-43.15.4 libreoffice-base-debuginfo-5.4.4.2-43.15.4 libreoffice-base-drivers-mysql-5.4.4.2-43.15.4 libreoffice-base-drivers-mysql-debuginfo-5.4.4.2-43.15.4 libreoffice-base-drivers-postgresql-5.4.4.2-43.15.4 libreoffice-base-drivers-postgresql-debuginfo-5.4.4.2-43.15.4 libreoffice-calc-5.4.4.2-43.15.4 libreoffice-calc-debuginfo-5.4.4.2-43.15.4 libreoffice-calc-extensions-5.4.4.2-43.15.4 libreoffice-debuginfo-5.4.4.2-43.15.4 libreoffice-debugsource-5.4.4.2-43.15.4 libreoffice-draw-5.4.4.2-43.15.4 libreoffice-draw-debuginfo-5.4.4.2-43.15.4 libreoffice-filters-optional-5.4.4.2-43.15.4 libreoffice-gnome-5.4.4.2-43.15.4 libreoffice-gnome-debuginfo-5.4.4.2-43.15.4 libreoffice-impress-5.4.4.2-43.15.4 libreoffice-impress-debuginfo-5.4.4.2-43.15.4 libreoffice-mailmerge-5.4.4.2-43.15.4 libreoffice-math-5.4.4.2-43.15.4 libreoffice-math-debuginfo-5.4.4.2-43.15.4 libreoffice-officebean-5.4.4.2-43.15.4 libreoffice-officebean-debuginfo-5.4.4.2-43.15.4 libreoffice-pyuno-5.4.4.2-43.15.4 libreoffice-pyuno-debuginfo-5.4.4.2-43.15.4 libreoffice-writer-5.4.4.2-43.15.4 libreoffice-writer-debuginfo-5.4.4.2-43.15.4 libreoffice-writer-extensions-5.4.4.2-43.15.4 libreofficekit-5.4.4.2-43.15.4 libvisio-0_1-1-0.1.6-8.3.3 libvisio-0_1-1-debuginfo-0.1.6-8.3.3 libvisio-debugsource-0.1.6-8.3.3 libwps-0_4-4-0.4.6-10.3.3 libwps-0_4-4-debuginfo-0.4.6-10.3.3 libwps-debugsource-0.4.6-10.3.3 libxmlsec1-1-1.2.24-2.4.3 libxmlsec1-nss1-1.2.24-2.4.3 libzmf-0_0-0-0.0.2-7.3 libzmf-0_0-0-debuginfo-0.0.2-7.3 libzmf-debugsource-0.0.2-7.3 myspell-dictionaries-20171102-16.5.1 myspell-lightproof-en-20171102-16.5.1 myspell-lightproof-hu_HU-20171102-16.5.1 myspell-lightproof-pt_BR-20171102-16.5.1 myspell-lightproof-ru_RU-20171102-16.5.1 xmlsec1-debuginfo-1.2.24-2.4.3 xmlsec1-debugsource-1.2.24-2.4.3 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): cppunit-debugsource-1.14.0-2.3.3 libcdr-0_1-1-0.1.4-9.3.3 libcdr-0_1-1-debuginfo-0.1.4-9.3.3 libcdr-debugsource-0.1.4-9.3.3 libcppunit-1_14-0-1.14.0-2.3.3 libcppunit-1_14-0-debuginfo-1.14.0-2.3.3 libeot-debugsource-0.01-1.3.2 libeot0-0.01-1.3.2 libeot0-debuginfo-0.01-1.3.2 libetonyek-0_1-1-0.1.7-10.3.5 libetonyek-0_1-1-debuginfo-0.1.7-10.3.5 libetonyek-debugsource-0.1.7-10.3.5 libgltf-0_1-1-0.1.0-3.3.3 libgltf-0_1-1-debuginfo-0.1.0-3.3.3 libgltf-debugsource-0.1.0-3.3.3 libodfgen-0_1-1-0.1.6-4.3.3 libodfgen-0_1-1-debuginfo-0.1.6-4.3.3 libodfgen-debugsource-0.1.6-4.3.3 libreoffice-5.4.4.2-40.21.4 libreoffice-base-5.4.4.2-40.21.4 libreoffice-base-debuginfo-5.4.4.2-40.21.4 libreoffice-base-drivers-mysql-5.4.4.2-40.21.4 libreoffice-base-drivers-mysql-debuginfo-5.4.4.2-40.21.4 libreoffice-base-drivers-postgresql-5.4.4.2-40.21.4 libreoffice-base-drivers-postgresql-debuginfo-5.4.4.2-40.21.4 libreoffice-calc-5.4.4.2-40.21.4 libreoffice-calc-debuginfo-5.4.4.2-40.21.4 libreoffice-calc-extensions-5.4.4.2-40.21.4 libreoffice-debuginfo-5.4.4.2-40.21.4 libreoffice-debugsource-5.4.4.2-40.21.4 libreoffice-draw-5.4.4.2-40.21.4 libreoffice-draw-debuginfo-5.4.4.2-40.21.4 libreoffice-filters-optional-5.4.4.2-40.21.4 libreoffice-gnome-5.4.4.2-40.21.4 libreoffice-gnome-debuginfo-5.4.4.2-40.21.4 libreoffice-impress-5.4.4.2-40.21.4 libreoffice-impress-debuginfo-5.4.4.2-40.21.4 libreoffice-mailmerge-5.4.4.2-40.21.4 libreoffice-math-5.4.4.2-40.21.4 libreoffice-math-debuginfo-5.4.4.2-40.21.4 libreoffice-officebean-5.4.4.2-40.21.4 libreoffice-officebean-debuginfo-5.4.4.2-40.21.4 libreoffice-pyuno-5.4.4.2-40.21.4 libreoffice-pyuno-debuginfo-5.4.4.2-40.21.4 libreoffice-writer-5.4.4.2-40.21.4 libreoffice-writer-debuginfo-5.4.4.2-40.21.4 libreoffice-writer-extensions-5.4.4.2-40.21.4 libreofficekit-5.4.4.2-40.21.4 libvisio-0_1-1-0.1.6-8.3.3 libvisio-0_1-1-debuginfo-0.1.6-8.3.3 libvisio-debugsource-0.1.6-8.3.3 libwps-0_4-4-0.4.6-10.3.3 libwps-0_4-4-debuginfo-0.4.6-10.3.3 libwps-debugsource-0.4.6-10.3.3 libxmlsec1-1-1.2.24-2.4.3 libxmlsec1-nss1-1.2.24-2.4.3 libzmf-0_0-0-0.0.2-7.3 libzmf-0_0-0-debuginfo-0.0.2-7.3 libzmf-debugsource-0.0.2-7.3 myspell-dictionaries-20171102-16.5.1 myspell-lightproof-en-20171102-16.5.1 myspell-lightproof-hu_HU-20171102-16.5.1 myspell-lightproof-pt_BR-20171102-16.5.1 myspell-lightproof-ru_RU-20171102-16.5.1 xmlsec1-debuginfo-1.2.24-2.4.3 xmlsec1-debugsource-1.2.24-2.4.3 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): libreoffice-icon-theme-galaxy-5.4.4.2-40.21.4 libreoffice-icon-theme-tango-5.4.4.2-40.21.4 libreoffice-l10n-af-5.4.4.2-40.21.4 libreoffice-l10n-ar-5.4.4.2-40.21.4 libreoffice-l10n-bg-5.4.4.2-40.21.4 libreoffice-l10n-ca-5.4.4.2-40.21.4 libreoffice-l10n-cs-5.4.4.2-40.21.4 libreoffice-l10n-da-5.4.4.2-40.21.4 libreoffice-l10n-de-5.4.4.2-40.21.4 libreoffice-l10n-en-5.4.4.2-40.21.4 libreoffice-l10n-es-5.4.4.2-40.21.4 libreoffice-l10n-fi-5.4.4.2-40.21.4 libreoffice-l10n-fr-5.4.4.2-40.21.4 libreoffice-l10n-gu-5.4.4.2-40.21.4 libreoffice-l10n-hi-5.4.4.2-40.21.4 libreoffice-l10n-hr-5.4.4.2-40.21.4 libreoffice-l10n-hu-5.4.4.2-40.21.4 libreoffice-l10n-it-5.4.4.2-40.21.4 libreoffice-l10n-ja-5.4.4.2-40.21.4 libreoffice-l10n-ko-5.4.4.2-40.21.4 libreoffice-l10n-lt-5.4.4.2-40.21.4 libreoffice-l10n-nb-5.4.4.2-40.21.4 libreoffice-l10n-nl-5.4.4.2-40.21.4 libreoffice-l10n-nn-5.4.4.2-40.21.4 libreoffice-l10n-pl-5.4.4.2-40.21.4 libreoffice-l10n-pt_BR-5.4.4.2-40.21.4 libreoffice-l10n-pt_PT-5.4.4.2-40.21.4 libreoffice-l10n-ro-5.4.4.2-40.21.4 libreoffice-l10n-ru-5.4.4.2-40.21.4 libreoffice-l10n-sk-5.4.4.2-40.21.4 libreoffice-l10n-sv-5.4.4.2-40.21.4 libreoffice-l10n-uk-5.4.4.2-40.21.4 libreoffice-l10n-xh-5.4.4.2-40.21.4 libreoffice-l10n-zh_CN-5.4.4.2-40.21.4 libreoffice-l10n-zh_TW-5.4.4.2-40.21.4 libreoffice-l10n-zu-5.4.4.2-40.21.4 myspell-af_NA-20171102-16.5.1 myspell-af_ZA-20171102-16.5.1 myspell-ar-20171102-16.5.1 myspell-ar_AE-20171102-16.5.1 myspell-ar_BH-20171102-16.5.1 myspell-ar_DZ-20171102-16.5.1 myspell-ar_EG-20171102-16.5.1 myspell-ar_IQ-20171102-16.5.1 myspell-ar_JO-20171102-16.5.1 myspell-ar_KW-20171102-16.5.1 myspell-ar_LB-20171102-16.5.1 myspell-ar_LY-20171102-16.5.1 myspell-ar_MA-20171102-16.5.1 myspell-ar_OM-20171102-16.5.1 myspell-ar_QA-20171102-16.5.1 myspell-ar_SA-20171102-16.5.1 myspell-ar_SD-20171102-16.5.1 myspell-ar_SY-20171102-16.5.1 myspell-ar_TN-20171102-16.5.1 myspell-ar_YE-20171102-16.5.1 myspell-be_BY-20171102-16.5.1 myspell-bg_BG-20171102-16.5.1 myspell-bn_BD-20171102-16.5.1 myspell-bn_IN-20171102-16.5.1 myspell-bs-20171102-16.5.1 myspell-bs_BA-20171102-16.5.1 myspell-ca-20171102-16.5.1 myspell-ca_AD-20171102-16.5.1 myspell-ca_ES-20171102-16.5.1 myspell-ca_ES_valencia-20171102-16.5.1 myspell-ca_FR-20171102-16.5.1 myspell-ca_IT-20171102-16.5.1 myspell-cs_CZ-20171102-16.5.1 myspell-da_DK-20171102-16.5.1 myspell-de-20171102-16.5.1 myspell-de_AT-20171102-16.5.1 myspell-de_CH-20171102-16.5.1 myspell-de_DE-20171102-16.5.1 myspell-el_GR-20171102-16.5.1 myspell-en-20171102-16.5.1 myspell-en_AU-20171102-16.5.1 myspell-en_BS-20171102-16.5.1 myspell-en_BZ-20171102-16.5.1 myspell-en_CA-20171102-16.5.1 myspell-en_GB-20171102-16.5.1 myspell-en_GH-20171102-16.5.1 myspell-en_IE-20171102-16.5.1 myspell-en_IN-20171102-16.5.1 myspell-en_JM-20171102-16.5.1 myspell-en_MW-20171102-16.5.1 myspell-en_NA-20171102-16.5.1 myspell-en_NZ-20171102-16.5.1 myspell-en_PH-20171102-16.5.1 myspell-en_TT-20171102-16.5.1 myspell-en_US-20171102-16.5.1 myspell-en_ZA-20171102-16.5.1 myspell-en_ZW-20171102-16.5.1 myspell-es-20171102-16.5.1 myspell-es_AR-20171102-16.5.1 myspell-es_BO-20171102-16.5.1 myspell-es_CL-20171102-16.5.1 myspell-es_CO-20171102-16.5.1 myspell-es_CR-20171102-16.5.1 myspell-es_CU-20171102-16.5.1 myspell-es_DO-20171102-16.5.1 myspell-es_EC-20171102-16.5.1 myspell-es_ES-20171102-16.5.1 myspell-es_GT-20171102-16.5.1 myspell-es_HN-20171102-16.5.1 myspell-es_MX-20171102-16.5.1 myspell-es_NI-20171102-16.5.1 myspell-es_PA-20171102-16.5.1 myspell-es_PE-20171102-16.5.1 myspell-es_PR-20171102-16.5.1 myspell-es_PY-20171102-16.5.1 myspell-es_SV-20171102-16.5.1 myspell-es_UY-20171102-16.5.1 myspell-es_VE-20171102-16.5.1 myspell-et_EE-20171102-16.5.1 myspell-fr_BE-20171102-16.5.1 myspell-fr_CA-20171102-16.5.1 myspell-fr_CH-20171102-16.5.1 myspell-fr_FR-20171102-16.5.1 myspell-fr_LU-20171102-16.5.1 myspell-fr_MC-20171102-16.5.1 myspell-gu_IN-20171102-16.5.1 myspell-he_IL-20171102-16.5.1 myspell-hi_IN-20171102-16.5.1 myspell-hr_HR-20171102-16.5.1 myspell-hu_HU-20171102-16.5.1 myspell-it_IT-20171102-16.5.1 myspell-lo_LA-20171102-16.5.1 myspell-lt_LT-20171102-16.5.1 myspell-lv_LV-20171102-16.5.1 myspell-nb_NO-20171102-16.5.1 myspell-nl_BE-20171102-16.5.1 myspell-nl_NL-20171102-16.5.1 myspell-nn_NO-20171102-16.5.1 myspell-no-20171102-16.5.1 myspell-pl_PL-20171102-16.5.1 myspell-pt_AO-20171102-16.5.1 myspell-pt_BR-20171102-16.5.1 myspell-pt_PT-20171102-16.5.1 myspell-ro-20171102-16.5.1 myspell-ro_RO-20171102-16.5.1 myspell-ru_RU-20171102-16.5.1 myspell-sk_SK-20171102-16.5.1 myspell-sl_SI-20171102-16.5.1 myspell-sr-20171102-16.5.1 myspell-sr_CS-20171102-16.5.1 myspell-sr_Latn_CS-20171102-16.5.1 myspell-sr_Latn_RS-20171102-16.5.1 myspell-sr_RS-20171102-16.5.1 myspell-sv_FI-20171102-16.5.1 myspell-sv_SE-20171102-16.5.1 myspell-te-20171102-16.5.1 myspell-te_IN-20171102-16.5.1 myspell-th_TH-20171102-16.5.1 myspell-uk_UA-20171102-16.5.1 myspell-vi-20171102-16.5.1 myspell-vi_VN-20171102-16.5.1 myspell-zu_ZA-20171102-16.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): cppunit-debugsource-1.14.0-2.3.3 cppunit-devel-1.14.0-2.3.3 cppunit-devel-debuginfo-1.14.0-2.3.3 libcdr-debugsource-0.1.4-9.3.3 libcdr-devel-0.1.4-9.3.3 libcppunit-1_14-0-1.14.0-2.3.3 libcppunit-1_14-0-debuginfo-1.14.0-2.3.3 libetonyek-debugsource-0.1.7-10.3.5 libetonyek-devel-0.1.7-10.3.5 libodfgen-debugsource-0.1.6-4.3.3 libodfgen-devel-0.1.6-4.3.3 libvisio-debugsource-0.1.6-8.3.3 libvisio-devel-0.1.6-8.3.3 libwps-debugsource-0.4.6-10.3.3 libwps-devel-0.4.6-10.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): libreoffice-debuginfo-5.4.4.2-43.15.4 libreoffice-debugsource-5.4.4.2-43.15.4 libreoffice-sdk-5.4.4.2-43.15.4 libreoffice-sdk-debuginfo-5.4.4.2-43.15.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): cppunit-devel-doc-1.14.0-2.3.3 libcdr-devel-doc-0.1.4-9.3.3 libetonyek-devel-doc-0.1.7-10.3.5 libodfgen-devel-doc-0.1.6-4.3.3 libvisio-devel-doc-0.1.6-8.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): cppunit-debugsource-1.14.0-2.3.3 cppunit-devel-1.14.0-2.3.3 cppunit-devel-debuginfo-1.14.0-2.3.3 libcdr-debugsource-0.1.4-9.3.3 libcdr-devel-0.1.4-9.3.3 libcppunit-1_14-0-1.14.0-2.3.3 libcppunit-1_14-0-debuginfo-1.14.0-2.3.3 libetonyek-debugsource-0.1.7-10.3.5 libetonyek-devel-0.1.7-10.3.5 libodfgen-debugsource-0.1.6-4.3.3 libodfgen-devel-0.1.6-4.3.3 libvisio-debugsource-0.1.6-8.3.3 libvisio-devel-0.1.6-8.3.3 libwps-debugsource-0.4.6-10.3.3 libwps-devel-0.4.6-10.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): libreoffice-debuginfo-5.4.4.2-40.21.4 libreoffice-debugsource-5.4.4.2-40.21.4 libreoffice-sdk-5.4.4.2-40.21.4 libreoffice-sdk-debuginfo-5.4.4.2-40.21.4 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): cppunit-devel-doc-1.14.0-2.3.3 libcdr-devel-doc-0.1.4-9.3.3 libetonyek-devel-doc-0.1.7-10.3.5 libodfgen-devel-doc-0.1.6-4.3.3 libvisio-devel-doc-0.1.6-8.3.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cppunit-debugsource-1.14.0-2.3.3 libcdr-0_1-1-0.1.4-9.3.3 libcdr-0_1-1-debuginfo-0.1.4-9.3.3 libcdr-debugsource-0.1.4-9.3.3 libcppunit-1_14-0-1.14.0-2.3.3 libcppunit-1_14-0-debuginfo-1.14.0-2.3.3 libeot-debugsource-0.01-1.3.2 libeot0-0.01-1.3.2 libeot0-debuginfo-0.01-1.3.2 libetonyek-0_1-1-0.1.7-10.3.5 libetonyek-0_1-1-debuginfo-0.1.7-10.3.5 libetonyek-debugsource-0.1.7-10.3.5 libgltf-0_1-1-0.1.0-3.3.3 libgltf-0_1-1-debuginfo-0.1.0-3.3.3 libgltf-debugsource-0.1.0-3.3.3 libodfgen-0_1-1-0.1.6-4.3.3 libodfgen-0_1-1-debuginfo-0.1.6-4.3.3 libodfgen-debugsource-0.1.6-4.3.3 libreoffice-5.4.4.2-43.15.4 libreoffice-base-5.4.4.2-43.15.4 libreoffice-base-debuginfo-5.4.4.2-43.15.4 libreoffice-base-drivers-mysql-5.4.4.2-43.15.4 libreoffice-base-drivers-mysql-debuginfo-5.4.4.2-43.15.4 libreoffice-base-drivers-postgresql-5.4.4.2-43.15.4 libreoffice-base-drivers-postgresql-debuginfo-5.4.4.2-43.15.4 libreoffice-calc-5.4.4.2-43.15.4 libreoffice-calc-debuginfo-5.4.4.2-43.15.4 libreoffice-calc-extensions-5.4.4.2-43.15.4 libreoffice-debuginfo-5.4.4.2-43.15.4 libreoffice-debugsource-5.4.4.2-43.15.4 libreoffice-draw-5.4.4.2-43.15.4 libreoffice-draw-debuginfo-5.4.4.2-43.15.4 libreoffice-filters-optional-5.4.4.2-43.15.4 libreoffice-gnome-5.4.4.2-43.15.4 libreoffice-gnome-debuginfo-5.4.4.2-43.15.4 libreoffice-impress-5.4.4.2-43.15.4 libreoffice-impress-debuginfo-5.4.4.2-43.15.4 libreoffice-mailmerge-5.4.4.2-43.15.4 libreoffice-math-5.4.4.2-43.15.4 libreoffice-math-debuginfo-5.4.4.2-43.15.4 libreoffice-officebean-5.4.4.2-43.15.4 libreoffice-officebean-debuginfo-5.4.4.2-43.15.4 libreoffice-pyuno-5.4.4.2-43.15.4 libreoffice-pyuno-debuginfo-5.4.4.2-43.15.4 libreoffice-writer-5.4.4.2-43.15.4 libreoffice-writer-debuginfo-5.4.4.2-43.15.4 libreoffice-writer-extensions-5.4.4.2-43.15.4 libreofficekit-5.4.4.2-43.15.4 libvisio-0_1-1-0.1.6-8.3.3 libvisio-0_1-1-debuginfo-0.1.6-8.3.3 libvisio-debugsource-0.1.6-8.3.3 libwps-0_4-4-0.4.6-10.3.3 libwps-0_4-4-debuginfo-0.4.6-10.3.3 libwps-debugsource-0.4.6-10.3.3 libxmlsec1-1-1.2.24-2.4.3 libxmlsec1-nss1-1.2.24-2.4.3 libzmf-0_0-0-0.0.2-7.3 libzmf-0_0-0-debuginfo-0.0.2-7.3 libzmf-debugsource-0.0.2-7.3 myspell-dictionaries-20171102-16.5.1 myspell-lightproof-en-20171102-16.5.1 myspell-lightproof-hu_HU-20171102-16.5.1 myspell-lightproof-pt_BR-20171102-16.5.1 myspell-lightproof-ru_RU-20171102-16.5.1 xmlsec1-debuginfo-1.2.24-2.4.3 xmlsec1-debugsource-1.2.24-2.4.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libreoffice-icon-theme-galaxy-5.4.4.2-43.15.4 libreoffice-icon-theme-tango-5.4.4.2-43.15.4 libreoffice-l10n-af-5.4.4.2-43.15.4 libreoffice-l10n-ar-5.4.4.2-43.15.4 libreoffice-l10n-ca-5.4.4.2-43.15.4 libreoffice-l10n-cs-5.4.4.2-43.15.4 libreoffice-l10n-da-5.4.4.2-43.15.4 libreoffice-l10n-de-5.4.4.2-43.15.4 libreoffice-l10n-en-5.4.4.2-43.15.4 libreoffice-l10n-es-5.4.4.2-43.15.4 libreoffice-l10n-fi-5.4.4.2-43.15.4 libreoffice-l10n-fr-5.4.4.2-43.15.4 libreoffice-l10n-gu-5.4.4.2-43.15.4 libreoffice-l10n-hi-5.4.4.2-43.15.4 libreoffice-l10n-hu-5.4.4.2-43.15.4 libreoffice-l10n-it-5.4.4.2-43.15.4 libreoffice-l10n-ja-5.4.4.2-43.15.4 libreoffice-l10n-ko-5.4.4.2-43.15.4 libreoffice-l10n-nb-5.4.4.2-43.15.4 libreoffice-l10n-nl-5.4.4.2-43.15.4 libreoffice-l10n-nn-5.4.4.2-43.15.4 libreoffice-l10n-pl-5.4.4.2-43.15.4 libreoffice-l10n-pt_BR-5.4.4.2-43.15.4 libreoffice-l10n-pt_PT-5.4.4.2-43.15.4 libreoffice-l10n-ro-5.4.4.2-43.15.4 libreoffice-l10n-ru-5.4.4.2-43.15.4 libreoffice-l10n-sk-5.4.4.2-43.15.4 libreoffice-l10n-sv-5.4.4.2-43.15.4 libreoffice-l10n-xh-5.4.4.2-43.15.4 libreoffice-l10n-zh_CN-5.4.4.2-43.15.4 libreoffice-l10n-zh_TW-5.4.4.2-43.15.4 libreoffice-l10n-zu-5.4.4.2-43.15.4 myspell-af_NA-20171102-16.5.1 myspell-af_ZA-20171102-16.5.1 myspell-ar-20171102-16.5.1 myspell-ar_AE-20171102-16.5.1 myspell-ar_BH-20171102-16.5.1 myspell-ar_DZ-20171102-16.5.1 myspell-ar_EG-20171102-16.5.1 myspell-ar_IQ-20171102-16.5.1 myspell-ar_JO-20171102-16.5.1 myspell-ar_KW-20171102-16.5.1 myspell-ar_LB-20171102-16.5.1 myspell-ar_LY-20171102-16.5.1 myspell-ar_MA-20171102-16.5.1 myspell-ar_OM-20171102-16.5.1 myspell-ar_QA-20171102-16.5.1 myspell-ar_SA-20171102-16.5.1 myspell-ar_SD-20171102-16.5.1 myspell-ar_SY-20171102-16.5.1 myspell-ar_TN-20171102-16.5.1 myspell-ar_YE-20171102-16.5.1 myspell-be_BY-20171102-16.5.1 myspell-bg_BG-20171102-16.5.1 myspell-bn_BD-20171102-16.5.1 myspell-bn_IN-20171102-16.5.1 myspell-bs-20171102-16.5.1 myspell-bs_BA-20171102-16.5.1 myspell-ca-20171102-16.5.1 myspell-ca_AD-20171102-16.5.1 myspell-ca_ES-20171102-16.5.1 myspell-ca_ES_valencia-20171102-16.5.1 myspell-ca_FR-20171102-16.5.1 myspell-ca_IT-20171102-16.5.1 myspell-cs_CZ-20171102-16.5.1 myspell-da_DK-20171102-16.5.1 myspell-de-20171102-16.5.1 myspell-de_AT-20171102-16.5.1 myspell-de_CH-20171102-16.5.1 myspell-de_DE-20171102-16.5.1 myspell-el_GR-20171102-16.5.1 myspell-en-20171102-16.5.1 myspell-en_AU-20171102-16.5.1 myspell-en_BS-20171102-16.5.1 myspell-en_BZ-20171102-16.5.1 myspell-en_CA-20171102-16.5.1 myspell-en_GB-20171102-16.5.1 myspell-en_GH-20171102-16.5.1 myspell-en_IE-20171102-16.5.1 myspell-en_IN-20171102-16.5.1 myspell-en_JM-20171102-16.5.1 myspell-en_MW-20171102-16.5.1 myspell-en_NA-20171102-16.5.1 myspell-en_NZ-20171102-16.5.1 myspell-en_PH-20171102-16.5.1 myspell-en_TT-20171102-16.5.1 myspell-en_US-20171102-16.5.1 myspell-en_ZA-20171102-16.5.1 myspell-en_ZW-20171102-16.5.1 myspell-es-20171102-16.5.1 myspell-es_AR-20171102-16.5.1 myspell-es_BO-20171102-16.5.1 myspell-es_CL-20171102-16.5.1 myspell-es_CO-20171102-16.5.1 myspell-es_CR-20171102-16.5.1 myspell-es_CU-20171102-16.5.1 myspell-es_DO-20171102-16.5.1 myspell-es_EC-20171102-16.5.1 myspell-es_ES-20171102-16.5.1 myspell-es_GT-20171102-16.5.1 myspell-es_HN-20171102-16.5.1 myspell-es_MX-20171102-16.5.1 myspell-es_NI-20171102-16.5.1 myspell-es_PA-20171102-16.5.1 myspell-es_PE-20171102-16.5.1 myspell-es_PR-20171102-16.5.1 myspell-es_PY-20171102-16.5.1 myspell-es_SV-20171102-16.5.1 myspell-es_UY-20171102-16.5.1 myspell-es_VE-20171102-16.5.1 myspell-et_EE-20171102-16.5.1 myspell-fr_BE-20171102-16.5.1 myspell-fr_CA-20171102-16.5.1 myspell-fr_CH-20171102-16.5.1 myspell-fr_FR-20171102-16.5.1 myspell-fr_LU-20171102-16.5.1 myspell-fr_MC-20171102-16.5.1 myspell-gu_IN-20171102-16.5.1 myspell-he_IL-20171102-16.5.1 myspell-hi_IN-20171102-16.5.1 myspell-hr_HR-20171102-16.5.1 myspell-hu_HU-20171102-16.5.1 myspell-it_IT-20171102-16.5.1 myspell-lo_LA-20171102-16.5.1 myspell-lt_LT-20171102-16.5.1 myspell-lv_LV-20171102-16.5.1 myspell-nb_NO-20171102-16.5.1 myspell-nl_BE-20171102-16.5.1 myspell-nl_NL-20171102-16.5.1 myspell-nn_NO-20171102-16.5.1 myspell-no-20171102-16.5.1 myspell-pl_PL-20171102-16.5.1 myspell-pt_AO-20171102-16.5.1 myspell-pt_BR-20171102-16.5.1 myspell-pt_PT-20171102-16.5.1 myspell-ro-20171102-16.5.1 myspell-ro_RO-20171102-16.5.1 myspell-ru_RU-20171102-16.5.1 myspell-sk_SK-20171102-16.5.1 myspell-sl_SI-20171102-16.5.1 myspell-sr-20171102-16.5.1 myspell-sr_CS-20171102-16.5.1 myspell-sr_Latn_CS-20171102-16.5.1 myspell-sr_Latn_RS-20171102-16.5.1 myspell-sr_RS-20171102-16.5.1 myspell-sv_FI-20171102-16.5.1 myspell-sv_SE-20171102-16.5.1 myspell-te-20171102-16.5.1 myspell-te_IN-20171102-16.5.1 myspell-th_TH-20171102-16.5.1 myspell-uk_UA-20171102-16.5.1 myspell-vi-20171102-16.5.1 myspell-vi_VN-20171102-16.5.1 myspell-zu_ZA-20171102-16.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libreoffice-icon-theme-galaxy-5.4.4.2-40.21.4 libreoffice-icon-theme-tango-5.4.4.2-40.21.4 libreoffice-l10n-af-5.4.4.2-40.21.4 libreoffice-l10n-ar-5.4.4.2-40.21.4 libreoffice-l10n-ca-5.4.4.2-40.21.4 libreoffice-l10n-cs-5.4.4.2-40.21.4 libreoffice-l10n-da-5.4.4.2-40.21.4 libreoffice-l10n-de-5.4.4.2-40.21.4 libreoffice-l10n-en-5.4.4.2-40.21.4 libreoffice-l10n-es-5.4.4.2-40.21.4 libreoffice-l10n-fi-5.4.4.2-40.21.4 libreoffice-l10n-fr-5.4.4.2-40.21.4 libreoffice-l10n-gu-5.4.4.2-40.21.4 libreoffice-l10n-hi-5.4.4.2-40.21.4 libreoffice-l10n-hu-5.4.4.2-40.21.4 libreoffice-l10n-it-5.4.4.2-40.21.4 libreoffice-l10n-ja-5.4.4.2-40.21.4 libreoffice-l10n-ko-5.4.4.2-40.21.4 libreoffice-l10n-nb-5.4.4.2-40.21.4 libreoffice-l10n-nl-5.4.4.2-40.21.4 libreoffice-l10n-nn-5.4.4.2-40.21.4 libreoffice-l10n-pl-5.4.4.2-40.21.4 libreoffice-l10n-pt_BR-5.4.4.2-40.21.4 libreoffice-l10n-pt_PT-5.4.4.2-40.21.4 libreoffice-l10n-ro-5.4.4.2-40.21.4 libreoffice-l10n-ru-5.4.4.2-40.21.4 libreoffice-l10n-sk-5.4.4.2-40.21.4 libreoffice-l10n-sv-5.4.4.2-40.21.4 libreoffice-l10n-xh-5.4.4.2-40.21.4 libreoffice-l10n-zh_CN-5.4.4.2-40.21.4 libreoffice-l10n-zh_TW-5.4.4.2-40.21.4 libreoffice-l10n-zu-5.4.4.2-40.21.4 myspell-af_NA-20171102-16.5.1 myspell-af_ZA-20171102-16.5.1 myspell-ar-20171102-16.5.1 myspell-ar_AE-20171102-16.5.1 myspell-ar_BH-20171102-16.5.1 myspell-ar_DZ-20171102-16.5.1 myspell-ar_EG-20171102-16.5.1 myspell-ar_IQ-20171102-16.5.1 myspell-ar_JO-20171102-16.5.1 myspell-ar_KW-20171102-16.5.1 myspell-ar_LB-20171102-16.5.1 myspell-ar_LY-20171102-16.5.1 myspell-ar_MA-20171102-16.5.1 myspell-ar_OM-20171102-16.5.1 myspell-ar_QA-20171102-16.5.1 myspell-ar_SA-20171102-16.5.1 myspell-ar_SD-20171102-16.5.1 myspell-ar_SY-20171102-16.5.1 myspell-ar_TN-20171102-16.5.1 myspell-ar_YE-20171102-16.5.1 myspell-be_BY-20171102-16.5.1 myspell-bg_BG-20171102-16.5.1 myspell-bn_BD-20171102-16.5.1 myspell-bn_IN-20171102-16.5.1 myspell-bs-20171102-16.5.1 myspell-bs_BA-20171102-16.5.1 myspell-ca-20171102-16.5.1 myspell-ca_AD-20171102-16.5.1 myspell-ca_ES-20171102-16.5.1 myspell-ca_ES_valencia-20171102-16.5.1 myspell-ca_FR-20171102-16.5.1 myspell-ca_IT-20171102-16.5.1 myspell-cs_CZ-20171102-16.5.1 myspell-da_DK-20171102-16.5.1 myspell-de-20171102-16.5.1 myspell-de_AT-20171102-16.5.1 myspell-de_CH-20171102-16.5.1 myspell-de_DE-20171102-16.5.1 myspell-el_GR-20171102-16.5.1 myspell-en-20171102-16.5.1 myspell-en_AU-20171102-16.5.1 myspell-en_BS-20171102-16.5.1 myspell-en_BZ-20171102-16.5.1 myspell-en_CA-20171102-16.5.1 myspell-en_GB-20171102-16.5.1 myspell-en_GH-20171102-16.5.1 myspell-en_IE-20171102-16.5.1 myspell-en_IN-20171102-16.5.1 myspell-en_JM-20171102-16.5.1 myspell-en_MW-20171102-16.5.1 myspell-en_NA-20171102-16.5.1 myspell-en_NZ-20171102-16.5.1 myspell-en_PH-20171102-16.5.1 myspell-en_TT-20171102-16.5.1 myspell-en_US-20171102-16.5.1 myspell-en_ZA-20171102-16.5.1 myspell-en_ZW-20171102-16.5.1 myspell-es-20171102-16.5.1 myspell-es_AR-20171102-16.5.1 myspell-es_BO-20171102-16.5.1 myspell-es_CL-20171102-16.5.1 myspell-es_CO-20171102-16.5.1 myspell-es_CR-20171102-16.5.1 myspell-es_CU-20171102-16.5.1 myspell-es_DO-20171102-16.5.1 myspell-es_EC-20171102-16.5.1 myspell-es_ES-20171102-16.5.1 myspell-es_GT-20171102-16.5.1 myspell-es_HN-20171102-16.5.1 myspell-es_MX-20171102-16.5.1 myspell-es_NI-20171102-16.5.1 myspell-es_PA-20171102-16.5.1 myspell-es_PE-20171102-16.5.1 myspell-es_PR-20171102-16.5.1 myspell-es_PY-20171102-16.5.1 myspell-es_SV-20171102-16.5.1 myspell-es_UY-20171102-16.5.1 myspell-es_VE-20171102-16.5.1 myspell-et_EE-20171102-16.5.1 myspell-fr_BE-20171102-16.5.1 myspell-fr_CA-20171102-16.5.1 myspell-fr_CH-20171102-16.5.1 myspell-fr_FR-20171102-16.5.1 myspell-fr_LU-20171102-16.5.1 myspell-fr_MC-20171102-16.5.1 myspell-gu_IN-20171102-16.5.1 myspell-he_IL-20171102-16.5.1 myspell-hi_IN-20171102-16.5.1 myspell-hr_HR-20171102-16.5.1 myspell-hu_HU-20171102-16.5.1 myspell-it_IT-20171102-16.5.1 myspell-lo_LA-20171102-16.5.1 myspell-lt_LT-20171102-16.5.1 myspell-lv_LV-20171102-16.5.1 myspell-nb_NO-20171102-16.5.1 myspell-nl_BE-20171102-16.5.1 myspell-nl_NL-20171102-16.5.1 myspell-nn_NO-20171102-16.5.1 myspell-no-20171102-16.5.1 myspell-pl_PL-20171102-16.5.1 myspell-pt_AO-20171102-16.5.1 myspell-pt_BR-20171102-16.5.1 myspell-pt_PT-20171102-16.5.1 myspell-ro-20171102-16.5.1 myspell-ro_RO-20171102-16.5.1 myspell-ru_RU-20171102-16.5.1 myspell-sk_SK-20171102-16.5.1 myspell-sl_SI-20171102-16.5.1 myspell-sr-20171102-16.5.1 myspell-sr_CS-20171102-16.5.1 myspell-sr_Latn_CS-20171102-16.5.1 myspell-sr_Latn_RS-20171102-16.5.1 myspell-sr_RS-20171102-16.5.1 myspell-sv_FI-20171102-16.5.1 myspell-sv_SE-20171102-16.5.1 myspell-te-20171102-16.5.1 myspell-te_IN-20171102-16.5.1 myspell-th_TH-20171102-16.5.1 myspell-uk_UA-20171102-16.5.1 myspell-vi-20171102-16.5.1 myspell-vi_VN-20171102-16.5.1 myspell-zu_ZA-20171102-16.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): cppunit-debugsource-1.14.0-2.3.3 libcdr-0_1-1-0.1.4-9.3.3 libcdr-0_1-1-debuginfo-0.1.4-9.3.3 libcdr-debugsource-0.1.4-9.3.3 libcppunit-1_14-0-1.14.0-2.3.3 libcppunit-1_14-0-debuginfo-1.14.0-2.3.3 libeot-debugsource-0.01-1.3.2 libeot0-0.01-1.3.2 libeot0-debuginfo-0.01-1.3.2 libetonyek-0_1-1-0.1.7-10.3.5 libetonyek-0_1-1-debuginfo-0.1.7-10.3.5 libetonyek-debugsource-0.1.7-10.3.5 libgltf-0_1-1-0.1.0-3.3.3 libgltf-0_1-1-debuginfo-0.1.0-3.3.3 libgltf-debugsource-0.1.0-3.3.3 libodfgen-0_1-1-0.1.6-4.3.3 libodfgen-0_1-1-debuginfo-0.1.6-4.3.3 libodfgen-debugsource-0.1.6-4.3.3 libreoffice-5.4.4.2-40.21.4 libreoffice-base-5.4.4.2-40.21.4 libreoffice-base-debuginfo-5.4.4.2-40.21.4 libreoffice-base-drivers-mysql-5.4.4.2-40.21.4 libreoffice-base-drivers-mysql-debuginfo-5.4.4.2-40.21.4 libreoffice-base-drivers-postgresql-5.4.4.2-40.21.4 libreoffice-base-drivers-postgresql-debuginfo-5.4.4.2-40.21.4 libreoffice-calc-5.4.4.2-40.21.4 libreoffice-calc-debuginfo-5.4.4.2-40.21.4 libreoffice-calc-extensions-5.4.4.2-40.21.4 libreoffice-debuginfo-5.4.4.2-40.21.4 libreoffice-debugsource-5.4.4.2-40.21.4 libreoffice-draw-5.4.4.2-40.21.4 libreoffice-draw-debuginfo-5.4.4.2-40.21.4 libreoffice-filters-optional-5.4.4.2-40.21.4 libreoffice-gnome-5.4.4.2-40.21.4 libreoffice-gnome-debuginfo-5.4.4.2-40.21.4 libreoffice-impress-5.4.4.2-40.21.4 libreoffice-impress-debuginfo-5.4.4.2-40.21.4 libreoffice-mailmerge-5.4.4.2-40.21.4 libreoffice-math-5.4.4.2-40.21.4 libreoffice-math-debuginfo-5.4.4.2-40.21.4 libreoffice-officebean-5.4.4.2-40.21.4 libreoffice-officebean-debuginfo-5.4.4.2-40.21.4 libreoffice-pyuno-5.4.4.2-40.21.4 libreoffice-pyuno-debuginfo-5.4.4.2-40.21.4 libreoffice-writer-5.4.4.2-40.21.4 libreoffice-writer-debuginfo-5.4.4.2-40.21.4 libreoffice-writer-extensions-5.4.4.2-40.21.4 libreofficekit-5.4.4.2-40.21.4 libvisio-0_1-1-0.1.6-8.3.3 libvisio-0_1-1-debuginfo-0.1.6-8.3.3 libvisio-debugsource-0.1.6-8.3.3 libwps-0_4-4-0.4.6-10.3.3 libwps-0_4-4-debuginfo-0.4.6-10.3.3 libwps-debugsource-0.4.6-10.3.3 libxmlsec1-1-1.2.24-2.4.3 libxmlsec1-nss1-1.2.24-2.4.3 libzmf-0_0-0-0.0.2-7.3 libzmf-0_0-0-debuginfo-0.0.2-7.3 libzmf-debugsource-0.0.2-7.3 myspell-dictionaries-20171102-16.5.1 myspell-lightproof-en-20171102-16.5.1 myspell-lightproof-hu_HU-20171102-16.5.1 myspell-lightproof-pt_BR-20171102-16.5.1 myspell-lightproof-ru_RU-20171102-16.5.1 xmlsec1-debuginfo-1.2.24-2.4.3 xmlsec1-debugsource-1.2.24-2.4.3 References: https://bugzilla.suse.com/1070588 https://bugzilla.suse.com/1072061 From sle-updates at lists.suse.com Mon Feb 5 13:07:02 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Feb 2018 21:07:02 +0100 (CET) Subject: SUSE-RU-2018:0365-1: Recommended update for accountsservice Message-ID: <20180205200702.93DF8FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for accountsservice ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0365-1 Rating: low References: #1063794 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for accountsservice provides the following fix: - Drop operator, nobody4 and noaccess accounts from the blacklist so that they can be used and displayed in gdm. (bsc#1063794) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-259=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-259=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-259=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-259=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-259=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-259=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-259=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): accountsservice-debuginfo-0.6.42-16.3.1 accountsservice-debugsource-0.6.42-16.3.1 accountsservice-devel-0.6.42-16.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): accountsservice-debuginfo-0.6.42-16.3.1 accountsservice-debugsource-0.6.42-16.3.1 accountsservice-devel-0.6.42-16.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): accountsservice-0.6.42-16.3.1 accountsservice-debuginfo-0.6.42-16.3.1 accountsservice-debugsource-0.6.42-16.3.1 libaccountsservice0-0.6.42-16.3.1 libaccountsservice0-debuginfo-0.6.42-16.3.1 typelib-1_0-AccountsService-1_0-0.6.42-16.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): accountsservice-lang-0.6.42-16.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): accountsservice-0.6.42-16.3.1 accountsservice-debuginfo-0.6.42-16.3.1 accountsservice-debugsource-0.6.42-16.3.1 libaccountsservice0-0.6.42-16.3.1 libaccountsservice0-debuginfo-0.6.42-16.3.1 typelib-1_0-AccountsService-1_0-0.6.42-16.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): accountsservice-lang-0.6.42-16.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): accountsservice-0.6.42-16.3.1 accountsservice-debuginfo-0.6.42-16.3.1 accountsservice-debugsource-0.6.42-16.3.1 libaccountsservice0-0.6.42-16.3.1 libaccountsservice0-debuginfo-0.6.42-16.3.1 typelib-1_0-AccountsService-1_0-0.6.42-16.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): accountsservice-lang-0.6.42-16.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): accountsservice-lang-0.6.42-16.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): accountsservice-0.6.42-16.3.1 accountsservice-debuginfo-0.6.42-16.3.1 accountsservice-debugsource-0.6.42-16.3.1 libaccountsservice0-0.6.42-16.3.1 libaccountsservice0-debuginfo-0.6.42-16.3.1 typelib-1_0-AccountsService-1_0-0.6.42-16.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): accountsservice-lang-0.6.42-16.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): accountsservice-0.6.42-16.3.1 accountsservice-debuginfo-0.6.42-16.3.1 accountsservice-debugsource-0.6.42-16.3.1 libaccountsservice0-0.6.42-16.3.1 libaccountsservice0-debuginfo-0.6.42-16.3.1 typelib-1_0-AccountsService-1_0-0.6.42-16.3.1 References: https://bugzilla.suse.com/1063794 From sle-updates at lists.suse.com Tue Feb 6 07:07:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Feb 2018 15:07:21 +0100 (CET) Subject: SUSE-RU-2018:0371-1: moderate: Recommended update for libsrtp Message-ID: <20180206140721.537C6FD2B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsrtp ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0371-1 Rating: moderate References: #1078546 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update supplies the libsrtp-devel package to the Software Development Kit, which was incorrectly removed in Service Pack 2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-260=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-260=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-260=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-260=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-260=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-260=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-260=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsrtp-devel-1.5.2-3.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsrtp-devel-1.5.2-3.2.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsrtp-debugsource-1.5.2-3.2.1 libsrtp1-1.5.2-3.2.1 libsrtp1-debuginfo-1.5.2-3.2.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsrtp-debugsource-1.5.2-3.2.1 libsrtp1-1.5.2-3.2.1 libsrtp1-debuginfo-1.5.2-3.2.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libsrtp-debugsource-1.5.2-3.2.1 libsrtp1-1.5.2-3.2.1 libsrtp1-debuginfo-1.5.2-3.2.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsrtp-debugsource-1.5.2-3.2.1 libsrtp1-1.5.2-3.2.1 libsrtp1-debuginfo-1.5.2-3.2.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsrtp-debugsource-1.5.2-3.2.1 libsrtp1-1.5.2-3.2.1 libsrtp1-debuginfo-1.5.2-3.2.1 References: https://bugzilla.suse.com/1078546 From sle-updates at lists.suse.com Tue Feb 6 07:07:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Feb 2018 15:07:47 +0100 (CET) Subject: SUSE-SU-2018:0372-1: moderate: spice-vdagent Message-ID: <20180206140747.F3FC2FCE4@maintenance.suse.de> SUSE Security Update: spice-vdagent ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0372-1 Rating: moderate References: #1012215 #1070724 Cross-References: CVE-2017-15108 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for spice-vdagent provides the following fixes: This security issue was fixed: - CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed (bsc#1070724). This non-security issue was fixed: - Implement endian swapping, required for big-endian guests to connect to the spice client successfully. (bsc#1012215) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-262=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-262=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-262=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-262=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-262=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): spice-vdagent-0.16.0-8.5.15 spice-vdagent-debuginfo-0.16.0-8.5.15 spice-vdagent-debugsource-0.16.0-8.5.15 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): spice-vdagent-0.16.0-8.5.15 spice-vdagent-debuginfo-0.16.0-8.5.15 spice-vdagent-debugsource-0.16.0-8.5.15 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): spice-vdagent-0.16.0-8.5.15 spice-vdagent-debuginfo-0.16.0-8.5.15 spice-vdagent-debugsource-0.16.0-8.5.15 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): spice-vdagent-0.16.0-8.5.15 spice-vdagent-debuginfo-0.16.0-8.5.15 spice-vdagent-debugsource-0.16.0-8.5.15 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): spice-vdagent-0.16.0-8.5.15 spice-vdagent-debuginfo-0.16.0-8.5.15 spice-vdagent-debugsource-0.16.0-8.5.15 References: https://www.suse.com/security/cve/CVE-2017-15108.html https://bugzilla.suse.com/1012215 https://bugzilla.suse.com/1070724 From sle-updates at lists.suse.com Tue Feb 6 07:08:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Feb 2018 15:08:25 +0100 (CET) Subject: SUSE-SU-2018:0373-1: moderate: Security update for libjpeg-turbo Message-ID: <20180206140825.6E6F5FCE4@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0373-1 Rating: moderate References: #1062937 Cross-References: CVE-2017-15232 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libjpeg-turbo fixes the following issues: Feature update: - Update from version 1.3.1 to version 1.5.2 (fate#324061). Security issue fixed: - CVE-2017-15232: Fix NULL pointer dereference in jdpostct.c and jquant1.c (bsc#1062937). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-261=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-261=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-261=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-261=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-261=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-261=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-261=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libjpeg62-devel-62.2.0-31.7.4 libjpeg8-devel-8.1.2-31.7.4 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libjpeg62-devel-62.2.0-31.7.4 libjpeg8-devel-8.1.2-31.7.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libjpeg-turbo-1.5.3-31.7.4 libjpeg-turbo-debuginfo-1.5.3-31.7.4 libjpeg-turbo-debugsource-1.5.3-31.7.4 libjpeg62-62.2.0-31.7.4 libjpeg62-debuginfo-62.2.0-31.7.4 libjpeg62-turbo-1.5.3-31.7.4 libjpeg62-turbo-debugsource-1.5.3-31.7.4 libjpeg8-8.1.2-31.7.4 libjpeg8-debuginfo-8.1.2-31.7.4 libturbojpeg0-8.1.2-31.7.4 libturbojpeg0-debuginfo-8.1.2-31.7.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-31.7.4 libjpeg-turbo-debuginfo-1.5.3-31.7.4 libjpeg-turbo-debugsource-1.5.3-31.7.4 libjpeg62-62.2.0-31.7.4 libjpeg62-debuginfo-62.2.0-31.7.4 libjpeg62-turbo-1.5.3-31.7.4 libjpeg62-turbo-debugsource-1.5.3-31.7.4 libjpeg8-8.1.2-31.7.4 libjpeg8-debuginfo-8.1.2-31.7.4 libturbojpeg0-8.1.2-31.7.4 libturbojpeg0-debuginfo-8.1.2-31.7.4 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libjpeg62-32bit-62.2.0-31.7.4 libjpeg62-debuginfo-32bit-62.2.0-31.7.4 libjpeg8-32bit-8.1.2-31.7.4 libjpeg8-debuginfo-32bit-8.1.2-31.7.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-31.7.4 libjpeg-turbo-debuginfo-1.5.3-31.7.4 libjpeg-turbo-debugsource-1.5.3-31.7.4 libjpeg62-62.2.0-31.7.4 libjpeg62-debuginfo-62.2.0-31.7.4 libjpeg62-turbo-1.5.3-31.7.4 libjpeg62-turbo-debugsource-1.5.3-31.7.4 libjpeg8-8.1.2-31.7.4 libjpeg8-debuginfo-8.1.2-31.7.4 libturbojpeg0-8.1.2-31.7.4 libturbojpeg0-debuginfo-8.1.2-31.7.4 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libjpeg62-32bit-62.2.0-31.7.4 libjpeg62-debuginfo-32bit-62.2.0-31.7.4 libjpeg8-32bit-8.1.2-31.7.4 libjpeg8-debuginfo-32bit-8.1.2-31.7.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjpeg-turbo-1.5.3-31.7.4 libjpeg-turbo-debuginfo-1.5.3-31.7.4 libjpeg-turbo-debugsource-1.5.3-31.7.4 libjpeg62-32bit-62.2.0-31.7.4 libjpeg62-62.2.0-31.7.4 libjpeg62-debuginfo-32bit-62.2.0-31.7.4 libjpeg62-debuginfo-62.2.0-31.7.4 libjpeg62-turbo-1.5.3-31.7.4 libjpeg62-turbo-debugsource-1.5.3-31.7.4 libjpeg8-32bit-8.1.2-31.7.4 libjpeg8-8.1.2-31.7.4 libjpeg8-debuginfo-32bit-8.1.2-31.7.4 libjpeg8-debuginfo-8.1.2-31.7.4 libturbojpeg0-8.1.2-31.7.4 libturbojpeg0-debuginfo-8.1.2-31.7.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libjpeg-turbo-1.5.3-31.7.4 libjpeg-turbo-debuginfo-1.5.3-31.7.4 libjpeg-turbo-debugsource-1.5.3-31.7.4 libjpeg62-32bit-62.2.0-31.7.4 libjpeg62-62.2.0-31.7.4 libjpeg62-debuginfo-32bit-62.2.0-31.7.4 libjpeg62-debuginfo-62.2.0-31.7.4 libjpeg62-turbo-1.5.3-31.7.4 libjpeg62-turbo-debugsource-1.5.3-31.7.4 libjpeg8-32bit-8.1.2-31.7.4 libjpeg8-8.1.2-31.7.4 libjpeg8-debuginfo-32bit-8.1.2-31.7.4 libjpeg8-debuginfo-8.1.2-31.7.4 libturbojpeg0-8.1.2-31.7.4 libturbojpeg0-debuginfo-8.1.2-31.7.4 References: https://www.suse.com/security/cve/CVE-2017-15232.html https://bugzilla.suse.com/1062937 From sle-updates at lists.suse.com Tue Feb 6 07:08:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Feb 2018 15:08:57 +0100 (CET) Subject: SUSE-SU-2018:0374-1: important: Security update for MozillaFirefox Message-ID: <20180206140857.B506BFCE4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0374-1 Rating: important References: #1077291 Cross-References: CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for MozillaFirefox to version 52.6 several issues. These security issues were fixed: - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291). - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5089: Fixed several memory safety bugs (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-263=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-263=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-263=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-263=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-263=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-263=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-263=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-263=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-263=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-263=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-263=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): MozillaFirefox-52.6.0esr-109.13.1 MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-devel-52.6.0esr-109.13.1 MozillaFirefox-translations-52.6.0esr-109.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-devel-52.6.0esr-109.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-devel-52.6.0esr-109.13.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): MozillaFirefox-52.6.0esr-109.13.1 MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-devel-52.6.0esr-109.13.1 MozillaFirefox-translations-52.6.0esr-109.13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-52.6.0esr-109.13.1 MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-translations-52.6.0esr-109.13.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-52.6.0esr-109.13.1 MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-translations-52.6.0esr-109.13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-52.6.0esr-109.13.1 MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-translations-52.6.0esr-109.13.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.6.0esr-109.13.1 MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-devel-52.6.0esr-109.13.1 MozillaFirefox-translations-52.6.0esr-109.13.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.6.0esr-109.13.1 MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-devel-52.6.0esr-109.13.1 MozillaFirefox-translations-52.6.0esr-109.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-52.6.0esr-109.13.1 MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-translations-52.6.0esr-109.13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-52.6.0esr-109.13.1 MozillaFirefox-debuginfo-52.6.0esr-109.13.1 MozillaFirefox-debugsource-52.6.0esr-109.13.1 MozillaFirefox-translations-52.6.0esr-109.13.1 References: https://www.suse.com/security/cve/CVE-2018-5089.html https://www.suse.com/security/cve/CVE-2018-5091.html https://www.suse.com/security/cve/CVE-2018-5095.html https://www.suse.com/security/cve/CVE-2018-5096.html https://www.suse.com/security/cve/CVE-2018-5097.html https://www.suse.com/security/cve/CVE-2018-5098.html https://www.suse.com/security/cve/CVE-2018-5099.html https://www.suse.com/security/cve/CVE-2018-5102.html https://www.suse.com/security/cve/CVE-2018-5103.html https://www.suse.com/security/cve/CVE-2018-5104.html https://www.suse.com/security/cve/CVE-2018-5117.html https://bugzilla.suse.com/1077291 From sle-updates at lists.suse.com Tue Feb 6 10:09:24 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Feb 2018 18:09:24 +0100 (CET) Subject: SUSE-RU-2018:0375-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <20180206170924.636C1FCDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0375-1 Rating: moderate References: #1010996 #1071152 #1071390 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: The system SSL root certificate store was updated to Mozilla certificate version 2.22 from January 2018. (bsc#1071152 bsc#1071390 bsc#1010996) We removed the old 1024 bit legacy CAs that were temporary left in to allow in-chain root certificates as openssl is now able to handle it. Further changes coming from Mozilla: - New Root CAs added: * Amazon Root CA 1: (email protection, server auth) * Amazon Root CA 2: (email protection, server auth) * Amazon Root CA 3: (email protection, server auth) * Amazon Root CA 4: (email protection, server auth) * Certplus Root CA G1: (email protection, server auth) * Certplus Root CA G2: (email protection, server auth) * D-TRUST Root CA 3 2013: (email protection) * GDCA TrustAUTH R5 ROOT: (server auth) * Hellenic Academic and Research Institutions ECC RootCA 2015: (email protection, server auth) * Hellenic Academic and Research Institutions RootCA 2015: (email protection, server auth) * ISRG Root X1: (server auth) * LuxTrust Global Root 2: (server auth) * OpenTrust Root CA G1: (email protection, server auth) * OpenTrust Root CA G2: (email protection, server auth) * OpenTrust Root CA G3: (email protection, server auth) * SSL.com EV Root Certification Authority ECC: (server auth) * SSL.com EV Root Certification Authority RSA R2: (server auth) * SSL.com Root Certification Authority ECC: (email protection, server auth) * SSL.com Root Certification Authority RSA: (email protection, server auth) * Symantec Class 1 Public Primary Certification Authority - G4: (email protection) * Symantec Class 1 Public Primary Certification Authority - G6: (email protection) * Symantec Class 2 Public Primary Certification Authority - G4: (email protection) * Symantec Class 2 Public Primary Certification Authority - G6: (email protection) * TrustCor ECA-1: (email protection, server auth) * TrustCor RootCert CA-1: (email protection, server auth) * TrustCor RootCert CA-2: (email protection, server auth) * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1: (server auth) - Removed root CAs: * AddTrust Public Services Root * AddTrust Public CA Root * AddTrust Qualified CA Root * ApplicationCA - Japanese Government * Buypass Class 2 CA 1 * CA Disig Root R1 * CA WoSign ECC Root * Certification Authority of WoSign G2 * Certinomis - Autorit?? Racine * Certum Root CA * China Internet Network Information Center EV Certificates Root * CNNIC ROOT * Comodo Secure Services root * Comodo Trusted Services root * ComSign Secured CA * EBG Elektronik Sertifika Hizmet Sa??lay??c??s?? * Equifax Secure CA * Equifax Secure eBusiness CA 1 * Equifax Secure Global eBusiness CA * GeoTrust Global CA 2 * IGC/A * Juur-SK * Microsec e-Szigno Root CA * PSCProcert * Root CA Generalitat Valenciana * RSA Security 2048 v3 * Security Communication EV RootCA1 * Sonera Class 1 Root CA * StartCom Certification Authority * StartCom Certification Authority G2 * S-TRUST Authentication and Encryption Root CA 2005 PN * Swisscom Root CA 1 * Swisscom Root EV CA 2 * T??B??TAK UEKAE K??k Sertifika Hizmet Sa??lay??c??s?? - S??r??m 3 * T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? * T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? H6 * UTN USERFirst Hardware Root CA * UTN USERFirst Object Root CA * VeriSign Class 3 Secure Server CA - G2 * Verisign Class 1 Public Primary Certification Authority * Verisign Class 2 Public Primary Certification Authority - G2 * Verisign Class 3 Public Primary Certification Authority * WellsSecure Public Root Certificate Authority * Certification Authority of WoSign * WoSign China - Removed Code Signing rights from a lot of CAs (not listed here). - Removed Server Auth rights from: * AddTrust Low-Value Services Root * Camerfirma Chambers of Commerce Root * Camerfirma Global Chambersign Root * Swisscom Root CA 2 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-265=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-265=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-265=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-265=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-265=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-265=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-265=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-265=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-265=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-265=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-265=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): ca-certificates-mozilla-2.22-12.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): ca-certificates-mozilla-2.22-12.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): ca-certificates-mozilla-2.22-12.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): ca-certificates-mozilla-2.22-12.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): ca-certificates-mozilla-2.22-12.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): ca-certificates-mozilla-2.22-12.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): ca-certificates-mozilla-2.22-12.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): ca-certificates-mozilla-2.22-12.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): ca-certificates-mozilla-2.22-12.3.1 - SUSE CaaS Platform ALL (noarch): ca-certificates-mozilla-2.22-12.3.1 - OpenStack Cloud Magnum Orchestration 7 (noarch): ca-certificates-mozilla-2.22-12.3.1 References: https://bugzilla.suse.com/1010996 https://bugzilla.suse.com/1071152 https://bugzilla.suse.com/1071390 From sle-updates at lists.suse.com Tue Feb 6 10:10:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Feb 2018 18:10:31 +0100 (CET) Subject: SUSE-RU-2018:0376-1: moderate: Recommended update for SuSEfirewall2 Message-ID: <20180206171031.A2449FCE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SuSEfirewall2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0376-1 Rating: moderate References: #1069760 #1074933 #1075251 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SuSEfirewall2 provides the following fixes: - Fix a regression in setting up the final LOG/DROP/REJECT rules for IPv6. (bsc#1075251) - Remove duplicate rules created in the context of dynamic RPC rules. (bsc#1069760) - Fix an issue in the logging logic to show the correct PID and avoid losing log lines. - Set RPC related rules also for IPv6. (bsc#1074933) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-264=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-264=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): SuSEfirewall2-3.6.312.333-3.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): SuSEfirewall2-3.6.312.333-3.13.1 References: https://bugzilla.suse.com/1069760 https://bugzilla.suse.com/1074933 https://bugzilla.suse.com/1075251 From sle-updates at lists.suse.com Tue Feb 6 13:07:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Feb 2018 21:07:03 +0100 (CET) Subject: SUSE-RU-2018:0377-1: Recommended update for grub2 Message-ID: <20180206200703.6D9C5FCDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0377-1 Rating: low References: #1026511 #1027526 #1038533 #1047331 #1054453 #1072648 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for grub2 provides the following fixes and enhancements: - Fix reboot in UEFI environments. (bsc#1047331) - Support LVM physical volumes created without metadata. (bsc#1027526) - Fix page fault exception when grub loads with Nvidia cards. (bsc#1038533) - Grub not working correctly with Xen and btrfs snapshots. (bsc#1026511) - Use /boot//loader/linux instead of /contents file to determine if the installation media is a SUSE distribution. (bsc#1054453) - Use the pvops-enabled default kernel if the traditional xen pv kernel and initrd are not found. (bsc#1054453) - Fix a "no symbol table" error seen in some hardware and in openQA tests. (bsc#1072648) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-266=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-266=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-266=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-266=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): grub2-2.02~beta2-115.20.1 grub2-arm64-efi-2.02~beta2-115.20.1 grub2-debuginfo-2.02~beta2-115.20.1 grub2-debugsource-2.02~beta2-115.20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.20.1 grub2-systemd-sleep-plugin-2.02~beta2-115.20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.02~beta2-115.20.1 grub2-debuginfo-2.02~beta2-115.20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.02~beta2-115.20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): grub2-arm64-efi-2.02~beta2-115.20.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.20.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): grub2-i386-pc-2.02~beta2-115.20.1 grub2-x86_64-efi-2.02~beta2-115.20.1 grub2-x86_64-xen-2.02~beta2-115.20.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.20.1 grub2-systemd-sleep-plugin-2.02~beta2-115.20.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): grub2-s390x-emu-2.02~beta2-115.20.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.20.1 grub2-systemd-sleep-plugin-2.02~beta2-115.20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): grub2-2.02~beta2-115.20.1 grub2-debuginfo-2.02~beta2-115.20.1 grub2-debugsource-2.02~beta2-115.20.1 grub2-i386-pc-2.02~beta2-115.20.1 grub2-x86_64-efi-2.02~beta2-115.20.1 grub2-x86_64-xen-2.02~beta2-115.20.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): grub2-2.02~beta2-115.20.1 grub2-debuginfo-2.02~beta2-115.20.1 grub2-debugsource-2.02~beta2-115.20.1 grub2-i386-pc-2.02~beta2-115.20.1 grub2-x86_64-efi-2.02~beta2-115.20.1 References: https://bugzilla.suse.com/1026511 https://bugzilla.suse.com/1027526 https://bugzilla.suse.com/1038533 https://bugzilla.suse.com/1047331 https://bugzilla.suse.com/1054453 https://bugzilla.suse.com/1072648 From sle-updates at lists.suse.com Tue Feb 6 13:08:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Feb 2018 21:08:29 +0100 (CET) Subject: SUSE-RU-2018:0378-1: moderate: Recommended update for openssl-certs Message-ID: <20180206200829.19938FCE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0378-1 Rating: moderate References: #1010996 #1071152 #1071390 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openssl-certs fixes the following issues: The system SSL root certificate store was updated to Mozilla certificate version 2.22 from January 2018. (bsc#1071152 bsc#1071390 bsc#1010996) The old 1024 bit legacy CAs that were temporary left in to allow in-chain root certificates were removed as openssl is now able to handle them. Further changes coming from Mozilla: - New Root CAs added: * Amazon Root CA 1: (email protection, server auth) * Amazon Root CA 2: (email protection, server auth) * Amazon Root CA 3: (email protection, server auth) * Amazon Root CA 4: (email protection, server auth) * Certplus Root CA G1: (email protection, server auth) * Certplus Root CA G2: (email protection, server auth) * D-TRUST Root CA 3 2013: (email protection) * GDCA TrustAUTH R5 ROOT: (server auth) * Hellenic Academic and Research Institutions ECC RootCA 2015: (email protection, server auth) * Hellenic Academic and Research Institutions RootCA 2015: (email protection, server auth) * ISRG Root X1: (server auth) * LuxTrust Global Root 2: (server auth) * OpenTrust Root CA G1: (email protection, server auth) * OpenTrust Root CA G2: (email protection, server auth) * OpenTrust Root CA G3: (email protection, server auth) * SSL.com EV Root Certification Authority ECC: (server auth) * SSL.com EV Root Certification Authority RSA R2: (server auth) * SSL.com Root Certification Authority ECC: (email protection, server auth) * SSL.com Root Certification Authority RSA: (email protection, server auth) * Symantec Class 1 Public Primary Certification Authority - G4: (email protection) * Symantec Class 1 Public Primary Certification Authority - G6: (email protection) * Symantec Class 2 Public Primary Certification Authority - G4: (email protection) * Symantec Class 2 Public Primary Certification Authority - G6: (email protection) * TrustCor ECA-1: (email protection, server auth) * TrustCor RootCert CA-1: (email protection, server auth) * TrustCor RootCert CA-2: (email protection, server auth) * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1: (server auth) - Removed root CAs: * AddTrust Public Services Root * AddTrust Public CA Root * AddTrust Qualified CA Root * ApplicationCA - Japanese Government * Buypass Class 2 CA 1 * CA Disig Root R1 * CA WoSign ECC Root * Certification Authority of WoSign G2 * Certinomis - Autorit?? Racine * Certum Root CA * China Internet Network Information Center EV Certificates Root * CNNIC ROOT * Comodo Secure Services root * Comodo Trusted Services root * ComSign Secured CA * EBG Elektronik Sertifika Hizmet Sa??lay??c??s?? * Equifax Secure CA * Equifax Secure eBusiness CA 1 * Equifax Secure Global eBusiness CA * GeoTrust Global CA 2 * IGC/A * Juur-SK * Microsec e-Szigno Root CA * PSCProcert * Root CA Generalitat Valenciana * RSA Security 2048 v3 * Security Communication EV RootCA1 * Sonera Class 1 Root CA * StartCom Certification Authority * StartCom Certification Authority G2 * S-TRUST Authentication and Encryption Root CA 2005 PN * Swisscom Root CA 1 * Swisscom Root EV CA 2 * T??B??TAK UEKAE K??k Sertifika Hizmet Sa??lay??c??s?? - S??r??m 3 * T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? * T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? H6 * UTN USERFirst Hardware Root CA * UTN USERFirst Object Root CA * VeriSign Class 3 Secure Server CA - G2 * Verisign Class 1 Public Primary Certification Authority * Verisign Class 2 Public Primary Certification Authority - G2 * Verisign Class 3 Public Primary Certification Authority * WellsSecure Public Root Certificate Authority * Certification Authority of WoSign * WoSign China - Removed Code Signing rights from a lot of CAs (not listed here). - Removed Server Auth rights from: * AddTrust Low-Value Services Root * Camerfirma Chambers of Commerce Root * Camerfirma Global Chambersign Root * Swisscom Root CA 2 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-certs-13457=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssl-certs-13457=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-certs-13457=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): openssl-certs-2.22-0.7.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): openssl-certs-2.22-0.7.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): openssl-certs-2.22-0.7.3.1 References: https://bugzilla.suse.com/1010996 https://bugzilla.suse.com/1071152 https://bugzilla.suse.com/1071390 From sle-updates at lists.suse.com Wed Feb 7 07:07:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Feb 2018 15:07:50 +0100 (CET) Subject: SUSE-RU-2018:0380-1: Recommended update for python-ecdsa Message-ID: <20180207140750.2F5ABFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ecdsa ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0380-1 Rating: low References: #152667 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update syncs the python-ecdsa versions between the SUSE Linux Enterprise 12 Public Cloud Modules. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-268=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-ecdsa-0.13-5.2.1 References: https://bugzilla.suse.com/152667 From sle-updates at lists.suse.com Wed Feb 7 07:08:38 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Feb 2018 15:08:38 +0100 (CET) Subject: SUSE-RU-2018:0382-1: moderate: Recommended update for yast2-ruby-bindings Message-ID: <20180207140838.D0065FCE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ruby-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0382-1 Rating: moderate References: #1070583 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-ruby-bindings fixes the following issues: - Set proper window title also for YaST2 Firstboot (bsc#1070583) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-269=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-269=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): yast2-ruby-bindings-3.2.15-3.3.1 yast2-ruby-bindings-debuginfo-3.2.15-3.3.1 yast2-ruby-bindings-debugsource-3.2.15-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): yast2-ruby-bindings-3.2.15-3.3.1 yast2-ruby-bindings-debuginfo-3.2.15-3.3.1 yast2-ruby-bindings-debugsource-3.2.15-3.3.1 References: https://bugzilla.suse.com/1070583 From sle-updates at lists.suse.com Wed Feb 7 10:08:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Feb 2018 18:08:52 +0100 (CET) Subject: SUSE-SU-2018:0383-1: important: Security update for the Linux Kernel Message-ID: <20180207170852.441C4FCE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0383-1 Rating: important References: #1005778 #1005780 #1005781 #1012382 #1012917 #1015342 #1015343 #1019784 #1022476 #1022595 #1022912 #1024296 #1024376 #1031395 #1031492 #1031717 #1037838 #1038078 #1038085 #1040182 #1043652 #1048325 #1048585 #1053472 #1060279 #1062129 #1066163 #1066223 #1068032 #1068038 #1068569 #1068984 #1069138 #1069160 #1070052 #1070799 #1072163 #1072484 #1073229 #1073928 #1074134 #1074488 #1074621 #1074709 #1074839 #1074847 #1075066 #1075078 #1075087 #1075091 #1075397 #1075428 #1075617 #1075621 #1075627 #1075811 #1075994 #1076017 #1076110 #1076187 #1076232 #1076805 #1076847 #1076872 #1076899 #1077068 #1077560 #1077592 #1077704 #1077871 #1078002 #1078681 #963844 #966170 #966172 #973818 #985025 Cross-References: CVE-2017-15129 CVE-2017-17712 CVE-2017-17862 CVE-2017-17864 CVE-2017-18017 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 68 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel in the function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839). - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a "pointer leak (bnc#1073928). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382). - acpi / scan: Prefer devices without _HID/_CID for _ADR matching (bnc#1012382). - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382). - af_key: fix buffer overread in verify_address_len() (bnc#1012382). - afs: Adjust mode bits processing (bnc#1012382). - afs: Connect up the CB.ProbeUuid (bnc#1012382). - afs: Fix afs_kill_pages() (bnc#1012382). - afs: Fix missing put_page() (bnc#1012382). - afs: Fix page leak in afs_write_begin() (bnc#1012382). - afs: Fix the maths in afs_fs_store_data() (bnc#1012382). - afs: Flush outstanding writes when an fd is closed (bnc#1012382). - afs: Migrate vlocation fields to 64-bit (bnc#1012382). - afs: Populate and use client modification time (bnc#1012382). - afs: Populate group ID from vnode status (bnc#1012382). - afs: Prevent callback expiry timer overflow (bnc#1012382). - alpha: fix build failures (bnc#1012382). - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717). - alsa: aloop: Release cable upon open error path (bsc#1031717). - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717). - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - arc: uaccess: dont use "l" gcc inline asm constraint modifier (bnc#1012382). - arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032). - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032). - arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032). - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032). - arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032). - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032). - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 (bsc#1068032). - arm64: debug: remove unused local_dbg_{enable, disable} macros (bsc#1068032). - arm64: Define cputype macros for Falkor CPU (bsc#1068032). - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032). - arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187). - arm64: do not pull uaccess.h into *.S (bsc#1068032). - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032). - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032). - arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032). - arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032). - arm64: entry: remove pointless SPSR mode check (bsc#1068032). - arm64: entry.S convert el0_sync (bsc#1068032). - arm64: entry.S: convert el1_sync (bsc#1068032). - arm64: entry.S: convert elX_irq (bsc#1068032). - arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032). - arm64: entry.S: Remove disable_dbg (bsc#1068032). - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code (bsc#1068032). - arm64: explicitly mask all exceptions (bsc#1068032). - arm64: factor out entry stack manipulation (bsc#1068032). - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032). - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032). - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032). - arm64: factor work_pending state machine to C (bsc#1068032). - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382). - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032). - arm64: Handle faults caused by inadvertent user access with PAN enabled (bsc#1068032). - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032). - arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032). - arm64: Implement branch predictor hardening for Falkor (bsc#1068032). - arm64: Initialise high_memory global variable earlier (bnc#1012382). - arm64: introduce an order for exceptions (bsc#1068032). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032). - arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 (bsc#1068032). - arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032). - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032). - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032). - arm64: kill ESR_LNX_EXEC (bsc#1068032). - arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032). - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bsc#1076232). - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm64: kvm: Make PSCI_VERSION a fast path (bsc#1068032). - arm64: kvm: Use per-CPU vector when BP hardening is enabled (bsc#1068032). - arm64: Mask all exceptions during kernel_exit (bsc#1068032). - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032). - arm64: mm: Allocate ASIDs in pairs (bsc#1068032). - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: hardcode rodata=true (bsc#1068032). - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR (bsc#1068032). - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032). - arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032). - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032). - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 (bsc#1068032). - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032). - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: Use non-global mappings for kernel space (bsc#1068032). - arm64: Move BP hardening to check_and_switch_context (bsc#1068032). - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032). - arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032). - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032). - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032). - arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032). - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032). - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032). - arm64: thunderx2: remove branch predictor hardening References: bsc#1076232 This causes undefined instruction abort on the smc call from guest kernel. Disable until kvm is fixed. - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032). - arm64: Turn on KPTI only on CPUs that need it (bsc#1076187). - arm64: use alternative auto-nop (bsc#1068032). - arm64: use RET instruction for exiting the trampoline (bsc#1068032). - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032). - arm/arm64: kvm: Make default HYP mappings non-excutable (bsc#1068032). - arm: avoid faulting on qemu (bnc#1012382). - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382). - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382). - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory (bnc#1012382). - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382). - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382). - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382). - arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382). - arm: OMAP2+: Fix device node reference counts (bnc#1012382). - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382). - arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382). - asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes). - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382). - asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - ath9k: fix tx99 potential info leak (bnc#1012382). - atm: horizon: Fix irq release error (bnc#1012382). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382). - axonram: Fix gendisk handling (bnc#1012382). - backlight: pwm_bl: Fix overflow condition (bnc#1012382). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: bch_allocator_thread() is not freezable (bsc#1076110). - bcache: bch_writeback_thread() is not freezable (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bnc#1012382). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: Fix building error on MIPS (bnc#1012382). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix wrong cache_misses statistics (bnc#1012382). - bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110, bsc#1019784). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache.txt: standardize document format (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - be2net: restore properly promisc mode after queues reconfiguration (bsc#963844 FATE#320192). - block: wake up all tasks blocked in get_request() (bnc#1012382). - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382). - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382). - bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382). - bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382). - btrfs: add missing memset while reading compressed inline extents (bnc#1012382). - btrfs: clear space cache inode generation always (bnc#1012382). - btrfs: embed extent_changeset::range_changed to the structure (dependent patch, bsc#1031395). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (bsc#1031395). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (bsc#1031395). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependent patch, bsc#1031395). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (bsc#1031395). - btrfs: qgroup-test: Fix backport error in qgroup selftest (just to make CONFIG_BTRFS_FS_RUN_SANITY_TESTS pass compile). - btrfs: ulist: make the finalization function public (dependent patch, bsc#1031395). - btrfs: ulist: rename ulist_fini to ulist_release (dependent patch, bsc#1031395). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: gs_usb: fix return value of the "set_bittiming" callback (bnc#1012382). - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bnc#1012382). - can: kvaser_usb: free buf in error paths (bnc#1012382). - can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382). - can: peak: fix potential bug in packet fragmentation (bnc#1012382). - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382). - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - ceph: more accurate statfs (bsc#1077068). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382). - clk: mediatek: add the option for determining PLL source clock (bnc#1012382). - clk: tegra: Fix cclk_lp divisor register (bnc#1012382). - config: arm64: enable HARDEN_BRANCH_PREDICTOR - config: arm64: enable UNMAP_KERNEL_AT_EL0 - cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382). - cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382). - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382). - crypto: algapi - fix NULL dereference in crypto_remove_spawns() (bnc#1012382). - crypto: chacha20poly1305 - validate the digest size (bnc#1012382). - crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325). - crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382). - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382). - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382). - crypto: n2 - cure use after free (bnc#1012382). - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382). - crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382). - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382). - cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223). - dax: Pass detailed error code from __dax_fault() (bsc#1072484). - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (bnc#1012382). - delay: add poll_event_interruptible (bsc#1048585). - dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704). - dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382). - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() (bnc#1012382). - dmaengine: pl330: fix double lock (bnc#1012382). - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382). - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382). - dm bufio: fix shrinker scans when (nr_to_scan < retain_target) (bnc#1012382). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382). - drivers/firmware: Expose psci_get_version through psci_ops structure (bsc#1068032). - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382). - drm: extra printk() wrapper macros (bnc#1012382). - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement (bnc#1012382). - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382). - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382). - drm/radeon: fix atombios on big endian (bnc#1012382). - drm/radeon: reinstate oland workaround for sclk (bnc#1012382). - drm/radeon/si: add dpm quirk for Oland (bnc#1012382). - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382). - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382). - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382). - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382). - edac, sb_edac: Fix missing break in switch (bnc#1012382). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - efi/esrt: Cleanup bad memory map log messages (bnc#1012382). - efi: Move some sysfs files to be read-only by root (bnc#1012382). - eventpoll.h: add missing epoll event masks (bnc#1012382). - ext4: fix crash when a directory's i_size is too small (bnc#1012382). - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484). - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382). - fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382). - Fix EX_SIZE. We do not have the patches that shave off parts of the exception data. - Fix mishandling of cases with MSR not being present (writing to MSR even though _state == -1). - Fix return value from ib[rs|pb]_enabled() - Fixup hang when calling 'nvme list' on all paths down (bsc#1070052). - fjes: Fix wrong netdevice feature flags (bnc#1012382). - flow_dissector: properly cap thoff field (bnc#1012382). - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382). - fork: clear thread stack upon allocation (bsc#1077560). - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382). - futex: Prevent overflow by strengthen input validation (bnc#1012382). - gcov: disable for COMPILE_TEST (bnc#1012382). - gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382). - gpio: altera: Use handle_level_irq when configured as a level_high (bnc#1012382). - hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382). - hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382). - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382). - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382). - i40iw: Account for IPv6 header when setting MSS (bsc#1024376 FATE#321249). - i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249). - i40iw: Cleanup AE processing (bsc#1024376 FATE#321249). - i40iw: Clear CQP Head/Tail during initialization (bsc#1024376 FATE#321249). - i40iw: Correct ARP index mask (bsc#1024376 FATE#321249). - i40iw: Do not allow posting WR after QP is flushed (bsc#1024376 FATE#321249). - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE (bsc#1024376 FATE#321249). - i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249). - i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376 FATE#321249). - i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249). - i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376 FATE#321249). - i40iw: Move cqp_cmd_head init to CQP initialization (bsc#1024376 FATE#321249). - i40iw: Move exception_lan_queue to VSI structure (bsc#1024376 FATE#321249). - i40iw: Move MPA request event for loopback after connect (bsc#1024376 FATE#321249). - i40iw: Notify user of established connection after QP in RTS (bsc#1024376 FATE#321249). - i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249). - ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242). - ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818 FATE#319242). - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush (git-fixes). - ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350). - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382). - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382). - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382). - ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872). - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066). - ibmvnic: Fix IP offload control buffer (bsc#1076899). - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899). - ibmvnic: Fix pending MAC address changes (bsc#1075627). - ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872). - ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872). - ibmvnic: Wait for device response when changing MAC (bsc#1078681). - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (bsc#973818, fate#319242). - ib/srpt: Disable RDMA access by the initiator (bnc#1012382). - ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265). - ib/uverbs: Fix command checking as part of ib_uverbs_ex_modify_qp() (FATE#321231 FATE#321473 FATE#322153 FATE#322149). - igb: check memory allocation failure (bnc#1012382). - ima: fix hash algorithm initialization (bnc#1012382). - inet: frag: release spinlock before calling icmp_send() (bnc#1012382). - input: 88pm860x-ts - fix child-node lookup (bnc#1012382). - input: elantech - add new icbody type 15 (bnc#1012382). - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382). - input: trackpoint - force 3 buttons if 0 button is reported (bnc#1012382). - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382). - input: twl6040-vibra - fix child-node lookup (bnc#1012382). - input: twl6040-vibra - fix DT node memory management (bnc#1012382). - intel_th: pci: Add Gemini Lake support (bnc#1012382). - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382). - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382). - ip6_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246). - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382). - ip_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246). - ipmi: Stop timers before cleaning up the module (bnc#1012382). - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382). - ipv4: igmp: guard against silly MTU values (bnc#1012382). - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (bnc#1012382). - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (bnc#1012382). - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382). - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382). - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes). - ipv6: mcast: better catch silly mtu values (bnc#1012382). - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382). - ipvlan: fix ipv6 outbound device (bnc#1012382). - ipvlan: remove excessive packet scrubbing (bsc#1070799). - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382). - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382). - iscsi_iser: Re-enable 'iser_pi_guard' module parameter (bsc#1062129). - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382). - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref (bnc#1012382). - isdn: kcapi: avoid uninitialized data (bnc#1012382). - iser-target: Fix possible use-after-free in connection establishment error (FATE#321732). - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382). - iw_cxgb4: reflect the original WR opcode in drain cqes (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - iw_cxgb4: when flushing, complete all wrs in a chain (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - ixgbe: fix use of uninitialized padding (bnc#1012382). - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382). - kabi fix for new hash_cred function (bsc#1012917). - kabi: Keep KVM stable after enable s390 wire up bpb feature (bsc#1076805). - kABI: protect struct bpf_map (kabi). - kABI: protect struct ipv6_pinfo (kabi). - kABI: protect struct t10_alua_tg_pt_gp (kabi). - kABI: protect struct usbip_device (kabi). - kabi/severities: arm64: ignore cpu capability array - kabi/severities: do not care about stuff_RSB - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382). - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382). - kernel/acct.c: fix the acct->needcheck check in check_free_space() (bnc#1012382). - kernel: make groups_sort calling a responsibility group_info allocators (bnc#1012382). - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (bnc#1012382). - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (bnc#1012382). - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (bnc#1012382). - keys: add missing permission check for request_key() destination (bnc#1012382). - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382). - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382). - kpti: Report when enabled (bnc#1012382). - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382). - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset (bnc#1012382). - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382). - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables (bnc#1012382). - kvm: s390: Enable all facility bits that are known good for passthrough (bsc#1076805). - kvm: s390: wire up bpb feature (bsc#1076805). - kvm: VMX: Fix enable VPID conditions (bnc#1012382). - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382). - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382 bsc#1068032). - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382). - kvm: x86: correct async page present tracepoint (bnc#1012382). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382). - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382). - lan78xx: Fix failure in USB Full Speed (bnc#1012382). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012382). - libata: drop WARN from protocol error in ata_sff_qc_issue() (bnc#1012382). - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382). - macvlan: Only deliver one copy of the frame to the macvlan interface (bnc#1012382). - md: more open-coded offset_in_page() (bsc#1076110). - media: dvb: i2c transfers over usb cannot be done from stack (bnc#1012382). - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382). - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382). - mfd: twl6040: Fix child-node lookup (bnc#1012382). - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382). - mlxsw: reg: Fix SPVM max record count (bnc#1012382). - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers (bnc#1012382). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mmc: mediatek: Fixed bug where clock frequency could be set wrong (bnc#1012382). - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382). - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382). - mm/mprotect: add a cond_resched() inside change_pmd_range() (bnc#1077871, bnc#1078002). - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP (bnc#1012382). - module: Add retpoline tag to VERMAGIC (bnc#1012382). - module: set __jump_table alignment to 8 (bnc#1012382). - more bio_map_user_iov() leak fixes (bnc#1012382). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - net: Allow neigh contructor functions ability to modify the primary_key (bnc#1012382). - net/appletalk: Fix kernel memory disclosure (bnc#1012382). - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382). - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values (bnc#1012382). - net: bcmgenet: power down internal phy if open or resume fails (bnc#1012382). - net: bcmgenet: Power up the internal PHY before probing the MII (bnc#1012382). - net: bcmgenet: reserved phy revisions must be checked first (bnc#1012382). - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (bnc#1012382). - net: core: fix module type in sock_diag_bind (bnc#1012382). - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces (bnc#1012382). - net: fec: fix multicast filtering hardware setup (bnc#1012382). - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382). - netfilter: do not track fragmented packets (bnc#1012382). - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382). - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382). - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134). - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table (bnc#1012382). - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382). - netfilter: nfnl_cthelper: fix runtime expectation policy updates (bnc#1012382). - net: Fix double free and memory corruption in get_net_ns_by_id() (bnc#1012382). - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382). - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382). - net: initialize msg.msg_flags in recvfrom (bnc#1012382). - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y (bnc#1012382). - net/mlx5: Avoid NULL pointer dereference on steering cleanup (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Cleanup IRQs in case of unload failure (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Add refcount to VXLAN structure (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix ETS BW check (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix features check of IPv6 traffic (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare (bsc#1015342). - net/mlx5e: Fix possible deadlock of VXLAN lock (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Prevent possible races in VXLAN control flow (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix error flow in CREATE_QP command (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix rate limit packet pacing naming and struct (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Stay in polling mode when command EQ destroy fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382). - net: mvneta: clear interface link status on port disable (bnc#1012382). - net: mvneta: eliminate wrong call to handle rx descriptor error (fate#319899). - net: mvneta: use proper rxq_number in loop on rx queues (fate#319899). - net/packet: fix a race in packet_bind() and packet_notifier() (bnc#1012382). - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382). - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (bnc#1012382). - net: qdisc_pkt_len_init() should be more robust (bnc#1012382). - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382). - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 (bnc#1012382). - net: reevalulate autoflowlabel setting after sysctl setting (bnc#1012382). - net: Resend IGMP memberships upon peer notification (bnc#1012382). - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382). - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382). - net: systemport: Pad packet before inserting TSB (bnc#1012382). - net: systemport: Utilize skb_put_padto() (bnc#1012382). - net: tcp: close sock if net namespace is exiting (bnc#1012382). - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382). - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382). - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfs: Do not take a reference on fl->fl_file for LOCK operation (bnc#1012382). - nfs: Fix a typo in nfs_rename() (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382). - nfsv4: Fix client recovery when server reboots multiple times (bnc#1012382). - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() (bnc#1012382). - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1012382). - nvme_fc: correct hang in nvme_ns_remove() (bsc#1075811). - nvme_fc: fix rogue admin cmds stalling teardown (bsc#1075811). - nvme-pci: Remove watchdog timer (bsc#1066163). - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382). - packet: fix crash in fanout_demux_rollover() (bnc#1012382). - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel (bnc#1012382). - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382). - partially revert tipc improve link resiliency when rps is activated (bsc#1068038). - pci/AER: Report non-fatal errors only to the affected endpoint (bnc#1012382). - pci: Avoid bus reset if bridge itself is broken (bnc#1012382). - pci: Create SR-IOV virtfn/physfn links before attaching driver (bnc#1012382). - pci: Detach driver before procfs & sysfs teardown on device remove (bnc#1012382). - pci/PME: Handle invalid data when reading Root Status (bnc#1012382). - pci / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382). - perf symbols: Fix symbols__fixup_end heuristic for corner cases (bnc#1012382). - perf test attr: Fix ignored test case result (bnc#1012382). - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012382). - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382). - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382). - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075087). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075087). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075087). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075087). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075087). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075087). - powerpc/ipic: Fix status get and status clear (bnc#1012382). - powerpc/perf: Dereference BHRB entries safely (bsc#1066223). - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382). - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo (bnc#1012382). - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested (bnc#1012382). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075087). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075087). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot (bsc#1068032, bsc#1075087). - ppp: Destroy the mutex when cleanup (bnc#1012382). - pppoe: take ->needed_headroom of lower device into account on xmit (bnc#1012382). - pti: unbreak EFI (bsc#1074709). - r8152: fix the list rx_done may be used without initialization (bnc#1012382). - r8152: prevent the driver from transmitting packets with carrier off (bnc#1012382). - r8169: fix memory corruption on retrieval of hardware statistics (bnc#1012382). - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382). - ravb: Remove Rx overflow log messages (bnc#1012382). - rbd: set max_segments to USHRT_MAX (bnc#1012382). - rdma/cma: Avoid triggering undefined behavior (bnc#1012382). - rdma/i40iw: Remove MSS change support (bsc#1024376 FATE#321249). - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382). - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382). - rds: null pointer dereference in rds_atomic_free_op (bnc#1012382). - Re-enable fixup detection by CPU type in case hypervisor call fails. - regulator: core: Rely on regulator_dev_release to free constraints (bsc#1074847). - regulator: da9063: Return an error code on probe failure (bsc#1074847). - regulator: pwm: Fix regulator ramp delay for continuous mode (bsc#1074847). - regulator: Try to resolve regulators supplies on registration (bsc#1074847). - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" (bnc#1012382). - Revert "drm/armada: Fix compile fail" (bnc#1012382). - Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382). - Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi). - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi). - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi). - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi). - Revert "module: Add retpoline tag to VERMAGIC" (kabi). - Revert "netlink: add a start callback for starting a netlink dump" (kabi). - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()" (bnc#1012382). - Revert "Re-enable fixup detection by CPU type in case hypervisor call fails." The firmware update is required for the existing instructions to also do the cache flush. - Revert "s390/kbuild: enable modversions for symbols exported from asm" (bnc#1012382). - Revert "sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks" (kabi). - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline" (kabi). - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382). - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory" (bnc#1012382). - Revert "x86/efi: Build our own page table structures" (bnc#1012382). - Revert "x86/efi: Hoist page table switching code into efi_call_virt()" (bnc#1012382). - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" (bnc#1012382). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087). - ring-buffer: Mask out the info bits when returning buffer page length (bnc#1012382). - route: also update fnhe_genid when updating a route cache (bnc#1012382). - route: update fnhe_expires for redirect when the fnhe exists (bnc#1012382). - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592). - rtc: pcf8563: fix output clock rate (bnc#1012382). - rtc: pl031: make interrupt optional (bnc#1012382). - rtc: set the alarm to the next expiring timer (bnc#1012382). - s390: always save and restore all registers on context switch (bnc#1012382). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390: fix compat system call table (bnc#1012382). - s390/pci: do not require AIS facility (bnc#1012382). - s390/qeth: no ETH header for outbound AF_IUCV (LTC#156276 bnc#1012382 bnc#1053472). - s390/runtime instrumentation: simplify task exit handling (bnc#1012382). - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382). - sched/deadline: Make sure the replenishment timer fires in the next period (bnc#1012382). - sched/deadline: Throttle a constrained deadline task activated after the deadline (bnc#1012382). - sched/deadline: Use deadline instead of period when calculating overflow (bnc#1012382). - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks (bnc#1012382). - sched/deadline: Zero out positive runtime after throttling constrained tasks (git-fixes). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - scsi: bfa: integer overflow in debugfs (bnc#1012382). - scsi: cxgb4i: fix Tx skb leak (bnc#1012382). - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS (bsc#1069138). - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading (bnc#1012382). - scsi: hpsa: destroy sas transport properties before scsi_host (bnc#1012382). - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382). - scsi: lpfc: Use after free in lpfc_rq_buf_free() (bsc#1037838). - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bnc#1012382). - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382). - scsi: sd: change manage_start_stop to bool in sysfs interface (bnc#1012382). - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382). - scsi: sr: wait for the medium to become ready (bsc#1048585). - sctp: do not allow the v4 socket to bind a v4mapped v6 address (bnc#1012382). - sctp: do not free asoc when it is already dead in sctp_sendmsg (bnc#1012382). - sctp: Replace use of sockets_allocated with specified macro (bnc#1012382). - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (bnc#1012382). - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382). - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382). - selftests/x86: Add test_vsyscall (bnc#1012382). - selftests/x86/ldt_get: Add a few additional tests for limits (bnc#1012382). - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382). - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382). - series.conf: move core networking (including netfilter) into sorted section - series.conf: whitespace cleanup - Set supported_modules_check 1 (bsc#1072163). - sfc: do not warn on successful change of MAC (bnc#1012382). - sh_eth: fix SH7757 GEther initialization (bnc#1012382). - sh_eth: fix TSU resource handling (bnc#1012382). - sit: update frag_off info (bnc#1012382). - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382). - sparc64/mm: set fields in deferred pages (bnc#1012382). - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382). - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382). - spi: xilinx: Detect stall with Unknown commands (bnc#1012382). - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl (bnc#1012382). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: Fix rpc_task_begin trace point (bnc#1012382). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - sysrq : fix Show Regs call trace on ARM (bnc#1012382). - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK (bnc#1012382). - target/file: Do not return error for UNMAP if length is zero (bnc#1012382). - target: fix ALUA transition timeout handling (bnc#1012382). - target:fix condition return in core_pr_dump_initiator_port() (bnc#1012382). - target: fix race during implicit transition work flushes (bnc#1012382). - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() (bnc#1012382). - target: Use system workqueue for ALUA transitions (bnc#1012382). - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382). - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382). - tcp md5sig: Use skb's saddr when replying to an incoming segment (bnc#1012382). - tcp: __tcp_hdrlen() helper (bnc#1012382). - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382). - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bnc#1012382). - thermal: hisilicon: Handle return value of clk_prepare_enable (bnc#1012382). - tipc: fix cleanup at module unload (bnc#1012382). - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382). - tipc: improve link resiliency when rps is activated (bsc#1068038). - tracing: Allocate mask_str buffer dynamically (bnc#1012382). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012382). - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382). - tracing: Fix possible double free on failure of allocating trace buffer (bnc#1012382). - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382). - tty fix oops when rmmod 8250 (bnc#1012382). - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382). - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382). - udf: Avoid overflow when session starts at large offset (bnc#1012382). - um: link vmlinux with -no-pie (bnc#1012382). - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382). - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382). - usb: core: Add type-specific length check of BOS descriptors (bnc#1012382). - usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382). - usb: devio: Prevent integer overflow in proc_do_submiturb() (bnc#1012382). - usb: Fix off by one in type-specific length check of BOS SSP capability (git-fixes). - usb: fix usbmon BUG trigger (bnc#1012382). - usb: gadget: configs: plug memory leak (bnc#1012382). - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping (bnc#1012382). - usb: gadgetfs: Fix a potential memory leak in 'dev_config()' (bnc#1012382). - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed (bnc#1012382). - usb: gadget: udc: remove pointer dereference after free (bnc#1012382). - usb: hub: Cycle HUB power when initialization fails (bnc#1012382). - usb: Increase usbfs transfer limit (bnc#1012382). - usbip: Fix implicit fallthrough warning (bnc#1012382). - usbip: Fix potential format overflow in userspace tools (bnc#1012382). - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382). - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (bnc#1012382). - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (bnc#1012382). - usbip: fix usbip bind writing random string after command in match_busid (bnc#1012382). - usbip: prevent leaking socket pointer address in messages (bnc#1012382). - usbip: prevent vhci_hcd driver from leaking a socket pointer address (bnc#1012382). - usbip: remove kernel addresses from usb device and urb debug msgs (bnc#1012382). - usbip: stub: stop printing kernel pointer addresses in messages (bnc#1012382). - usbip: vhci: stop printing kernel pointer addresses in messages (bnc#1012382). - usb: misc: usb3503: make sure reset is low for at least 100us (bnc#1012382). - usb: musb: da8xx: fix babble condition handling (bnc#1012382). - usb: phy: isp1301: Add OF device ID table (bnc#1012382). - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled (git-fixes). - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382). - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bnc#1012382). - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bnc#1012382). - usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382). - usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382). - usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382). - usb: serial: option: add Quectel BG96 id (bnc#1012382). - usb: serial: option: add support for Telit ME910 PID 0x1101 (bnc#1012382). - usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382). - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID (bnc#1012382). - usb: usbfs: Filter flags passed in from user space (bnc#1012382). - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382). - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382). - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382). - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382). - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382). - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bnc#1012382). - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bnc#1012382). - virtio: release virtio index when fail to device_register (bnc#1012382). - vmxnet3: repair memory leak (bnc#1012382). - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382). - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bnc#1012382). - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382). - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382). - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq (bnc#1012382). - writeback: fix memory leak in wb_queue_work() (bnc#1012382). - x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078). - x509: fix printing uninitialized stack memory when OID is empty (bsc#1075078). - x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (bnc#1012382). - x86/alternatives: Fix optimize_nops() checking (bnc#1012382). - x86/apic/vector: Fix off by one in error path (bnc#1012382). - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels (bnc#1012382). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382). - x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025). - x86/cpu: Rename "WESTMERE2" family to "NEHALEM_G" (bsc#985025). - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382). - x86/Documentation: Add PTI description (bnc#1012382). - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382). - x86/efi: Build our own page table structures (fate#320512). - x86/efi: Hoist page table switching code into efi_call_virt() (fate#320512). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bnc#1012382). - x86/hpet: Prevent might sleep splat on resume (bnc#1012382). - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382). - x86/kasan: Write protect kasan zero shadow (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading with a revision check (bnc#1012382). - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (git-fixes). - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382). - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (fate#320588). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382). - x86/pti: Document fix wrong index (bnc#1012382). - x86/pti/efi: broken conversion from efi to kernel page table (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382). - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (bnc#1012382). - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() (bnc#1012382). - xen-netfront: Improve error handling during initialization (bnc#1012382). - xfrm: Copy policy family in clone_policy (bnc#1012382). - xfs: add configurable error support to metadata buffers (bsc#1068569). - xfs: add configuration handlers for specific errors (bsc#1068569). - xfs: add configuration of error failure speed (bsc#1068569). - xfs: add "fail at unmount" error handling configuration (bsc#1068569). - xfs: Add infrastructure needed for error propagation during buffer IO failure (bsc#1068569). - xfs: address kabi for xfs buffer retry infrastructure (kabi). - xfs: configurable error behavior via sysfs (bsc#1068569). - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real (bnc#1012382). - xfs: fix log block underflow during recovery cycle verification (bnc#1012382). - xfs: fix up inode32/64 (re)mount handling (bsc#1069160). - xfs: introduce metadata IO error class (bsc#1068569). - xfs: introduce table-based init for error behaviors (bsc#1068569). - xfs: Properly retry failed inode items in case of error during buffer writeback (bsc#1068569). - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569). - xhci: Do not add a virt_dev to the devs array before it's fully allocated (bnc#1012382). - xhci: Fix ring leak in failure path of xhci_alloc_virt_device() (bnc#1012382). - xhci: plat: Register shutdown for xhci_plat (bnc#1012382). - zram: set physical queue limits to avoid array out of bounds accesses (bnc#1012382). - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-271=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-271=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-271=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-271=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-271=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-271=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-271=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.114-94.11.3 kernel-default-debugsource-4.4.114-94.11.3 kernel-default-extra-4.4.114-94.11.3 kernel-default-extra-debuginfo-4.4.114-94.11.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.114-94.11.3 kernel-obs-build-debugsource-4.4.114-94.11.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.114-94.11.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.114-94.11.3 kernel-default-base-4.4.114-94.11.3 kernel-default-base-debuginfo-4.4.114-94.11.3 kernel-default-debuginfo-4.4.114-94.11.3 kernel-default-debugsource-4.4.114-94.11.3 kernel-default-devel-4.4.114-94.11.3 kernel-syms-4.4.114-94.11.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.114-94.11.2 kernel-macros-4.4.114-94.11.2 kernel-source-4.4.114-94.11.2 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.114-94.11.3 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_11-default-1-4.3.5 kgraft-patch-4_4_114-94_11-default-debuginfo-1-4.3.5 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.114-94.11.3 cluster-md-kmp-default-debuginfo-4.4.114-94.11.3 dlm-kmp-default-4.4.114-94.11.3 dlm-kmp-default-debuginfo-4.4.114-94.11.3 gfs2-kmp-default-4.4.114-94.11.3 gfs2-kmp-default-debuginfo-4.4.114-94.11.3 kernel-default-debuginfo-4.4.114-94.11.3 kernel-default-debugsource-4.4.114-94.11.3 ocfs2-kmp-default-4.4.114-94.11.3 ocfs2-kmp-default-debuginfo-4.4.114-94.11.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.114-94.11.2 kernel-macros-4.4.114-94.11.2 kernel-source-4.4.114-94.11.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.114-94.11.3 kernel-default-debuginfo-4.4.114-94.11.3 kernel-default-debugsource-4.4.114-94.11.3 kernel-default-devel-4.4.114-94.11.3 kernel-default-extra-4.4.114-94.11.3 kernel-default-extra-debuginfo-4.4.114-94.11.3 kernel-syms-4.4.114-94.11.2 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.114-94.11.3 kernel-default-debuginfo-4.4.114-94.11.3 kernel-default-debugsource-4.4.114-94.11.3 References: https://www.suse.com/security/cve/CVE-2017-15129.html https://www.suse.com/security/cve/CVE-2017-17712.html https://www.suse.com/security/cve/CVE-2017-17862.html https://www.suse.com/security/cve/CVE-2017-17864.html https://www.suse.com/security/cve/CVE-2017-18017.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-5332.html https://www.suse.com/security/cve/CVE-2018-5333.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1005780 https://bugzilla.suse.com/1005781 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012917 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1015343 https://bugzilla.suse.com/1019784 https://bugzilla.suse.com/1022476 https://bugzilla.suse.com/1022595 https://bugzilla.suse.com/1022912 https://bugzilla.suse.com/1024296 https://bugzilla.suse.com/1024376 https://bugzilla.suse.com/1031395 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1037838 https://bugzilla.suse.com/1038078 https://bugzilla.suse.com/1038085 https://bugzilla.suse.com/1040182 https://bugzilla.suse.com/1043652 https://bugzilla.suse.com/1048325 https://bugzilla.suse.com/1048585 https://bugzilla.suse.com/1053472 https://bugzilla.suse.com/1060279 https://bugzilla.suse.com/1062129 https://bugzilla.suse.com/1066163 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068038 https://bugzilla.suse.com/1068569 https://bugzilla.suse.com/1068984 https://bugzilla.suse.com/1069138 https://bugzilla.suse.com/1069160 https://bugzilla.suse.com/1070052 https://bugzilla.suse.com/1070799 https://bugzilla.suse.com/1072163 https://bugzilla.suse.com/1072484 https://bugzilla.suse.com/1073229 https://bugzilla.suse.com/1073928 https://bugzilla.suse.com/1074134 https://bugzilla.suse.com/1074488 https://bugzilla.suse.com/1074621 https://bugzilla.suse.com/1074709 https://bugzilla.suse.com/1074839 https://bugzilla.suse.com/1074847 https://bugzilla.suse.com/1075066 https://bugzilla.suse.com/1075078 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075397 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1075617 https://bugzilla.suse.com/1075621 https://bugzilla.suse.com/1075627 https://bugzilla.suse.com/1075811 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1076187 https://bugzilla.suse.com/1076232 https://bugzilla.suse.com/1076805 https://bugzilla.suse.com/1076847 https://bugzilla.suse.com/1076872 https://bugzilla.suse.com/1076899 https://bugzilla.suse.com/1077068 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1077592 https://bugzilla.suse.com/1077704 https://bugzilla.suse.com/1077871 https://bugzilla.suse.com/1078002 https://bugzilla.suse.com/1078681 https://bugzilla.suse.com/963844 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/973818 https://bugzilla.suse.com/985025 From sle-updates at lists.suse.com Wed Feb 7 10:22:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Feb 2018 18:22:48 +0100 (CET) Subject: SUSE-SU-2018:0384-1: moderate: Security update for mariadb Message-ID: <20180207172248.6E766FD05@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0384-1 Rating: moderate References: #1058722 #1064101 #1064115 #1076505 Cross-References: CVE-2017-10268 CVE-2017-10378 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for mariadb to version 10.0.33 fixes several issues. These security issues were fixed: - CVE-2017-10378: Vulnerability in subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1064115). - CVE-2017-10268: Vulnerability in subcomponent: Server: Replication. Difficult to exploit vulnerability allowed high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1064101). These non-security issues were fixed: - CHECK TABLE no longer returns an error when run on a CONNECT table - 'Undo log record is too big.' error occurring in very narrow range of string lengths - Race condition between INFORMATION_SCHEMA.INNODB_SYS_TABLESTATS and ALTER/DROP/TRUNCATE TABLE - Wrong result after altering a partitioned table fixed bugs in InnoDB FULLTEXT INDEX - InnoDB FTS duplicate key error - InnoDB crash after failed ADD INDEX and table_definition_cache eviction - fts_create_doc_id() unnecessarily allocates 8 bytes for every inserted row - IMPORT TABLESPACE may corrupt ROW_FORMAT=REDUNDANT tables For additional details please see https://kb.askmonty.org/en/mariadb-10033-changelog Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-270=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-270=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-270=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-270=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-270=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-270=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-270=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-270=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-270=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libmysqlclient_r18-10.0.33-29.13.1 libmysqlclient_r18-32bit-10.0.33-29.13.1 mariadb-debuginfo-10.0.33-29.13.1 mariadb-debugsource-10.0.33-29.13.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libmysqlclient_r18-10.0.33-29.13.1 libmysqlclient_r18-32bit-10.0.33-29.13.1 mariadb-debuginfo-10.0.33-29.13.1 mariadb-debugsource-10.0.33-29.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.33-29.13.1 libmysqlclient_r18-10.0.33-29.13.1 libmysqld-devel-10.0.33-29.13.1 libmysqld18-10.0.33-29.13.1 libmysqld18-debuginfo-10.0.33-29.13.1 mariadb-debuginfo-10.0.33-29.13.1 mariadb-debugsource-10.0.33-29.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.33-29.13.1 libmysqlclient_r18-10.0.33-29.13.1 libmysqld-devel-10.0.33-29.13.1 libmysqld18-10.0.33-29.13.1 libmysqld18-debuginfo-10.0.33-29.13.1 mariadb-debuginfo-10.0.33-29.13.1 mariadb-debugsource-10.0.33-29.13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmysqlclient18-10.0.33-29.13.1 libmysqlclient18-debuginfo-10.0.33-29.13.1 mariadb-10.0.33-29.13.1 mariadb-client-10.0.33-29.13.1 mariadb-client-debuginfo-10.0.33-29.13.1 mariadb-debuginfo-10.0.33-29.13.1 mariadb-debugsource-10.0.33-29.13.1 mariadb-errormessages-10.0.33-29.13.1 mariadb-tools-10.0.33-29.13.1 mariadb-tools-debuginfo-10.0.33-29.13.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.33-29.13.1 libmysqlclient18-debuginfo-10.0.33-29.13.1 mariadb-10.0.33-29.13.1 mariadb-client-10.0.33-29.13.1 mariadb-client-debuginfo-10.0.33-29.13.1 mariadb-debuginfo-10.0.33-29.13.1 mariadb-debugsource-10.0.33-29.13.1 mariadb-errormessages-10.0.33-29.13.1 mariadb-tools-10.0.33-29.13.1 mariadb-tools-debuginfo-10.0.33-29.13.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libmysqlclient18-32bit-10.0.33-29.13.1 libmysqlclient18-debuginfo-32bit-10.0.33-29.13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.33-29.13.1 libmysqlclient18-debuginfo-10.0.33-29.13.1 mariadb-10.0.33-29.13.1 mariadb-client-10.0.33-29.13.1 mariadb-client-debuginfo-10.0.33-29.13.1 mariadb-debuginfo-10.0.33-29.13.1 mariadb-debugsource-10.0.33-29.13.1 mariadb-errormessages-10.0.33-29.13.1 mariadb-tools-10.0.33-29.13.1 mariadb-tools-debuginfo-10.0.33-29.13.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libmysqlclient18-32bit-10.0.33-29.13.1 libmysqlclient18-debuginfo-32bit-10.0.33-29.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libmysqlclient18-10.0.33-29.13.1 libmysqlclient18-32bit-10.0.33-29.13.1 libmysqlclient18-debuginfo-10.0.33-29.13.1 libmysqlclient18-debuginfo-32bit-10.0.33-29.13.1 libmysqlclient_r18-10.0.33-29.13.1 libmysqlclient_r18-32bit-10.0.33-29.13.1 mariadb-10.0.33-29.13.1 mariadb-client-10.0.33-29.13.1 mariadb-client-debuginfo-10.0.33-29.13.1 mariadb-debuginfo-10.0.33-29.13.1 mariadb-debugsource-10.0.33-29.13.1 mariadb-errormessages-10.0.33-29.13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libmysqlclient18-10.0.33-29.13.1 libmysqlclient18-32bit-10.0.33-29.13.1 libmysqlclient18-debuginfo-10.0.33-29.13.1 libmysqlclient18-debuginfo-32bit-10.0.33-29.13.1 libmysqlclient_r18-10.0.33-29.13.1 libmysqlclient_r18-32bit-10.0.33-29.13.1 mariadb-10.0.33-29.13.1 mariadb-client-10.0.33-29.13.1 mariadb-client-debuginfo-10.0.33-29.13.1 mariadb-debuginfo-10.0.33-29.13.1 mariadb-debugsource-10.0.33-29.13.1 mariadb-errormessages-10.0.33-29.13.1 References: https://www.suse.com/security/cve/CVE-2017-10268.html https://www.suse.com/security/cve/CVE-2017-10378.html https://bugzilla.suse.com/1058722 https://bugzilla.suse.com/1064101 https://bugzilla.suse.com/1064115 https://bugzilla.suse.com/1076505 From sle-updates at lists.suse.com Wed Feb 7 10:23:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Feb 2018 18:23:49 +0100 (CET) Subject: SUSE-SU-2018:0385-1: moderate: Security update for libvirt Message-ID: <20180207172349.BBF54FCE4@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0385-1 Rating: moderate References: #1070130 #1072887 #1073973 #1076500 Cross-References: CVE-2018-5748 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for libvirt provides several fixes. This security issue was fixed: - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500). These security issues were fixed: - Add a qemu hook script providing functionality similar to Xen's block-dmmd script. (fate#324177) - schema: Make disk driver name attribute optional. (bsc#1073973) - virt-create-rootfs: Handle all SLE 12 versions. (bsc#1072887) - libvirt-guests: Fix the 'stop' operation when action is 'suspend'. (bsc#1070130) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-272=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-272=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-272=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-272=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-272=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libvirt-client-32bit-2.0.0-27.29.1 libvirt-client-debuginfo-32bit-2.0.0-27.29.1 libvirt-debugsource-2.0.0-27.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-2.0.0-27.29.1 libvirt-devel-2.0.0-27.29.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvirt-2.0.0-27.29.1 libvirt-client-2.0.0-27.29.1 libvirt-client-debuginfo-2.0.0-27.29.1 libvirt-daemon-2.0.0-27.29.1 libvirt-daemon-config-network-2.0.0-27.29.1 libvirt-daemon-config-nwfilter-2.0.0-27.29.1 libvirt-daemon-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-interface-2.0.0-27.29.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-lxc-2.0.0-27.29.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-network-2.0.0-27.29.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-nodedev-2.0.0-27.29.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-nwfilter-2.0.0-27.29.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-qemu-2.0.0-27.29.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-secret-2.0.0-27.29.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-storage-2.0.0-27.29.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.29.1 libvirt-daemon-lxc-2.0.0-27.29.1 libvirt-daemon-qemu-2.0.0-27.29.1 libvirt-debugsource-2.0.0-27.29.1 libvirt-doc-2.0.0-27.29.1 libvirt-lock-sanlock-2.0.0-27.29.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.29.1 libvirt-nss-2.0.0-27.29.1 libvirt-nss-debuginfo-2.0.0-27.29.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libvirt-2.0.0-27.29.1 libvirt-client-2.0.0-27.29.1 libvirt-client-debuginfo-2.0.0-27.29.1 libvirt-daemon-2.0.0-27.29.1 libvirt-daemon-config-network-2.0.0-27.29.1 libvirt-daemon-config-nwfilter-2.0.0-27.29.1 libvirt-daemon-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-interface-2.0.0-27.29.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-lxc-2.0.0-27.29.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-network-2.0.0-27.29.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-nodedev-2.0.0-27.29.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-nwfilter-2.0.0-27.29.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-qemu-2.0.0-27.29.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-secret-2.0.0-27.29.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-storage-2.0.0-27.29.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.29.1 libvirt-daemon-lxc-2.0.0-27.29.1 libvirt-daemon-qemu-2.0.0-27.29.1 libvirt-debugsource-2.0.0-27.29.1 libvirt-doc-2.0.0-27.29.1 libvirt-lock-sanlock-2.0.0-27.29.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.29.1 libvirt-nss-2.0.0-27.29.1 libvirt-nss-debuginfo-2.0.0-27.29.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.29.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.29.1 libvirt-daemon-xen-2.0.0-27.29.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvirt-2.0.0-27.29.1 libvirt-client-2.0.0-27.29.1 libvirt-client-32bit-2.0.0-27.29.1 libvirt-client-debuginfo-2.0.0-27.29.1 libvirt-client-debuginfo-32bit-2.0.0-27.29.1 libvirt-daemon-2.0.0-27.29.1 libvirt-daemon-config-network-2.0.0-27.29.1 libvirt-daemon-config-nwfilter-2.0.0-27.29.1 libvirt-daemon-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-interface-2.0.0-27.29.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-libxl-2.0.0-27.29.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-lxc-2.0.0-27.29.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-network-2.0.0-27.29.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-nodedev-2.0.0-27.29.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-nwfilter-2.0.0-27.29.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-qemu-2.0.0-27.29.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-secret-2.0.0-27.29.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.29.1 libvirt-daemon-driver-storage-2.0.0-27.29.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.29.1 libvirt-daemon-lxc-2.0.0-27.29.1 libvirt-daemon-qemu-2.0.0-27.29.1 libvirt-daemon-xen-2.0.0-27.29.1 libvirt-debugsource-2.0.0-27.29.1 libvirt-doc-2.0.0-27.29.1 References: https://www.suse.com/security/cve/CVE-2018-5748.html https://bugzilla.suse.com/1070130 https://bugzilla.suse.com/1072887 https://bugzilla.suse.com/1073973 https://bugzilla.suse.com/1076500 From sle-updates at lists.suse.com Wed Feb 7 10:24:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Feb 2018 18:24:49 +0100 (CET) Subject: SUSE-SU-2018:0386-1: important: Version update for docker, docker-runc, containerd, golang-github-docker-libnetwork Message-ID: <20180207172449.1C1DCFCE4@maintenance.suse.de> SUSE Security Update: Version update for docker, docker-runc, containerd, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0386-1 Rating: important References: #1021227 #1029320 #1032287 #1045628 #1046024 #1048046 #1051429 #1053532 #1055676 #1057743 #1058173 #1059011 #1064926 #1065109 #1066210 #1066801 #1069468 #1069758 #1072798 Cross-References: CVE-2017-14992 CVE-2017-16539 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has 17 fixes is now available. Description: This update for docker, docker-runc, containerd, golang-github-docker-libnetwork fixes several issues. These security issues were fixed: - CVE-2017-16539: The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi pathnames, which allowed attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP (bnc#1066801) - CVE-2017-14992: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. (bnc#1066210) These non-security issues were fixed: - bsc#1059011: The systemd service helper script used a timeout of 60 seconds to start the daemon, which is insufficient in cases where the daemon takes longer to start. Instead, set the service type from 'simple' to 'notify' and remove the now superfluous helper script. - bsc#1057743: New requirement with new version of docker-libnetwork. - bsc#1032287: Missing docker systemd configuration. - bsc#1057743: New "symbol" for libnetwork requirement. - bsc#1057743: Update secrets patch to handle "old" containers that have orphaned secret data no longer available on the host. - bsc#1055676: Update patches to correctly handle volumes and mounts when Docker is running with user namespaces enabled. - bsc#1045628:: Add patch to make the dm storage driver remove a container's rootfs mountpoint before attempting to do libdm operations on it. This helps avoid complications when live mounts will leak into containers. - bsc#1069758: Upgrade Docker to v17.09.1_ce (and obsolete docker-image-migrator). - bsc#1021227: bsc#1029320 bsc#1058173 -- Enable docker devicemapper support for deferred removal/deletion within Containers module. - bsc#1046024: Correct interaction between Docker and SuSEFirewall2, to avoid breaking Docker networking after boot. - bsc#1048046: Build with -buildmode=pie to make all binaries PIC. - bsc#1072798: Remove dependency on obsolete bridge-utils. - bsc#1064926: Set --start-timeout=2m by default to match upstream. - bsc#1065109, bsc#1053532: Use the upstream makefile so that Docker can get the commit ID in `docker info`. Please note that the "docker-runc" package is just a rename of the old "runc" package to match that we now ship the Docker fork of runc. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-273=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2018-273=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): containerd-0.2.9+gitr706_06b9cb351610-16.8.1 containerd-debuginfo-0.2.9+gitr706_06b9cb351610-16.8.1 containerd-debugsource-0.2.9+gitr706_06b9cb351610-16.8.1 docker-17.09.1_ce-98.8.1 docker-debuginfo-17.09.1_ce-98.8.1 docker-debugsource-17.09.1_ce-98.8.1 docker-libnetwork-0.7.0.1+gitr2066_7b2b1feb1de4-10.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2066_7b2b1feb1de4-10.1 docker-runc-1.0.0rc4+gitr3338_3f2f8b84a77f-1.3.1 golang-github-docker-libnetwork-debugsource-0.7.0.1+gitr2066_7b2b1feb1de4-10.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-0.2.9+gitr706_06b9cb351610-16.8.1 containerd-debuginfo-0.2.9+gitr706_06b9cb351610-16.8.1 containerd-debugsource-0.2.9+gitr706_06b9cb351610-16.8.1 docker-17.09.1_ce-98.8.1 docker-debuginfo-17.09.1_ce-98.8.1 docker-debugsource-17.09.1_ce-98.8.1 docker-libnetwork-0.7.0.1+gitr2066_7b2b1feb1de4-10.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2066_7b2b1feb1de4-10.1 docker-runc-1.0.0rc4+gitr3338_3f2f8b84a77f-1.3.1 golang-github-docker-libnetwork-debugsource-0.7.0.1+gitr2066_7b2b1feb1de4-10.1 References: https://www.suse.com/security/cve/CVE-2017-14992.html https://www.suse.com/security/cve/CVE-2017-16539.html https://bugzilla.suse.com/1021227 https://bugzilla.suse.com/1029320 https://bugzilla.suse.com/1032287 https://bugzilla.suse.com/1045628 https://bugzilla.suse.com/1046024 https://bugzilla.suse.com/1048046 https://bugzilla.suse.com/1051429 https://bugzilla.suse.com/1053532 https://bugzilla.suse.com/1055676 https://bugzilla.suse.com/1057743 https://bugzilla.suse.com/1058173 https://bugzilla.suse.com/1059011 https://bugzilla.suse.com/1064926 https://bugzilla.suse.com/1065109 https://bugzilla.suse.com/1066210 https://bugzilla.suse.com/1066801 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1069758 https://bugzilla.suse.com/1072798 From sle-updates at lists.suse.com Wed Feb 7 13:07:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Feb 2018 21:07:52 +0100 (CET) Subject: SUSE-RU-2018:0387-1: Recommended update for ceph Message-ID: <20180207200752.D877AFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0387-1 Rating: low References: #1072512 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph fixes the following issues: - rgw: Use bucket marker for multipart complete oid. (bsc#1072512) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-274=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): ceph-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-base-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-base-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-common-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-common-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-debugsource-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-fuse-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-fuse-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-mds-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-mds-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-mon-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-mon-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-osd-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-osd-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-radosgw-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-radosgw-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-test-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-test-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 ceph-test-debugsource-10.2.10+git.1516177732.f6f1baa356-12.9.2 libcephfs1-10.2.10+git.1516177732.f6f1baa356-12.9.2 libcephfs1-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 librados2-10.2.10+git.1516177732.f6f1baa356-12.9.2 librados2-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 libradosstriper1-10.2.10+git.1516177732.f6f1baa356-12.9.2 libradosstriper1-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 librbd1-10.2.10+git.1516177732.f6f1baa356-12.9.2 librbd1-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 librgw2-10.2.10+git.1516177732.f6f1baa356-12.9.2 librgw2-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 python-ceph-compat-10.2.10+git.1516177732.f6f1baa356-12.9.2 python-cephfs-10.2.10+git.1516177732.f6f1baa356-12.9.2 python-cephfs-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 python-rados-10.2.10+git.1516177732.f6f1baa356-12.9.2 python-rados-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 python-rbd-10.2.10+git.1516177732.f6f1baa356-12.9.2 python-rbd-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 rbd-fuse-10.2.10+git.1516177732.f6f1baa356-12.9.2 rbd-fuse-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 rbd-mirror-10.2.10+git.1516177732.f6f1baa356-12.9.2 rbd-mirror-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 rbd-nbd-10.2.10+git.1516177732.f6f1baa356-12.9.2 rbd-nbd-debuginfo-10.2.10+git.1516177732.f6f1baa356-12.9.2 References: https://bugzilla.suse.com/1072512 From sle-updates at lists.suse.com Thu Feb 8 04:11:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Feb 2018 12:11:06 +0100 (CET) Subject: SUSE-SU-2018:0395-1: moderate: Security update for libxml2 Message-ID: <20180208111106.A3E23FD05@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0395-1 Rating: moderate References: #1069689 #1077993 #1078806 #1078813 Cross-References: CVE-2016-5131 CVE-2017-15412 CVE-2017-16932 CVE-2017-5130 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libxml2 fixes several issues. Theses security issues were fixed: - CVE-2017-16932: Fixed infinite recursion could lead to an infinite loop or memory exhaustion when expanding a parameter entity in a DTD (bsc#1069689). - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993) - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813) - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-13458=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-13458=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-13458=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.77.10.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.77.10.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.77.10.1 libxml2-doc-2.7.6-0.77.10.1 libxml2-python-2.7.6-0.77.10.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.77.10.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.77.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.77.10.1 libxml2-debugsource-2.7.6-0.77.10.1 libxml2-python-debuginfo-2.7.6-0.77.10.1 libxml2-python-debugsource-2.7.6-0.77.10.1 References: https://www.suse.com/security/cve/CVE-2016-5131.html https://www.suse.com/security/cve/CVE-2017-15412.html https://www.suse.com/security/cve/CVE-2017-16932.html https://www.suse.com/security/cve/CVE-2017-5130.html https://bugzilla.suse.com/1069689 https://bugzilla.suse.com/1077993 https://bugzilla.suse.com/1078806 https://bugzilla.suse.com/1078813 From sle-updates at lists.suse.com Thu Feb 8 13:07:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Feb 2018 21:07:21 +0100 (CET) Subject: SUSE-SU-2018:0401-1: moderate: Security update for libxml2 Message-ID: <20180208200721.21EBAFCDB@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0401-1 Rating: moderate References: #1077993 #1078806 #1078813 Cross-References: CVE-2016-5131 CVE-2017-15412 CVE-2017-5130 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libxml2 fixes one issue. This security issue was fixed: - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993) - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813) - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-276=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-276=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-276=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-276=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-276=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-276=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-276=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-276=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-276=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.12.1 libxml2-devel-2.9.4-46.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.12.1 libxml2-devel-2.9.4-46.12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxml2-2-2.9.4-46.12.1 libxml2-2-debuginfo-2.9.4-46.12.1 libxml2-debugsource-2.9.4-46.12.1 libxml2-tools-2.9.4-46.12.1 libxml2-tools-debuginfo-2.9.4-46.12.1 python-libxml2-2.9.4-46.12.1 python-libxml2-debuginfo-2.9.4-46.12.1 python-libxml2-debugsource-2.9.4-46.12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libxml2-doc-2.9.4-46.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.12.1 libxml2-2-debuginfo-2.9.4-46.12.1 libxml2-debugsource-2.9.4-46.12.1 libxml2-tools-2.9.4-46.12.1 libxml2-tools-debuginfo-2.9.4-46.12.1 python-libxml2-2.9.4-46.12.1 python-libxml2-debuginfo-2.9.4-46.12.1 python-libxml2-debugsource-2.9.4-46.12.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libxml2-2-32bit-2.9.4-46.12.1 libxml2-2-debuginfo-32bit-2.9.4-46.12.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): libxml2-doc-2.9.4-46.12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.12.1 libxml2-2-debuginfo-2.9.4-46.12.1 libxml2-debugsource-2.9.4-46.12.1 libxml2-tools-2.9.4-46.12.1 libxml2-tools-debuginfo-2.9.4-46.12.1 python-libxml2-2.9.4-46.12.1 python-libxml2-debuginfo-2.9.4-46.12.1 python-libxml2-debugsource-2.9.4-46.12.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libxml2-2-32bit-2.9.4-46.12.1 libxml2-2-debuginfo-32bit-2.9.4-46.12.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): libxml2-doc-2.9.4-46.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libxml2-2-2.9.4-46.12.1 libxml2-2-32bit-2.9.4-46.12.1 libxml2-2-debuginfo-2.9.4-46.12.1 libxml2-2-debuginfo-32bit-2.9.4-46.12.1 libxml2-debugsource-2.9.4-46.12.1 libxml2-tools-2.9.4-46.12.1 libxml2-tools-debuginfo-2.9.4-46.12.1 python-libxml2-2.9.4-46.12.1 python-libxml2-debuginfo-2.9.4-46.12.1 python-libxml2-debugsource-2.9.4-46.12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libxml2-2-2.9.4-46.12.1 libxml2-2-32bit-2.9.4-46.12.1 libxml2-2-debuginfo-2.9.4-46.12.1 libxml2-2-debuginfo-32bit-2.9.4-46.12.1 libxml2-debugsource-2.9.4-46.12.1 libxml2-tools-2.9.4-46.12.1 libxml2-tools-debuginfo-2.9.4-46.12.1 python-libxml2-2.9.4-46.12.1 python-libxml2-debuginfo-2.9.4-46.12.1 python-libxml2-debugsource-2.9.4-46.12.1 - SUSE CaaS Platform ALL (x86_64): libxml2-2-2.9.4-46.12.1 libxml2-2-debuginfo-2.9.4-46.12.1 libxml2-debugsource-2.9.4-46.12.1 libxml2-tools-2.9.4-46.12.1 libxml2-tools-debuginfo-2.9.4-46.12.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libxml2-2-2.9.4-46.12.1 libxml2-2-debuginfo-2.9.4-46.12.1 libxml2-debugsource-2.9.4-46.12.1 References: https://www.suse.com/security/cve/CVE-2016-5131.html https://www.suse.com/security/cve/CVE-2017-15412.html https://www.suse.com/security/cve/CVE-2017-5130.html https://bugzilla.suse.com/1077993 https://bugzilla.suse.com/1078806 https://bugzilla.suse.com/1078813 From sle-updates at lists.suse.com Fri Feb 9 07:08:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 15:08:06 +0100 (CET) Subject: SUSE-SU-2018:0407-1: moderate: Security update for ghostscript Message-ID: <20180209140806.9E756FD05@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0407-1 Rating: moderate References: #1032138 #1032230 #1040643 #1050879 #1050887 #1050888 #1050889 #1050891 #1051184 Cross-References: CVE-2016-10219 CVE-2016-10317 CVE-2017-11714 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for ghostscript fixes several issues. These security issues were fixed: - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879). - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643). - CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1032230). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891). - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889). - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888). - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887). - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184). - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-277=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-277=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-277=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-277=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-277=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-277=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-277=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.15-23.7.1 ghostscript-debugsource-9.15-23.7.1 ghostscript-devel-9.15-23.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.15-23.7.1 ghostscript-debugsource-9.15-23.7.1 ghostscript-devel-9.15-23.7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ghostscript-9.15-23.7.1 ghostscript-debuginfo-9.15-23.7.1 ghostscript-debugsource-9.15-23.7.1 ghostscript-x11-9.15-23.7.1 ghostscript-x11-debuginfo-9.15-23.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-9.15-23.7.1 ghostscript-debuginfo-9.15-23.7.1 ghostscript-debugsource-9.15-23.7.1 ghostscript-x11-9.15-23.7.1 ghostscript-x11-debuginfo-9.15-23.7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-9.15-23.7.1 ghostscript-debuginfo-9.15-23.7.1 ghostscript-debugsource-9.15-23.7.1 ghostscript-x11-9.15-23.7.1 ghostscript-x11-debuginfo-9.15-23.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ghostscript-9.15-23.7.1 ghostscript-debuginfo-9.15-23.7.1 ghostscript-debugsource-9.15-23.7.1 ghostscript-x11-9.15-23.7.1 ghostscript-x11-debuginfo-9.15-23.7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ghostscript-9.15-23.7.1 ghostscript-debuginfo-9.15-23.7.1 ghostscript-debugsource-9.15-23.7.1 ghostscript-x11-9.15-23.7.1 ghostscript-x11-debuginfo-9.15-23.7.1 References: https://www.suse.com/security/cve/CVE-2016-10219.html https://www.suse.com/security/cve/CVE-2016-10317.html https://www.suse.com/security/cve/CVE-2017-11714.html https://www.suse.com/security/cve/CVE-2017-9216.html https://www.suse.com/security/cve/CVE-2017-9612.html https://www.suse.com/security/cve/CVE-2017-9726.html https://www.suse.com/security/cve/CVE-2017-9727.html https://www.suse.com/security/cve/CVE-2017-9739.html https://www.suse.com/security/cve/CVE-2017-9835.html https://bugzilla.suse.com/1032138 https://bugzilla.suse.com/1032230 https://bugzilla.suse.com/1040643 https://bugzilla.suse.com/1050879 https://bugzilla.suse.com/1050887 https://bugzilla.suse.com/1050888 https://bugzilla.suse.com/1050889 https://bugzilla.suse.com/1050891 https://bugzilla.suse.com/1051184 From sle-updates at lists.suse.com Fri Feb 9 10:09:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 18:09:08 +0100 (CET) Subject: SUSE-SU-2018:0409-1: moderate: Security update for libdb-4_5 Message-ID: <20180209170908.4838EFCDB@maintenance.suse.de> SUSE Security Update: Security update for libdb-4_5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0409-1 Rating: moderate References: #1043886 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libdb-4_5 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-libdb-4_5-13459=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libdb-4_5-13459=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libdb-4_5-13459=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libdb-4_5-13459=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libdb-4_5-devel-4.5.20-97.5 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libdb-4_5-devel-4.5.20-97.5 libdb_java-4_5-4.5.20-97.7 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): db-doc-4.5.20-97.5 db-utils-4.5.20-97.5 db-utils-doc-4.5.20-97.5 libdb-4_5-4.5.20-97.5 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libdb-4_5-32bit-4.5.20-97.5 - SUSE Linux Enterprise Server 11-SP4 (ia64): libdb-4_5-x86-4.5.20-97.5 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libdb-4_5-debuginfo-4.5.20-97.5 libdb-4_5-debugsource-4.5.20-97.5 libdb_java-4_5-debuginfo-4.5.20-97.7 libdb_java-4_5-debugsource-4.5.20-97.7 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libdb-4_5-debuginfo-32bit-4.5.20-97.5 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libdb-4_5-debuginfo-x86-4.5.20-97.5 References: https://bugzilla.suse.com/1043886 From sle-updates at lists.suse.com Fri Feb 9 10:09:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 18:09:37 +0100 (CET) Subject: SUSE-RU-2018:0410-1: Recommended update for open-vm-tools Message-ID: <20180209170937.85778FCE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0410-1 Rating: low References: #1062837 #1063320 #1073174 Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update of open-vm-tools to version 10.2.0 provides the following fixes and improvements: - Build deploypackage plugin for SLES11 making the VMware provided open-vm-tools-deploypkg obsolete. (bsc#1062837) - Fix a memory leak in vmtoolsd. - Add SUSE Server for SAP Applications to hostinfoPosix.c. - Fix a crash when stopping vmtoolsd. - Add new GOS definitions (e.g. SLES 15) for virtual hardware version 14. - Add /usr/bin/vmware-user symlink to vmware-user-suid-wrapper. - Provide vmware-vgauth-smoketest for VGAUthservice validation. - Modify udev rules to only adjust timeout on disk devices. (bsc#1063320) - Enable building with ssl capabilities for SLES11. - Tools Hgfs Plugin: refresh Hgfs drives on client start - Report version data via guestinfo vars - Add entries for MacOS 10.13 (High Sierra) to guest_os_tables.h. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-280=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-280=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP2 (x86_64): libvmtools0-10.2.0-9.6.1 libvmtools0-debuginfo-10.2.0-9.6.1 open-vm-tools-10.2.0-9.6.1 open-vm-tools-debuginfo-10.2.0-9.6.1 open-vm-tools-debugsource-10.2.0-9.6.1 open-vm-tools-desktop-10.2.0-9.6.1 open-vm-tools-desktop-debuginfo-10.2.0-9.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvmtools0-10.2.0-9.6.1 libvmtools0-debuginfo-10.2.0-9.6.1 open-vm-tools-10.2.0-9.6.1 open-vm-tools-debuginfo-10.2.0-9.6.1 open-vm-tools-debugsource-10.2.0-9.6.1 open-vm-tools-desktop-10.2.0-9.6.1 open-vm-tools-desktop-debuginfo-10.2.0-9.6.1 References: https://bugzilla.suse.com/1062837 https://bugzilla.suse.com/1063320 https://bugzilla.suse.com/1073174 From sle-updates at lists.suse.com Fri Feb 9 10:10:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 18:10:22 +0100 (CET) Subject: SUSE-RU-2018:0411-1: Recommended update for open-vm-tools Message-ID: <20180209171022.AEB26FCE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0411-1 Rating: low References: #1062837 #1063320 #1073174 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update of open-vm-tools to version 10.2.0 provides the following fixes and improvements: - Build deploypackage plugin for SLES11 making the VMware provided open-vm-tools-deploypkg obsolete. (bsc#1062837) - Fix a memory leak in vmtoolsd. - Add SUSE Server for SAP Applications to hostinfoPosix.c. - Fix a crash when stopping vmtoolsd. - Add new GOS definitions (e.g. SLES 15) for virtual hardware version 14. - Add /usr/bin/vmware-user symlink to vmware-user-suid-wrapper. - Provide vmware-vgauth-smoketest for VGAUthservice validation. - Modify udev rules to only adjust timeout on disk devices. (bsc#1063320) - Enable building with ssl capabilities for SLES11. - Tools Hgfs Plugin: refresh Hgfs drives on client start - Report version data via guestinfo vars - Add entries for MacOS 10.13 (High Sierra) to guest_os_tables.h. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-open-vm-tools-13460=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-open-vm-tools-13460=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libvmtools0-10.2.0-8.6.1 open-vm-tools-10.2.0-8.6.1 open-vm-tools-desktop-10.2.0-8.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): open-vm-tools-debuginfo-10.2.0-8.6.1 open-vm-tools-debugsource-10.2.0-8.6.1 References: https://bugzilla.suse.com/1062837 https://bugzilla.suse.com/1063320 https://bugzilla.suse.com/1073174 From sle-updates at lists.suse.com Fri Feb 9 10:11:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 18:11:10 +0100 (CET) Subject: SUSE-RU-2018:0412-1: Recommended update for open-vm-tools Message-ID: <20180209171110.57503FCE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0412-1 Rating: low References: #1062837 #1063320 #1073174 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update of open-vm-tools to version 10.2.0 provides the following fixes and improvements: - Build deploypackage plugin for SLES11 making the VMware provided open-vm-tools-deploypkg obsolete. (bsc#1062837) - Fix a memory leak in vmtoolsd. - Add SUSE Server for SAP Applications to hostinfoPosix.c. - Fix a crash when stopping vmtoolsd. - Add new GOS definitions (e.g. SLES 15) for virtual hardware version 14. - Add /usr/bin/vmware-user symlink to vmware-user-suid-wrapper. - Provide vmware-vgauth-smoketest for VGAUthservice validation. - Modify udev rules to only adjust timeout on disk devices. (bsc#1063320) - Enable building with ssl capabilities for SLES11. - Tools Hgfs Plugin: refresh Hgfs drives on client start - Report version data via guestinfo vars - Add entries for MacOS 10.13 (High Sierra) to guest_os_tables.h. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-279=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-279=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-279=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvmtools0-10.2.0-3.6.1 libvmtools0-debuginfo-10.2.0-3.6.1 open-vm-tools-10.2.0-3.6.1 open-vm-tools-debuginfo-10.2.0-3.6.1 open-vm-tools-debugsource-10.2.0-3.6.1 open-vm-tools-desktop-10.2.0-3.6.1 open-vm-tools-desktop-debuginfo-10.2.0-3.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvmtools0-10.2.0-3.6.1 libvmtools0-debuginfo-10.2.0-3.6.1 open-vm-tools-10.2.0-3.6.1 open-vm-tools-debuginfo-10.2.0-3.6.1 open-vm-tools-debugsource-10.2.0-3.6.1 open-vm-tools-desktop-10.2.0-3.6.1 open-vm-tools-desktop-debuginfo-10.2.0-3.6.1 - SUSE CaaS Platform ALL (x86_64): libvmtools0-10.2.0-3.6.1 libvmtools0-debuginfo-10.2.0-3.6.1 open-vm-tools-10.2.0-3.6.1 open-vm-tools-debuginfo-10.2.0-3.6.1 open-vm-tools-debugsource-10.2.0-3.6.1 References: https://bugzilla.suse.com/1062837 https://bugzilla.suse.com/1063320 https://bugzilla.suse.com/1073174 From sle-updates at lists.suse.com Fri Feb 9 13:08:36 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 21:08:36 +0100 (CET) Subject: SUSE-SU-2018:0413-1: moderate: Security update for GraphicsMagick Message-ID: <20180209200836.C20A0FD05@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0413-1 Rating: moderate References: #1043353 #1043354 #1047908 #1047910 #1050037 #1050072 #1050100 #1051442 #1052470 #1052708 #1052717 #1052768 #1052777 #1052781 #1054600 #1055038 #1055374 #1055455 #1055456 #1057000 #1060162 #1062752 #1067198 #1073690 #1074023 #1074120 #1074125 #1074175 #1075939 Cross-References: CVE-2014-9811 CVE-2017-10995 CVE-2017-11102 CVE-2017-11505 CVE-2017-11526 CVE-2017-11539 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13065 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14174 CVE-2017-14649 CVE-2017-15218 CVE-2017-15238 CVE-2017-16669 CVE-2017-17501 CVE-2017-17504 CVE-2017-17782 CVE-2017-17879 CVE-2017-17884 CVE-2017-17915 CVE-2017-8352 CVE-2017-9261 CVE-2017-9262 CVE-2018-5685 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 34 vulnerabilities is now available. Description: This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-13065: Prevent NULL pointer dereference in the function SVGStartElement (bsc#1055038). - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939). - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353) - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354) - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908) - CVE-2017-11102: The ReadOneJNGImage function allowed remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure (bsc#1047910). - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037) - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072) - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100) - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442) - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470) - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708) - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717) - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768) - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777) - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781) - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600) - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374) - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455) - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456) - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000) - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162) - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752) - CVE-2017-15238: ReadOneJNGImage had a use-after-free issue when the height or width is zero, related to ReadJNGImage (bsc#1067198). - CVE-2017-17782: Prevent heap-based buffer over-read in ReadOneJNGImage related to oFFs chunk allocation (bsc#1073690). - CVE-2017-17501: WriteOnePNGImage had a heap-based buffer over-read that could be triggered via a crafted file (bsc#1074023). - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120) - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125) - CVE-2017-17915: Prevent heap-based buffer over-read in ReadMNGImage when accessing one byte testing whether a limit has been reached (bsc#1074175). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13461=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13461=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13461=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.78.33.1 libGraphicsMagick2-1.2.5-4.78.33.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.78.33.1 libGraphicsMagick2-1.2.5-4.78.33.1 perl-GraphicsMagick-1.2.5-4.78.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.78.33.1 GraphicsMagick-debugsource-1.2.5-4.78.33.1 References: https://www.suse.com/security/cve/CVE-2014-9811.html https://www.suse.com/security/cve/CVE-2017-10995.html https://www.suse.com/security/cve/CVE-2017-11102.html https://www.suse.com/security/cve/CVE-2017-11505.html https://www.suse.com/security/cve/CVE-2017-11526.html https://www.suse.com/security/cve/CVE-2017-11539.html https://www.suse.com/security/cve/CVE-2017-11750.html https://www.suse.com/security/cve/CVE-2017-12565.html https://www.suse.com/security/cve/CVE-2017-12640.html https://www.suse.com/security/cve/CVE-2017-12641.html https://www.suse.com/security/cve/CVE-2017-12643.html https://www.suse.com/security/cve/CVE-2017-12673.html https://www.suse.com/security/cve/CVE-2017-12676.html https://www.suse.com/security/cve/CVE-2017-12935.html https://www.suse.com/security/cve/CVE-2017-13065.html https://www.suse.com/security/cve/CVE-2017-13141.html https://www.suse.com/security/cve/CVE-2017-13142.html https://www.suse.com/security/cve/CVE-2017-13147.html https://www.suse.com/security/cve/CVE-2017-14103.html https://www.suse.com/security/cve/CVE-2017-14174.html https://www.suse.com/security/cve/CVE-2017-14649.html https://www.suse.com/security/cve/CVE-2017-15218.html https://www.suse.com/security/cve/CVE-2017-15238.html https://www.suse.com/security/cve/CVE-2017-16669.html https://www.suse.com/security/cve/CVE-2017-17501.html https://www.suse.com/security/cve/CVE-2017-17504.html https://www.suse.com/security/cve/CVE-2017-17782.html https://www.suse.com/security/cve/CVE-2017-17879.html https://www.suse.com/security/cve/CVE-2017-17884.html https://www.suse.com/security/cve/CVE-2017-17915.html https://www.suse.com/security/cve/CVE-2017-8352.html https://www.suse.com/security/cve/CVE-2017-9261.html https://www.suse.com/security/cve/CVE-2017-9262.html https://www.suse.com/security/cve/CVE-2018-5685.html https://bugzilla.suse.com/1043353 https://bugzilla.suse.com/1043354 https://bugzilla.suse.com/1047908 https://bugzilla.suse.com/1047910 https://bugzilla.suse.com/1050037 https://bugzilla.suse.com/1050072 https://bugzilla.suse.com/1050100 https://bugzilla.suse.com/1051442 https://bugzilla.suse.com/1052470 https://bugzilla.suse.com/1052708 https://bugzilla.suse.com/1052717 https://bugzilla.suse.com/1052768 https://bugzilla.suse.com/1052777 https://bugzilla.suse.com/1052781 https://bugzilla.suse.com/1054600 https://bugzilla.suse.com/1055038 https://bugzilla.suse.com/1055374 https://bugzilla.suse.com/1055455 https://bugzilla.suse.com/1055456 https://bugzilla.suse.com/1057000 https://bugzilla.suse.com/1060162 https://bugzilla.suse.com/1062752 https://bugzilla.suse.com/1067198 https://bugzilla.suse.com/1073690 https://bugzilla.suse.com/1074023 https://bugzilla.suse.com/1074120 https://bugzilla.suse.com/1074125 https://bugzilla.suse.com/1074175 https://bugzilla.suse.com/1075939 From sle-updates at lists.suse.com Fri Feb 9 13:12:59 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 21:12:59 +0100 (CET) Subject: SUSE-SU-2018:0414-1: important: Security update for freetype2 Message-ID: <20180209201259.E2843FCDB@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0414-1 Rating: important References: #1028103 #1035807 #1036457 #1079600 Cross-References: CVE-2016-10244 CVE-2017-7864 CVE-2017-8105 CVE-2017-8287 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for freetype2 fixes the following security issues: - CVE-2016-10244: Make sure that the parse_charstrings function in type1/t1load.c does ensure that a font contains a glyph name to prevent a DoS through a heap-based buffer over-read or possibly have unspecified other impact via a crafted file (bsc#1028103) - CVE-2017-8105: Fix an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) - Fix several integer overflow issues in truetype/ttinterp.c (bsc#1079600) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-286=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-286=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-286=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-286=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-286=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-286=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-286=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-286=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.15.1 freetype2-devel-2.6.3-7.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.15.1 freetype2-devel-2.6.3-7.15.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): freetype2-debugsource-2.6.3-7.15.1 ft2demos-2.6.3-7.15.1 libfreetype6-2.6.3-7.15.1 libfreetype6-debuginfo-2.6.3-7.15.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.15.1 ft2demos-2.6.3-7.15.1 libfreetype6-2.6.3-7.15.1 libfreetype6-debuginfo-2.6.3-7.15.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libfreetype6-32bit-2.6.3-7.15.1 libfreetype6-debuginfo-32bit-2.6.3-7.15.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): freetype2-debugsource-2.6.3-7.15.1 ft2demos-2.6.3-7.15.1 libfreetype6-2.6.3-7.15.1 libfreetype6-debuginfo-2.6.3-7.15.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libfreetype6-32bit-2.6.3-7.15.1 libfreetype6-debuginfo-32bit-2.6.3-7.15.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): freetype2-debugsource-2.6.3-7.15.1 ft2demos-2.6.3-7.15.1 libfreetype6-2.6.3-7.15.1 libfreetype6-32bit-2.6.3-7.15.1 libfreetype6-debuginfo-2.6.3-7.15.1 libfreetype6-debuginfo-32bit-2.6.3-7.15.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): freetype2-debugsource-2.6.3-7.15.1 ft2demos-2.6.3-7.15.1 libfreetype6-2.6.3-7.15.1 libfreetype6-32bit-2.6.3-7.15.1 libfreetype6-debuginfo-2.6.3-7.15.1 libfreetype6-debuginfo-32bit-2.6.3-7.15.1 - SUSE CaaS Platform ALL (x86_64): freetype2-debugsource-2.6.3-7.15.1 libfreetype6-2.6.3-7.15.1 libfreetype6-debuginfo-2.6.3-7.15.1 References: https://www.suse.com/security/cve/CVE-2016-10244.html https://www.suse.com/security/cve/CVE-2017-7864.html https://www.suse.com/security/cve/CVE-2017-8105.html https://www.suse.com/security/cve/CVE-2017-8287.html https://bugzilla.suse.com/1028103 https://bugzilla.suse.com/1035807 https://bugzilla.suse.com/1036457 https://bugzilla.suse.com/1079600 From sle-updates at lists.suse.com Fri Feb 9 13:13:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 21:13:49 +0100 (CET) Subject: SUSE-RU-2018:0415-1: Recommended update for saptune Message-ID: <20180209201349.52C6CFCE4@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0415-1 Rating: low References: #1026172 #1031355 #1039309 #1043844 #1050521 #1060469 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for saptune provides the following fixes: - Support customer entries in /etc/security/limits.conf containing values like 'unlimited' instead of an integer value. (bsc#1060469) - Change error handling and redirect error messages to stderr instead of stdout. (bsc#1050521) - Amend logind's behavior to allow SAP applications to run an unlimited number of tasks per user. (bsc#1031355, bsc#1039309, bsc#1043844) - Extend saptune to support SAP ASE (Sybase) and SAP Business OBJects (BOBJ). (fate#320359) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-283=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): saptune-1.1.4-8.5.22 saptune-debuginfo-1.1.4-8.5.22 saptune-debugsource-1.1.4-8.5.22 References: https://bugzilla.suse.com/1026172 https://bugzilla.suse.com/1031355 https://bugzilla.suse.com/1039309 https://bugzilla.suse.com/1043844 https://bugzilla.suse.com/1050521 https://bugzilla.suse.com/1060469 From sle-updates at lists.suse.com Fri Feb 9 13:15:12 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 21:15:12 +0100 (CET) Subject: SUSE-SU-2018:0416-1: important: Security update for the Linux Kernel Message-ID: <20180209201512.C6DA4FCE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0416-1 Rating: important References: #1012382 #1012917 #1019784 #1022476 #1031717 #1038078 #1038085 #1043652 #1048585 #1052360 #1060279 #1066223 #1066842 #1068032 #1068038 #1068569 #1068984 #1069160 #1070799 #1072163 #1072484 #1072589 #1073229 #1073928 #1074134 #1074392 #1074488 #1074621 #1074709 #1074839 #1074847 #1075066 #1075078 #1075087 #1075091 #1075428 #1075617 #1075621 #1075627 #1075994 #1076017 #1076110 #1076806 #1076809 #1076872 #1076899 #1077068 #1077560 #1077592 #1078526 #1078681 #963844 #988524 Cross-References: CVE-2017-15129 CVE-2017-17712 CVE-2017-17862 CVE-2017-17864 CVE-2017-18017 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 44 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839). - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a "pointer leak (bnc#1073928). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). The following non-security bugs were fixed: - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382). - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching (bnc#1012382). - ARC: uaccess: dont use "l" gcc inline asm constraint modifier (bnc#1012382). - Fix EX_SIZE. We do not have the patches that shave off parts of the exception data. - Fix build error in vma.c (bnc#1012382). - Fix mishandling of cases with MSR not being present (writing to MSR even though _state == -1). - Fix return value from ib[rs|pb]_enabled() - Input: trackpoint - force 3 buttons if 0 button is reported (bnc#1012382). - KVM: s390: Enable all facility bits that are known good for passthrough (bsc#1076806). - Kabi: Keep KVM stable after enable s390 wire up bpb feature (bsc#1076806). - Move RFI sysfs to a separate patch - Move the RFI debug code into separate patch. - Re-enable fixup detection by CPU type in case hypervisor call fails. - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" (bnc#1012382). - Revert "Re-enable fixup detection by CPU type in case hypervisor call fails." The firmware update is required for the existing instructions to also do the cache flush. - Revert "arm64: alternatives: add enable parameter to conditional asm macros" (bsc#1068032). - Revert "drm/armada: Fix compile fail" (bnc#1012382). - Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382). - Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi). - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi). - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi). - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi). - Revert "netlink: add a start callback for starting a netlink dump" (kabi). - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()" (bnc#1012382). - Revert "s390/kbuild: enable modversions for symbols exported from asm" (bnc#1012382). - Revert "sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks" (kabi). - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline" (kabi). - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382). - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory" (bnc#1012382). - Revert "x86/efi: Build our own page table structures" (bnc#1012382). - Revert "x86/efi: Hoist page table switching code into efi_call_virt()" (bnc#1012382). - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" (bnc#1012382). - SMB2: Fix share type handling (bnc#1074392). - Set supported_modules_check 1 (bsc#1072163). - Update patches.suse/powerpc-Secure-memory-rfi-flush-SLE12SP3.patch (bsc#1068032, bsc#1075087). - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382). - af_key: fix buffer overread in verify_address_len() (bnc#1012382). - afs: Adjust mode bits processing (bnc#1012382). - afs: Connect up the CB.ProbeUuid (bnc#1012382). - afs: Fix afs_kill_pages() (bnc#1012382). - afs: Fix missing put_page() (bnc#1012382). - afs: Fix page leak in afs_write_begin() (bnc#1012382). - afs: Fix the maths in afs_fs_store_data() (bnc#1012382). - afs: Flush outstanding writes when an fd is closed (bnc#1012382). - afs: Migrate vlocation fields to 64-bit (bnc#1012382). - afs: Populate and use client modification time (bnc#1012382). - afs: Populate group ID from vnode status (bnc#1012382). - afs: Prevent callback expiry timer overflow (bnc#1012382). - alpha: fix build failures (bnc#1012382). - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717). - alsa: aloop: Release cable upon open error path (bsc#1031717). - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717). - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382). - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032). - arm64: Add hypervisor safe helper for checking constant capabilities (bsc#1068032). - arm64: Add macros to read/write system registers (bsc#1068032). - arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032). - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032). - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032). - arm64: Disable kpti for non broadcast TLB HW (bsc#1068032). - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032). - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032). - arm64: Fix circular include of asm/lse.h through linux/jump_label.h (bsc#1068032). - arm64: Fix compilation (bsc#1068032). - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032). - arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032). - arm64: Initialise high_memory global variable earlier (bnc#1012382). - arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 (bsc#1068032). - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032). - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032). - arm64: Mask all exceptions during kernel_exit (bsc#1068032). - arm64: Move BP hardening to check_and_switch_context (bsc#1068032). - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032). - arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032). - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032). - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032). - arm64: Store struct thread_info in sp_el0 (bsc#1068032). - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032). - arm64: Use static keys for CPU features (bsc#1068032). - arm64: add macro to extract ESR_ELx.EC (bsc#1068032). - arm64: alternative: add auto-nop infrastructure (bsc#1068032). - arm64: barriers: introduce nops and __nops macros for NOP sequences (bsc#1068032). - arm64: cpu_errata: Allow an erratum to be match for all revisions of a core (bsc#1068032). - arm64: cpufeature: Add scope for capability check (bsc#1068032). - arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032). - arm64: debug: remove unused local_dbg_{enable, disable} macros (bsc#1068032). - arm64: do not pull uaccess.h into *.S (bsc#1068032). - arm64: entry.S convert el0_sync (bsc#1068032). - arm64: entry.S: Remove disable_dbg (bsc#1068032). - arm64: entry.S: convert el1_sync (bsc#1068032). - arm64: entry.S: convert elX_irq (bsc#1068032). - arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032). - arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032). - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032). - arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032). - arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032). - arm64: entry: remove pointless SPSR mode check (bsc#1068032). - arm64: explicitly mask all exceptions (bsc#1068032). - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032). - arm64: factor out entry stack manipulation (bsc#1068032). - arm64: factor work_pending state machine to C (bsc#1068032). - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382). - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032). - arm64: introduce an order for exceptions (bsc#1068032). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032). - arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032). - arm64: kill ESR_LNX_EXEC (bsc#1068032). - arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032). - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bnc#1012382). - arm64: kvm: Survive unknown traps from guests (bnc#1012382). - arm64: kvm: Use per-CPU vector when BP hardening is enabled (bsc#1068032). - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032). - arm64: mm: Allocate ASIDs in pairs (bsc#1068032). - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR (bsc#1068032). - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032). - arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032). - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032). - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032). - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: Use non-global mappings for kernel space (bsc#1068032). - arm64: mm: hardcode rodata=true (bsc#1068032). - arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032). - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032). - arm64: sysreg: allow write_sysreg to use XZR (bsc#1068032). - arm64: tlbflush.h: add __tlbi() macro (bsc#1068032). - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032). - arm64: use RET instruction for exiting the trampoline (bsc#1068032). - arm64: use alternative auto-nop (bsc#1068032). - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032). - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382). - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382). - arm: OMAP2+: Fix device node reference counts (bnc#1012382). - arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382). - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382). - arm: avoid faulting on qemu (bnc#1012382). - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory (bnc#1012382). - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382). - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382). - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382). - arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm: kvm: Survive unknown traps from guests (bnc#1012382). - asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes). - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382). - asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - ath9k: fix tx99 potential info leak (bnc#1012382). - atm: horizon: Fix irq release error (bnc#1012382). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382). - axonram: Fix gendisk handling (bnc#1012382). - backlight: pwm_bl: Fix overflow condition (bnc#1012382). - bcache.txt: standardize document format (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: Fix building error on MIPS (bnc#1012382). - bcache: Remove deprecated create_workqueue (bsc#1076110). - bcache: Remove redundant block_size assignment (bsc#1076110). - bcache: Remove redundant parameter for cache_alloc() (bsc#1076110). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: debug: avoid accessing .bi_io_vec directly (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bnc#1012382). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix wrong cache_misses statistics (bnc#1012382). - bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110). - bcache: pr_err: more meaningful error message when nr_stripes is invalid (bsc#1076110). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652). - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085, bsc#1019784). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache: switch to using blk_queue_write_cache() (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: update document info (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - be2net: restore properly promisc mode after queues reconfiguration (bsc#963844). - block: export bio_free_pages to other modules (bsc#1076110). - block: wake up all tasks blocked in get_request() (bnc#1012382). - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382). - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382). - bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382). - bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382). - btrfs: account for pinned bytes in should_alloc_chunk (bsc#1066842). - btrfs: add missing memset while reading compressed inline extents (bnc#1012382). - btrfs: clear space cache inode generation always (bnc#1012382). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: gs_usb: fix return value of the "set_bittiming" callback (bnc#1012382). - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bnc#1012382). - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: kvaser_usb: free buf in error paths (bnc#1012382). - can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382). - can: peak: fix potential bug in packet fragmentation (bnc#1012382). - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382). - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - ceph: drop negative child dentries before try pruning inode's alias (bnc#1012382). - ceph: more accurate statfs (bsc#1077068). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382). - clk: mediatek: add the option for determining PLL source clock (bnc#1012382). - clk: tegra: Fix cclk_lp divisor register (bnc#1012382). - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382). - cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382). - cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382). - crypto: algapi - fix NULL dereference in crypto_remove_spawns() (bnc#1012382). - crypto: chacha20poly1305 - validate the digest size (bnc#1012382). - crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382). - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382). - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382). - crypto: n2 - cure use after free (bnc#1012382). - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382). - crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382). - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382). - cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223). - dax: Pass detailed error code from __dax_fault() (bsc#1072484). - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state (bnc#1012382). - delay: add poll_event_interruptible (bsc#1048585). - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382). - dm bufio: fix shrinker scans when (nr_to_scan < retain_target) (bnc#1012382). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382). - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() (bnc#1012382). - dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382). - dmaengine: pl330: fix double lock (bnc#1012382). - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382). - drivers/firmware: Expose psci_get_version through psci_ops structure (bsc#1068032). - drivers/md/bcache/util.h: remove duplicate inclusion of blkdev.h (bsc#1076110). - drivers: base: cacheinfo: fix boot error message when acpi is enabled (bnc#1012382). - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled (bnc#1012382). - drivers: net: xgene: Fix hardware checksum setting (bsc#1078526). - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382). - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement (bnc#1012382). - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382). - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382). - drm/radeon/si: add dpm quirk for Oland (bnc#1012382). - drm/radeon: fix atombios on big endian (bnc#1012382). - drm/radeon: reinstate oland workaround for sclk (bnc#1012382). - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382). - drm: extra printk() wrapper macros (bnc#1012382). - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382). - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382). - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382). - edac, sb_edac: Fix missing break in switch (bnc#1012382). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - efi/esrt: Cleanup bad memory map log messages (bnc#1012382). - efi: Move some sysfs files to be read-only by root (bnc#1012382). - eventpoll.h: add missing epoll event masks (bnc#1012382). - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484). - ext4: fix crash when a directory's i_size is too small (bnc#1012382). - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382). - fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382). - fjes: Fix wrong netdevice feature flags (bnc#1012382). - flow_dissector: properly cap thoff field (bnc#1012382). - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382). - fork: clear thread stack upon allocation (bsc#1077560). Conflicts: series.conf - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382). - futex: Prevent overflow by strengthen input validation (bnc#1012382). - gcov: disable for COMPILE_TEST (bnc#1012382). - gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382). - gpio: altera: Use handle_level_irq when configured as a level_high (bnc#1012382). - hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382). - hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382). - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382). - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382). - i40e: Do not enable NAPI on q_vectors that have no rings (bnc#1012382). - ib/hfi1: Correct defered count after processing qp_wait_list (git-fixes). - ib/hfi1: Fix rnr_timer addition (git-fixes). - ib/hfi1: Handle kzalloc failure in init_pervl_scs (git-fixes). - ib/hfi1: Move iowait_init() to priv allocate (git-fixes). - ib/hfi1: Prevent kernel QP post send hard lockups (git-fixes). - ib/hfi1: Reset QSFP on every run through channel tuning (git-fixes). - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush (git-fixes). - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382). - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382). - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382). - ib/qib: Remove qpt_mask global (git-fixes). - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (git-fixes). - ib/srpt: Disable RDMA access by the initiator (bnc#1012382). - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872). - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066). - ibmvnic: Fix IP offload control buffer (bsc#1076899). - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899). - ibmvnic: Fix pending MAC address changes (bsc#1075627). - ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872). - ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872). - ibmvnic: Wait for device response when changing MAC (bsc#1078681). - igb: check memory allocation failure (bnc#1012382). - ima: fix hash algorithm initialization (bnc#1012382). - inet: frag: release spinlock before calling icmp_send() (bnc#1012382). - input: 88pm860x-ts - fix child-node lookup (bnc#1012382). - input: elantech - add new icbody type 15 (bnc#1012382). - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382). - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382). - input: twl6040-vibra - fix DT node memory management (bnc#1012382). - input: twl6040-vibra - fix child-node lookup (bnc#1012382). - intel_th: pci: Add Gemini Lake support (bnc#1012382). - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382). - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382). - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382). - ipmi: Stop timers before cleaning up the module (bnc#1012382). - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382). - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (bnc#1012382). - ipv4: igmp: guard against silly MTU values (bnc#1012382). - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (bnc#1012382). - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382). - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382). - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes). - ipv6: mcast: better catch silly mtu values (bnc#1012382). - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382). - ipvlan: fix ipv6 outbound device (bnc#1012382). - ipvlan: remove excessive packet scrubbing (bsc#1070799). - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382). - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382). - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref (bnc#1012382). - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382). - isdn: kcapi: avoid uninitialized data (bnc#1012382). - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382). - ixgbe: fix use of uninitialized padding (bnc#1012382). - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382). - jump_label: Make it possible for arches to invoke jump_label_init() earlier (bsc#1068032). - jump_labels: Allow array initialisers (bsc#1068032). - kABI: protect struct bpf_map (kabi). - kABI: protect struct ipv6_pinfo (kabi). - kABI: protect struct t10_alua_tg_pt_gp (kabi). - kabi fix for new hash_cred function (bsc#1012917). - kabi/severities: do not care about stuff_RSB - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382). - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382). - kernel/acct.c: fix the acct->needcheck check in check_free_space() (bnc#1012382). - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (bnc#1012382). - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (bnc#1012382). - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (bnc#1012382). - kernel: make groups_sort calling a responsibility group_info allocators (bnc#1012382). - keys: add missing permission check for request_key() destination (bnc#1012382). - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382). - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382). - kpti: Report when enabled (bnc#1012382). - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382). - kvm: VMX: Fix enable VPID conditions (bnc#1012382). - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382). - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382). - kvm: arm/arm64: Fix occasional warning from the timer work function (bnc#1012382 bsc#988524). - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382). - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset (bnc#1012382). - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables (bnc#1012382). - kvm: s390: wire up bpb feature (bsc#1076806). - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382). - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: x86: correct async page present tracepoint (bnc#1012382). - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382). - lan78xx: Fix failure in USB Full Speed (bnc#1012382). - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012382). - libata: drop WARN from protocol error in ata_sff_qc_issue() (bnc#1012382). - macvlan: Only deliver one copy of the frame to the macvlan interface (bnc#1012382). - md-cluster: free md_cluster_info if node leave cluster (bnc#1012382). - media: dvb: i2c transfers over usb cannot be done from stack (bnc#1012382). - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382). - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382). - mfd: twl6040: Fix child-node lookup (bnc#1012382). - mlxsw: reg: Fix SPVM max record count (bnc#1012382). - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1012382). - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP (bnc#1012382). - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382). - mm: Introduce lm_alias (bsc#1068032). - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers (bnc#1012382). - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mmc: mediatek: Fixed bug where clock frequency could be set wrong (bnc#1012382). - module: set __jump_table alignment to 8 (bnc#1012382). - more bio_map_user_iov() leak fixes (bnc#1012382). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1012382). - net/appletalk: Fix kernel memory disclosure (bnc#1012382). - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y (bnc#1012382). - net/packet: fix a race in packet_bind() and packet_notifier() (bnc#1012382). - net: Allow neigh contructor functions ability to modify the primary_key (bnc#1012382). - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces (bnc#1012382). - net: Fix double free and memory corruption in get_net_ns_by_id() (bnc#1012382). - net: Resend IGMP memberships upon peer notification (bnc#1012382). - net: bcmgenet: Power up the internal PHY before probing the MII (bnc#1012382). - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382). - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values (bnc#1012382). - net: bcmgenet: power down internal phy if open or resume fails (bnc#1012382). - net: bcmgenet: reserved phy revisions must be checked first (bnc#1012382). - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (bnc#1012382). - net: core: fix module type in sock_diag_bind (bnc#1012382). - net: fec: fix multicast filtering hardware setup (bnc#1012382). - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382). - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382). - net: initialize msg.msg_flags in recvfrom (bnc#1012382). - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382). - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382). - net: mvneta: clear interface link status on port disable (bnc#1012382). - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382). - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (bnc#1012382). - net: qdisc_pkt_len_init() should be more robust (bnc#1012382). - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 (bnc#1012382). - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382). - net: reevalulate autoflowlabel setting after sysctl setting (bnc#1012382). - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382). - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382). - net: systemport: Pad packet before inserting TSB (bnc#1012382). - net: systemport: Utilize skb_put_padto() (bnc#1012382). - net: tcp: close sock if net namespace is exiting (bnc#1012382). - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382). - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382). - netfilter: do not track fragmented packets (bnc#1012382). - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382). - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382). - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134). - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382). - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table (bnc#1012382). - netfilter: nfnl_cthelper: fix runtime expectation policy updates (bnc#1012382). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - nfs: Do not take a reference on fl->fl_file for LOCK operation (bnc#1012382). - nfs: Fix a typo in nfs_rename() (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382). - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382). - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382). - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382). - nfsv4: Fix client recovery when server reboots multiple times (bnc#1012382). - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() (bnc#1012382). - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382). - packet: fix crash in fanout_demux_rollover() (bnc#1012382). - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel (bnc#1012382). - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382). - partially revert tipc improve link resiliency when rps is activated (bsc#1068038). - pci / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382). - pci/AER: Report non-fatal errors only to the affected endpoint (bnc#1012382). - pci/PME: Handle invalid data when reading Root Status (bnc#1012382). - pci: Avoid bus reset if bridge itself is broken (bnc#1012382). - pci: Create SR-IOV virtfn/physfn links before attaching driver (bnc#1012382). - pci: Detach driver before procfs & sysfs teardown on device remove (bnc#1012382). - perf symbols: Fix symbols__fixup_end heuristic for corner cases (bnc#1012382). - perf test attr: Fix ignored test case result (bnc#1012382). - perf: xgene: Add support for SoC PMU version 3 (bsc#1076809). - perf: xgene: Include module.h (bsc#1076809). - perf: xgene: Move PMU leaf functions into function pointer structure (bsc#1076809). - perf: xgene: Parse PMU subnode from the match table (bsc#1076809). - perf: xgene: Remove unnecessary managed resources cleanup (bsc#1076809). - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012382). - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382). - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382). - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075087). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075087). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075087). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075087). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075087). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075087). - powerpc/ipic: Fix status get and status clear (bnc#1012382). - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382). - powerpc/perf: Dereference BHRB entries safely (bsc#1066223). - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo (bnc#1012382). - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested (bnc#1012382). - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075087). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075087). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot (bsc#1068032, bsc#1075087). - ppp: Destroy the mutex when cleanup (bnc#1012382). - pppoe: take ->needed_headroom of lower device into account on xmit (bnc#1012382). - pti: unbreak EFI (bsc#1074709). - r8152: fix the list rx_done may be used without initialization (bnc#1012382). - r8152: prevent the driver from transmitting packets with carrier off (bnc#1012382). - r8169: fix memory corruption on retrieval of hardware statistics (bnc#1012382). - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382). - ravb: Remove Rx overflow log messages (bnc#1012382). - rbd: set max_segments to USHRT_MAX (bnc#1012382). - rdma/cma: Avoid triggering undefined behavior (bnc#1012382). - rdma/iser: Fix possible mr leak on device removal event (bnc#1012382). - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382). - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382). - rds: null pointer dereference in rds_atomic_free_op (bnc#1012382). - regulator: Try to resolve regulators supplies on registration (bsc#1074847). - regulator: core: Rely on regulator_dev_release to free constraints (bsc#1074847). - regulator: da9063: Return an error code on probe failure (bsc#1074847). - regulator: pwm: Fix regulator ramp delay for continuous mode (bsc#1074847). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087). - ring-buffer: Mask out the info bits when returning buffer page length (bnc#1012382). - route: also update fnhe_genid when updating a route cache (bnc#1012382). - route: update fnhe_expires for redirect when the fnhe exists (bnc#1012382). - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592). - rtc: pcf8563: fix output clock rate (bnc#1012382). - rtc: pl031: make interrupt optional (bnc#1012382). - rtc: set the alarm to the next expiring timer (bnc#1012382). - s390/pci: do not require AIS facility (bnc#1012382). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1012382). - s390/runtime instrumentation: simplify task exit handling (bnc#1012382). - s390: always save and restore all registers on context switch (bnc#1012382). - s390: fix compat system call table (bnc#1012382). - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382). - sched/deadline: Make sure the replenishment timer fires in the next period (bnc#1012382). - sched/deadline: Throttle a constrained deadline task activated after the deadline (bnc#1012382). - sched/deadline: Use deadline instead of period when calculating overflow (bnc#1012382). - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks (bnc#1012382). - sched/deadline: Zero out positive runtime after throttling constrained tasks (git-fixes). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - scsi: bfa: integer overflow in debugfs (bnc#1012382). - scsi: check for device state in __scsi_remove_target() (bsc#1072589). - scsi: cxgb4i: fix Tx skb leak (bnc#1012382). - scsi: fixup kernel warning during rmmod() (bsc#1052360). - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading (bnc#1012382). - scsi: hpsa: destroy sas transport properties before scsi_host (bnc#1012382). - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382). - scsi: lpfc: Fix PT2PT PRLI reject (bnc#1012382). - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters (bnc#1012382). - scsi: lpfc: Fix secure firmware updates (bnc#1012382). - scsi: lpfc: PLOGI failures during NPIV testing (bnc#1012382). - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bnc#1012382). - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382). - scsi: sd: change manage_start_stop to bool in sysfs interface (bnc#1012382). - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382). - scsi: sr: wait for the medium to become ready (bsc#1048585). - sctp: Replace use of sockets_allocated with specified macro (bnc#1012382). - sctp: do not allow the v4 socket to bind a v4mapped v6 address (bnc#1012382). - sctp: do not free asoc when it is already dead in sctp_sendmsg (bnc#1012382). - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (bnc#1012382). - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382). - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382). - selftests/x86/ldt_get: Add a few additional tests for limits (bnc#1012382). - selftests/x86: Add test_vsyscall (bnc#1012382). - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382). - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382). - series.conf: fix wrong bsc reference - series.conf: whitespace cleanup - sfc: do not warn on successful change of MAC (bnc#1012382). - sh_eth: fix SH7757 GEther initialization (bnc#1012382). - sh_eth: fix TSU resource handling (bnc#1012382). - sit: update frag_off info (bnc#1012382). - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382). - sparc64/mm: set fields in deferred pages (bnc#1012382). - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382). - spi: xilinx: Detect stall with Unknown commands (bnc#1012382). - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382). - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl (bnc#1012382). - sunrpc: Fix rpc_task_begin trace point (bnc#1012382). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - sysrq : fix Show Regs call trace on ARM (bnc#1012382). - target/file: Do not return error for UNMAP if length is zero (bnc#1012382). - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() (bnc#1012382). - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK (bnc#1012382). - target: Use system workqueue for ALUA transitions (bnc#1012382). - target: fix ALUA transition timeout handling (bnc#1012382). - target: fix race during implicit transition work flushes (bnc#1012382). - target:fix condition return in core_pr_dump_initiator_port() (bnc#1012382). - tcp md5sig: Use skb's saddr when replying to an incoming segment (bnc#1012382). - tcp: __tcp_hdrlen() helper (bnc#1012382). - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382). - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382). - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382). - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bnc#1012382). - thermal: hisilicon: Handle return value of clk_prepare_enable (bnc#1012382). - tipc: fix cleanup at module unload (bnc#1012382). - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382). - tipc: improve link resiliency when rps is activated (bsc#1068038). - tracing: Allocate mask_str buffer dynamically (bnc#1012382). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012382). - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382). - tracing: Fix possible double free on failure of allocating trace buffer (bnc#1012382). - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382). - tty fix oops when rmmod 8250 (bnc#1012382). - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382). - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382). - udf: Avoid overflow when session starts at large offset (bnc#1012382). - um: link vmlinux with -no-pie (bnc#1012382). - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382). - usb: Fix off by one in type-specific length check of BOS SSP capability (git-fixes). - usb: Increase usbfs transfer limit (bnc#1012382). - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382). - usb: core: Add type-specific length check of BOS descriptors (bnc#1012382). - usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382). - usb: devio: Prevent integer overflow in proc_do_submiturb() (bnc#1012382). - usb: fix usbmon BUG trigger (bnc#1012382). - usb: gadget: configs: plug memory leak (bnc#1012382). - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed (bnc#1012382). - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping (bnc#1012382). - usb: gadget: udc: remove pointer dereference after free (bnc#1012382). - usb: gadgetfs: Fix a potential memory leak in 'dev_config()' (bnc#1012382). - usb: hub: Cycle HUB power when initialization fails (bnc#1012382). - usb: misc: usb3503: make sure reset is low for at least 100us (bnc#1012382). - usb: musb: da8xx: fix babble condition handling (bnc#1012382). - usb: phy: isp1301: Add OF device ID table (bnc#1012382). - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled (git-fixes). - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382). - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bnc#1012382). - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bnc#1012382). - usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382). - usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382). - usb: serial: option: add Quectel BG96 id (bnc#1012382). - usb: serial: option: add support for Telit ME910 PID 0x1101 (bnc#1012382). - usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382). - usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382). - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID (bnc#1012382). - usb: usbfs: Filter flags passed in from user space (bnc#1012382). - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382). - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382). - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382). - usbip: Fix implicit fallthrough warning (bnc#1012382). - usbip: Fix potential format overflow in userspace tools (bnc#1012382). - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382). - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (bnc#1012382). - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (bnc#1012382). - usbip: fix usbip bind writing random string after command in match_busid (bnc#1012382). - usbip: prevent leaking socket pointer address in messages (bnc#1012382). - usbip: prevent vhci_hcd driver from leaking a socket pointer address (bnc#1012382). - usbip: remove kernel addresses from usb device and urb debug msgs (bnc#1012382). - usbip: stub: stop printing kernel pointer addresses in messages (bnc#1012382). - usbip: vhci: stop printing kernel pointer addresses in messages (bnc#1012382). - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382). - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382). - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bnc#1012382). - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bnc#1012382). - virtio: release virtio index when fail to device_register (bnc#1012382). - vmxnet3: repair memory leak (bnc#1012382). - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382). - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bnc#1012382). - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382). - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382). - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq (bnc#1012382). - writeback: fix memory leak in wb_queue_work() (bnc#1012382). - x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078). - x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382). - x509: fix printing uninitialized stack memory when OID is empty (bsc#1075078). - x86/Documentation: Add PTI description (bnc#1012382). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (bnc#1012382). - x86/alternatives: Fix optimize_nops() checking (bnc#1012382). - x86/apic/vector: Fix off by one in error path (bnc#1012382). - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels (bnc#1012382). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382). - x86/cpu: Factor out application of forced CPU caps (bnc#1012382). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/efi-bgrt: Fix kernel panic when mapping BGRT data (bnc#1012382). - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382). - x86/efi: Build our own page table structures (bnc#1012382). - x86/efi: Hoist page table switching code into efi_call_virt() (bnc#1012382). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bnc#1012382). - x86/hpet: Prevent might sleep splat on resume (bnc#1012382). - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382). - x86/kasan: Write protect kasan zero shadow (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading with a revision check (bnc#1012382). - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382). - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (git-fixes). - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (bnc#1012382). - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382). - x86/pti/efi: broken conversion from efi to kernel page table (bnc#1012382). - x86/pti: Document fix wrong index (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382). - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (bnc#1012382). - xen-netfront: Improve error handling during initialization (bnc#1012382). - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() (bnc#1012382). - xfrm: Copy policy family in clone_policy (bnc#1012382). - xfs: Add infrastructure needed for error propagation during buffer IO failure (bsc#1068569). - xfs: Properly retry failed inode items in case of error during buffer writeback (bsc#1068569). - xfs: add "fail at unmount" error handling configuration (bsc#1068569). - xfs: add configurable error support to metadata buffers (bsc#1068569). - xfs: add configuration handlers for specific errors (bsc#1068569). - xfs: add configuration of error failure speed (bsc#1068569). - xfs: address kabi for xfs buffer retry infrastructure (kabi). - xfs: configurable error behavior via sysfs (bsc#1068569). - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real (bnc#1012382). - xfs: fix log block underflow during recovery cycle verification (bnc#1012382). - xfs: fix up inode32/64 (re)mount handling (bsc#1069160). - xfs: introduce metadata IO error class (bsc#1068569). - xfs: introduce table-based init for error behaviors (bsc#1068569). - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569). - xhci: Do not add a virt_dev to the devs array before it's fully allocated (bnc#1012382). - xhci: Fix ring leak in failure path of xhci_alloc_virt_device() (bnc#1012382). - xhci: plat: Register shutdown for xhci_plat (bnc#1012382). - zram: set physical queue limits to avoid array out of bounds accesses (bnc#1012382). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-285=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-285=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-285=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-285=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2018-285=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-285=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-285=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-285=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.114-92.64.1 kernel-default-debugsource-4.4.114-92.64.1 kernel-default-extra-4.4.114-92.64.1 kernel-default-extra-debuginfo-4.4.114-92.64.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.114-92.64.1 kernel-obs-build-debugsource-4.4.114-92.64.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.114-92.64.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.114-92.64.1 kernel-default-base-4.4.114-92.64.1 kernel-default-base-debuginfo-4.4.114-92.64.1 kernel-default-debuginfo-4.4.114-92.64.1 kernel-default-debugsource-4.4.114-92.64.1 kernel-default-devel-4.4.114-92.64.1 kernel-syms-4.4.114-92.64.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.114-92.64.1 kernel-macros-4.4.114-92.64.1 kernel-source-4.4.114-92.64.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.114-92.64.1 kernel-default-base-4.4.114-92.64.1 kernel-default-base-debuginfo-4.4.114-92.64.1 kernel-default-debuginfo-4.4.114-92.64.1 kernel-default-debugsource-4.4.114-92.64.1 kernel-default-devel-4.4.114-92.64.1 kernel-syms-4.4.114-92.64.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.114-92.64.1 kernel-macros-4.4.114-92.64.1 kernel-source-4.4.114-92.64.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): kernel-default-man-4.4.114-92.64.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_114-92_64-default-1-3.3.2 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.114-92.64.1 cluster-md-kmp-default-debuginfo-4.4.114-92.64.1 cluster-network-kmp-default-4.4.114-92.64.1 cluster-network-kmp-default-debuginfo-4.4.114-92.64.1 dlm-kmp-default-4.4.114-92.64.1 dlm-kmp-default-debuginfo-4.4.114-92.64.1 gfs2-kmp-default-4.4.114-92.64.1 gfs2-kmp-default-debuginfo-4.4.114-92.64.1 kernel-default-debuginfo-4.4.114-92.64.1 kernel-default-debugsource-4.4.114-92.64.1 ocfs2-kmp-default-4.4.114-92.64.1 ocfs2-kmp-default-debuginfo-4.4.114-92.64.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.114-92.64.1 kernel-default-debuginfo-4.4.114-92.64.1 kernel-default-debugsource-4.4.114-92.64.1 kernel-default-devel-4.4.114-92.64.1 kernel-default-extra-4.4.114-92.64.1 kernel-default-extra-debuginfo-4.4.114-92.64.1 kernel-syms-4.4.114-92.64.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.114-92.64.1 kernel-macros-4.4.114-92.64.1 kernel-source-4.4.114-92.64.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.114-92.64.1 kernel-default-debuginfo-4.4.114-92.64.1 kernel-default-debugsource-4.4.114-92.64.1 References: https://www.suse.com/security/cve/CVE-2017-15129.html https://www.suse.com/security/cve/CVE-2017-17712.html https://www.suse.com/security/cve/CVE-2017-17862.html https://www.suse.com/security/cve/CVE-2017-17864.html https://www.suse.com/security/cve/CVE-2017-18017.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-5332.html https://www.suse.com/security/cve/CVE-2018-5333.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012917 https://bugzilla.suse.com/1019784 https://bugzilla.suse.com/1022476 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1038078 https://bugzilla.suse.com/1038085 https://bugzilla.suse.com/1043652 https://bugzilla.suse.com/1048585 https://bugzilla.suse.com/1052360 https://bugzilla.suse.com/1060279 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1066842 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068038 https://bugzilla.suse.com/1068569 https://bugzilla.suse.com/1068984 https://bugzilla.suse.com/1069160 https://bugzilla.suse.com/1070799 https://bugzilla.suse.com/1072163 https://bugzilla.suse.com/1072484 https://bugzilla.suse.com/1072589 https://bugzilla.suse.com/1073229 https://bugzilla.suse.com/1073928 https://bugzilla.suse.com/1074134 https://bugzilla.suse.com/1074392 https://bugzilla.suse.com/1074488 https://bugzilla.suse.com/1074621 https://bugzilla.suse.com/1074709 https://bugzilla.suse.com/1074839 https://bugzilla.suse.com/1074847 https://bugzilla.suse.com/1075066 https://bugzilla.suse.com/1075078 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1075617 https://bugzilla.suse.com/1075621 https://bugzilla.suse.com/1075627 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1076806 https://bugzilla.suse.com/1076809 https://bugzilla.suse.com/1076872 https://bugzilla.suse.com/1076899 https://bugzilla.suse.com/1077068 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1077592 https://bugzilla.suse.com/1078526 https://bugzilla.suse.com/1078681 https://bugzilla.suse.com/963844 https://bugzilla.suse.com/988524 From sle-updates at lists.suse.com Fri Feb 9 13:24:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Feb 2018 21:24:21 +0100 (CET) Subject: SUSE-RU-2018:0417-1: Recommended update for sapconf Message-ID: <20180209202421.6B07EFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0417-1 Rating: low References: #1057986 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapconf provides the following fix: - Fix a variable assignment that was preventing the pagecache_limit_mb from being calculated correctly. (bsc#1057986) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-282=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): sapconf-4.1.11-40.40.24 References: https://bugzilla.suse.com/1057986 From sle-updates at lists.suse.com Mon Feb 12 04:10:53 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Feb 2018 12:10:53 +0100 (CET) Subject: SUSE-SU-2018:0422-1: moderate: Security update for mysql Message-ID: <20180212111053.542BDFD2B@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0422-1 Rating: moderate References: #1076369 Cross-References: CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for mysql to version 5.5.59 fixes several issues. These security issues were fixed: - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369) - CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) - CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369) For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-59.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13462=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13462=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13462=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.59-0.39.9.8 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.59-0.39.9.8 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.59-0.39.9.8 libmysql55client_r18-5.5.59-0.39.9.8 mysql-5.5.59-0.39.9.8 mysql-client-5.5.59-0.39.9.8 mysql-tools-5.5.59-0.39.9.8 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.59-0.39.9.8 libmysql55client_r18-32bit-5.5.59-0.39.9.8 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.59-0.39.9.8 libmysql55client_r18-x86-5.5.59-0.39.9.8 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.59-0.39.9.8 mysql-debugsource-5.5.59-0.39.9.8 References: https://www.suse.com/security/cve/CVE-2018-2562.html https://www.suse.com/security/cve/CVE-2018-2622.html https://www.suse.com/security/cve/CVE-2018-2640.html https://www.suse.com/security/cve/CVE-2018-2665.html https://www.suse.com/security/cve/CVE-2018-2668.html https://bugzilla.suse.com/1076369 From sle-updates at lists.suse.com Mon Feb 12 04:11:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Feb 2018 12:11:28 +0100 (CET) Subject: SUSE-SU-2018:0423-1: moderate: Security update for ipsec-tools Message-ID: <20180212111128.1199DFD06@maintenance.suse.de> SUSE Security Update: Security update for ipsec-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0423-1 Rating: moderate References: #1047443 Cross-References: CVE-2016-10396 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ipsec-tools fixes one issue. This security issue was fixed: - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order (bsc#1047443). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ipsec-tools-13463=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ipsec-tools-13463=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ipsec-tools-0.7.3-1.38.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ipsec-tools-debuginfo-0.7.3-1.38.3.1 ipsec-tools-debugsource-0.7.3-1.38.3.1 References: https://www.suse.com/security/cve/CVE-2016-10396.html https://bugzilla.suse.com/1047443 From sle-updates at lists.suse.com Mon Feb 12 04:12:03 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Feb 2018 12:12:03 +0100 (CET) Subject: SUSE-SU-2018:0424-1: moderate: Security update for ipsec-tools Message-ID: <20180212111203.6A164FD06@maintenance.suse.de> SUSE Security Update: Security update for ipsec-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0424-1 Rating: moderate References: #1047443 Cross-References: CVE-2016-10396 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ipsec-tools fixes one issue. This security issue was fixed: - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order (bsc#1047443). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-288=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-288=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-288=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ipsec-tools-0.8.0-19.3.1 ipsec-tools-debuginfo-0.8.0-19.3.1 ipsec-tools-debugsource-0.8.0-19.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ipsec-tools-0.8.0-19.3.1 ipsec-tools-debuginfo-0.8.0-19.3.1 ipsec-tools-debugsource-0.8.0-19.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ipsec-tools-0.8.0-19.3.1 ipsec-tools-debuginfo-0.8.0-19.3.1 ipsec-tools-debugsource-0.8.0-19.3.1 References: https://www.suse.com/security/cve/CVE-2016-10396.html https://bugzilla.suse.com/1047443 From sle-updates at lists.suse.com Mon Feb 12 07:09:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Feb 2018 15:09:01 +0100 (CET) Subject: SUSE-RU-2018:0426-1: Recommended update for bash Message-ID: <20180212140901.39F07FD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0426-1 Rating: low References: #1057452 #1076909 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for bash provides the following fix: - Allow process group assignment on all kernel versions to fix the usage of debug traps. (bsc#1057452) - Fix a crash when filesystem is full. (bsc#1076909) - Enable multi-byte characters by default. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-291=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-291=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-291=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-291=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-291=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-291=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-291=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-291=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-291=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-291=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-291=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): bash-lang-4.3-83.5.2 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): bash-lang-4.3-83.5.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.5.2 bash-debugsource-4.3-83.5.2 bash-devel-4.3-83.5.2 readline-devel-6.3-83.5.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.5.2 bash-debugsource-4.3-83.5.2 bash-devel-4.3-83.5.2 readline-devel-6.3-83.5.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bash-4.3-83.5.2 bash-debuginfo-4.3-83.5.2 bash-debugsource-4.3-83.5.2 libreadline6-6.3-83.5.2 libreadline6-debuginfo-6.3-83.5.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bash-doc-4.3-83.5.2 readline-doc-6.3-83.5.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): bash-4.3-83.5.2 bash-debuginfo-4.3-83.5.2 bash-debugsource-4.3-83.5.2 libreadline6-6.3-83.5.2 libreadline6-debuginfo-6.3-83.5.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libreadline6-32bit-6.3-83.5.2 libreadline6-debuginfo-32bit-6.3-83.5.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): bash-doc-4.3-83.5.2 readline-doc-6.3-83.5.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): bash-4.3-83.5.2 bash-debuginfo-4.3-83.5.2 bash-debugsource-4.3-83.5.2 libreadline6-6.3-83.5.2 libreadline6-debuginfo-6.3-83.5.2 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libreadline6-32bit-6.3-83.5.2 libreadline6-debuginfo-32bit-6.3-83.5.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): bash-doc-4.3-83.5.2 readline-doc-6.3-83.5.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): bash-doc-4.3-83.5.2 bash-lang-4.3-83.5.2 readline-doc-6.3-83.5.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): bash-4.3-83.5.2 bash-debuginfo-4.3-83.5.2 bash-debugsource-4.3-83.5.2 libreadline6-32bit-6.3-83.5.2 libreadline6-6.3-83.5.2 libreadline6-debuginfo-32bit-6.3-83.5.2 libreadline6-debuginfo-6.3-83.5.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bash-4.3-83.5.2 bash-debuginfo-4.3-83.5.2 bash-debugsource-4.3-83.5.2 libreadline6-32bit-6.3-83.5.2 libreadline6-6.3-83.5.2 libreadline6-debuginfo-32bit-6.3-83.5.2 libreadline6-debuginfo-6.3-83.5.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): bash-doc-4.3-83.5.2 bash-lang-4.3-83.5.2 readline-doc-6.3-83.5.2 - SUSE CaaS Platform ALL (x86_64): bash-4.3-83.5.2 bash-debuginfo-4.3-83.5.2 bash-debugsource-4.3-83.5.2 libreadline6-6.3-83.5.2 libreadline6-debuginfo-6.3-83.5.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): bash-4.3-83.5.2 bash-debuginfo-4.3-83.5.2 bash-debugsource-4.3-83.5.2 libreadline6-6.3-83.5.2 libreadline6-debuginfo-6.3-83.5.2 References: https://bugzilla.suse.com/1057452 https://bugzilla.suse.com/1076909 From sle-updates at lists.suse.com Mon Feb 12 07:08:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Feb 2018 15:08:31 +0100 (CET) Subject: SUSE-RU-2018:0425-1: moderate: Recommended update for openstack-magnum Message-ID: <20180212140831.4DAC7FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-magnum ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0425-1 Rating: moderate References: #1075357 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-magnum fixes the following issues: - Copy cluster nodes logs always whether tests pass or fail. - Add kube dashboard and remove kube ui. - Add CoreDNS deployment in kubernetes atomic. - Fix usage of the trustee user in K8S Cinder plugin. - Set k8s apiserver preferred address type arg. - Add Kubernetes API Service IP to x509 certificates. - K8S: Allows to specify admission control plugins to enable. - Use lowercase keys for swarm waitcondition signal. - Fix rexray systemd unit. - Use 'virt_type=kvm' in devstack vm if supported. - Add net creating in install-guide. - Add reno for cluster_user_trust option. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-290=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-magnum-3.3.2~dev7-14.6.1 openstack-magnum-api-3.3.2~dev7-14.6.1 openstack-magnum-conductor-3.3.2~dev7-14.6.1 openstack-magnum-doc-3.3.2~dev7-14.6.1 python-magnum-3.3.2~dev7-14.6.1 References: https://bugzilla.suse.com/1075357 From sle-updates at lists.suse.com Mon Feb 12 13:07:48 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Feb 2018 21:07:48 +0100 (CET) Subject: SUSE-RU-2018:0427-1: Recommended update for crowbar-escm Message-ID: <20180212200748.97F97FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-escm ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0427-1 Rating: low References: #1069620 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-escm fixes the following issues: - Make sure to pull up-to-date images. - Add fix for Docker Compose timeout. - Changed credentials used by APP to connect to openstack. - Add lock file to deploy script. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-293=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): crowbar-escm-4.0+git.1517494400.4243761-1.12.1 References: https://bugzilla.suse.com/1069620 From sle-updates at lists.suse.com Mon Feb 12 13:08:10 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Feb 2018 21:08:10 +0100 (CET) Subject: SUSE-SU-2018:0428-1: important: Security update for libreoffice Message-ID: <20180212200810.E5353FCE4@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0428-1 Rating: important References: #1080249 Cross-References: CVE-2018-6871 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libreoffice fixes the following issues: LibreOffice was updated to 5.4.5.1: - CVE-2018-6871: Fixes data exposure when using WEBSERVICE (bsc#1080249) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-295=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-295=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-295=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libreoffice-5.4.5.1-40.24.1 libreoffice-base-5.4.5.1-40.24.1 libreoffice-base-debuginfo-5.4.5.1-40.24.1 libreoffice-base-drivers-mysql-5.4.5.1-40.24.1 libreoffice-base-drivers-mysql-debuginfo-5.4.5.1-40.24.1 libreoffice-base-drivers-postgresql-5.4.5.1-40.24.1 libreoffice-base-drivers-postgresql-debuginfo-5.4.5.1-40.24.1 libreoffice-calc-5.4.5.1-40.24.1 libreoffice-calc-debuginfo-5.4.5.1-40.24.1 libreoffice-calc-extensions-5.4.5.1-40.24.1 libreoffice-debuginfo-5.4.5.1-40.24.1 libreoffice-debugsource-5.4.5.1-40.24.1 libreoffice-draw-5.4.5.1-40.24.1 libreoffice-draw-debuginfo-5.4.5.1-40.24.1 libreoffice-filters-optional-5.4.5.1-40.24.1 libreoffice-gnome-5.4.5.1-40.24.1 libreoffice-gnome-debuginfo-5.4.5.1-40.24.1 libreoffice-impress-5.4.5.1-40.24.1 libreoffice-impress-debuginfo-5.4.5.1-40.24.1 libreoffice-mailmerge-5.4.5.1-40.24.1 libreoffice-math-5.4.5.1-40.24.1 libreoffice-math-debuginfo-5.4.5.1-40.24.1 libreoffice-officebean-5.4.5.1-40.24.1 libreoffice-officebean-debuginfo-5.4.5.1-40.24.1 libreoffice-pyuno-5.4.5.1-40.24.1 libreoffice-pyuno-debuginfo-5.4.5.1-40.24.1 libreoffice-writer-5.4.5.1-40.24.1 libreoffice-writer-debuginfo-5.4.5.1-40.24.1 libreoffice-writer-extensions-5.4.5.1-40.24.1 libreofficekit-5.4.5.1-40.24.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): libreoffice-icon-theme-galaxy-5.4.5.1-40.24.1 libreoffice-icon-theme-tango-5.4.5.1-40.24.1 libreoffice-l10n-af-5.4.5.1-40.24.1 libreoffice-l10n-ar-5.4.5.1-40.24.1 libreoffice-l10n-bg-5.4.5.1-40.24.1 libreoffice-l10n-ca-5.4.5.1-40.24.1 libreoffice-l10n-cs-5.4.5.1-40.24.1 libreoffice-l10n-da-5.4.5.1-40.24.1 libreoffice-l10n-de-5.4.5.1-40.24.1 libreoffice-l10n-en-5.4.5.1-40.24.1 libreoffice-l10n-es-5.4.5.1-40.24.1 libreoffice-l10n-fi-5.4.5.1-40.24.1 libreoffice-l10n-fr-5.4.5.1-40.24.1 libreoffice-l10n-gu-5.4.5.1-40.24.1 libreoffice-l10n-hi-5.4.5.1-40.24.1 libreoffice-l10n-hr-5.4.5.1-40.24.1 libreoffice-l10n-hu-5.4.5.1-40.24.1 libreoffice-l10n-it-5.4.5.1-40.24.1 libreoffice-l10n-ja-5.4.5.1-40.24.1 libreoffice-l10n-ko-5.4.5.1-40.24.1 libreoffice-l10n-lt-5.4.5.1-40.24.1 libreoffice-l10n-nb-5.4.5.1-40.24.1 libreoffice-l10n-nl-5.4.5.1-40.24.1 libreoffice-l10n-nn-5.4.5.1-40.24.1 libreoffice-l10n-pl-5.4.5.1-40.24.1 libreoffice-l10n-pt_BR-5.4.5.1-40.24.1 libreoffice-l10n-pt_PT-5.4.5.1-40.24.1 libreoffice-l10n-ro-5.4.5.1-40.24.1 libreoffice-l10n-ru-5.4.5.1-40.24.1 libreoffice-l10n-sk-5.4.5.1-40.24.1 libreoffice-l10n-sv-5.4.5.1-40.24.1 libreoffice-l10n-uk-5.4.5.1-40.24.1 libreoffice-l10n-xh-5.4.5.1-40.24.1 libreoffice-l10n-zh_CN-5.4.5.1-40.24.1 libreoffice-l10n-zh_TW-5.4.5.1-40.24.1 libreoffice-l10n-zu-5.4.5.1-40.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): libreoffice-debuginfo-5.4.5.1-40.24.1 libreoffice-debugsource-5.4.5.1-40.24.1 libreoffice-sdk-5.4.5.1-40.24.1 libreoffice-sdk-debuginfo-5.4.5.1-40.24.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libreoffice-5.4.5.1-40.24.1 libreoffice-base-5.4.5.1-40.24.1 libreoffice-base-debuginfo-5.4.5.1-40.24.1 libreoffice-base-drivers-mysql-5.4.5.1-40.24.1 libreoffice-base-drivers-mysql-debuginfo-5.4.5.1-40.24.1 libreoffice-base-drivers-postgresql-5.4.5.1-40.24.1 libreoffice-base-drivers-postgresql-debuginfo-5.4.5.1-40.24.1 libreoffice-calc-5.4.5.1-40.24.1 libreoffice-calc-debuginfo-5.4.5.1-40.24.1 libreoffice-calc-extensions-5.4.5.1-40.24.1 libreoffice-debuginfo-5.4.5.1-40.24.1 libreoffice-debugsource-5.4.5.1-40.24.1 libreoffice-draw-5.4.5.1-40.24.1 libreoffice-draw-debuginfo-5.4.5.1-40.24.1 libreoffice-filters-optional-5.4.5.1-40.24.1 libreoffice-gnome-5.4.5.1-40.24.1 libreoffice-gnome-debuginfo-5.4.5.1-40.24.1 libreoffice-impress-5.4.5.1-40.24.1 libreoffice-impress-debuginfo-5.4.5.1-40.24.1 libreoffice-mailmerge-5.4.5.1-40.24.1 libreoffice-math-5.4.5.1-40.24.1 libreoffice-math-debuginfo-5.4.5.1-40.24.1 libreoffice-officebean-5.4.5.1-40.24.1 libreoffice-officebean-debuginfo-5.4.5.1-40.24.1 libreoffice-pyuno-5.4.5.1-40.24.1 libreoffice-pyuno-debuginfo-5.4.5.1-40.24.1 libreoffice-writer-5.4.5.1-40.24.1 libreoffice-writer-debuginfo-5.4.5.1-40.24.1 libreoffice-writer-extensions-5.4.5.1-40.24.1 libreofficekit-5.4.5.1-40.24.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libreoffice-icon-theme-galaxy-5.4.5.1-40.24.1 libreoffice-icon-theme-tango-5.4.5.1-40.24.1 libreoffice-l10n-af-5.4.5.1-40.24.1 libreoffice-l10n-ar-5.4.5.1-40.24.1 libreoffice-l10n-ca-5.4.5.1-40.24.1 libreoffice-l10n-cs-5.4.5.1-40.24.1 libreoffice-l10n-da-5.4.5.1-40.24.1 libreoffice-l10n-de-5.4.5.1-40.24.1 libreoffice-l10n-en-5.4.5.1-40.24.1 libreoffice-l10n-es-5.4.5.1-40.24.1 libreoffice-l10n-fi-5.4.5.1-40.24.1 libreoffice-l10n-fr-5.4.5.1-40.24.1 libreoffice-l10n-gu-5.4.5.1-40.24.1 libreoffice-l10n-hi-5.4.5.1-40.24.1 libreoffice-l10n-hu-5.4.5.1-40.24.1 libreoffice-l10n-it-5.4.5.1-40.24.1 libreoffice-l10n-ja-5.4.5.1-40.24.1 libreoffice-l10n-ko-5.4.5.1-40.24.1 libreoffice-l10n-nb-5.4.5.1-40.24.1 libreoffice-l10n-nl-5.4.5.1-40.24.1 libreoffice-l10n-nn-5.4.5.1-40.24.1 libreoffice-l10n-pl-5.4.5.1-40.24.1 libreoffice-l10n-pt_BR-5.4.5.1-40.24.1 libreoffice-l10n-pt_PT-5.4.5.1-40.24.1 libreoffice-l10n-ro-5.4.5.1-40.24.1 libreoffice-l10n-ru-5.4.5.1-40.24.1 libreoffice-l10n-sk-5.4.5.1-40.24.1 libreoffice-l10n-sv-5.4.5.1-40.24.1 libreoffice-l10n-xh-5.4.5.1-40.24.1 libreoffice-l10n-zh_CN-5.4.5.1-40.24.1 libreoffice-l10n-zh_TW-5.4.5.1-40.24.1 libreoffice-l10n-zu-5.4.5.1-40.24.1 References: https://www.suse.com/security/cve/CVE-2018-6871.html https://bugzilla.suse.com/1080249 From sle-updates at lists.suse.com Mon Feb 12 13:08:49 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Feb 2018 21:08:49 +0100 (CET) Subject: SUSE-RU-2018:0430-1: important: Recommended update for ucode-intel Message-ID: <20180212200849.632D0FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0430-1 Rating: important References: #1074919 #1079890 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This reverts the ucode-intel package back to the 20170707 release, as the 20180108 release caused some issues with some Intel CPU flavor. The version of the package is "20180108.revertto20170707" to make sure it is installed on affected systems after the 20180108 release. (bsc#1079890 bsc#1074919) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-294=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-294=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-294=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-294=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-294=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-294=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-294=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-294=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ucode-intel-20180108.revertto20170707-13.14.1 ucode-intel-debuginfo-20180108.revertto20170707-13.14.1 ucode-intel-debugsource-20180108.revertto20170707-13.14.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20180108.revertto20170707-13.14.1 ucode-intel-debuginfo-20180108.revertto20170707-13.14.1 ucode-intel-debugsource-20180108.revertto20170707-13.14.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20180108.revertto20170707-13.14.1 ucode-intel-debuginfo-20180108.revertto20170707-13.14.1 ucode-intel-debugsource-20180108.revertto20170707-13.14.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): ucode-intel-20180108.revertto20170707-13.14.1 ucode-intel-debuginfo-20180108.revertto20170707-13.14.1 ucode-intel-debugsource-20180108.revertto20170707-13.14.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20180108.revertto20170707-13.14.1 ucode-intel-debuginfo-20180108.revertto20170707-13.14.1 ucode-intel-debugsource-20180108.revertto20170707-13.14.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20180108.revertto20170707-13.14.1 ucode-intel-debuginfo-20180108.revertto20170707-13.14.1 ucode-intel-debugsource-20180108.revertto20170707-13.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20180108.revertto20170707-13.14.1 ucode-intel-debuginfo-20180108.revertto20170707-13.14.1 ucode-intel-debugsource-20180108.revertto20170707-13.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ucode-intel-20180108.revertto20170707-13.14.1 ucode-intel-debuginfo-20180108.revertto20170707-13.14.1 ucode-intel-debugsource-20180108.revertto20170707-13.14.1 References: https://bugzilla.suse.com/1074919 https://bugzilla.suse.com/1079890 From sle-updates at lists.suse.com Tue Feb 13 04:11:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Feb 2018 12:11:22 +0100 (CET) Subject: SUSE-SU-2018:0431-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) Message-ID: <20180213111122.288FAFD05@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0431-1 Rating: important References: #1073230 Cross-References: CVE-2017-17712 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.92-6_30 fixes one issue. The following security issue was fixed: - CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-296=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_92-6_30-default-2-2.1 kgraft-patch-4_4_92-6_30-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-17712.html https://bugzilla.suse.com/1073230 From sle-updates at lists.suse.com Tue Feb 13 07:07:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Feb 2018 15:07:17 +0100 (CET) Subject: SUSE-RU-2018:0432-1: Recommended update for sapconf Message-ID: <20180213140717.51C61FCDB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0432-1 Rating: low References: #1057986 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapconf provides the following fix: - Fix a variable assignment that was preventing the pagecache_limit_mb from being calculated correctly. (bsc#1057986) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-297=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-297=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): sapconf-4.1.11-33.8.24 - SUSE Linux Enterprise Server 12-SP2 (noarch): sapconf-4.1.11-33.8.24 References: https://bugzilla.suse.com/1057986 From sle-updates at lists.suse.com Tue Feb 13 07:07:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Feb 2018 15:07:44 +0100 (CET) Subject: SUSE-SU-2018:0433-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) Message-ID: <20180213140744.373D7FCE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0433-1 Rating: important References: #1073230 Cross-References: CVE-2017-17712 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.103-6_33 fixes one issue. The following security issue was fixed: - CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-298=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_33-default-2-2.1 kgraft-patch-4_4_103-6_33-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-17712.html https://bugzilla.suse.com/1073230 From sle-updates at lists.suse.com Tue Feb 13 10:09:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Feb 2018 18:09:28 +0100 (CET) Subject: SUSE-RU-2018:0435-1: Recommended update for saptune Message-ID: <20180213170928.3FFF8FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0435-1 Rating: low References: #1050521 #1053374 #1060469 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for saptune provides the following fixes: - Support customer entries in /etc/security/limits.conf containing values like 'unlimited' (bsc#1060469) - change error handling and redirect error messages to stderr instead of stdout (bsc#1050521) - Fix a typo in package description (bsc#1053374) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2018-300=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): saptune-1.1.4-3.7.1 saptune-debuginfo-1.1.4-3.7.1 saptune-debugsource-1.1.4-3.7.1 References: https://bugzilla.suse.com/1050521 https://bugzilla.suse.com/1053374 https://bugzilla.suse.com/1060469 From sle-updates at lists.suse.com Tue Feb 13 10:10:18 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Feb 2018 18:10:18 +0100 (CET) Subject: SUSE-SU-2018:0436-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) Message-ID: <20180213171018.1E74FFCE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0436-1 Rating: important References: #1073230 Cross-References: CVE-2017-17712 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.103-6_38 fixes one issue. The following security issue was fixed: - CVE-2017-17712: The raw_sendmsg() function had a race condition that lead to uninitialized stack pointer usage. This allowed a local user to execute code and gain privileges (bsc#1073230). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-299=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_38-default-2-2.1 kgraft-patch-4_4_103-6_38-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-17712.html https://bugzilla.suse.com/1073230 From sle-updates at lists.suse.com Tue Feb 13 13:08:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Feb 2018 21:08:31 +0100 (CET) Subject: SUSE-SU-2018:0437-1: important: Security update for the Linux Kernel Message-ID: <20180213200831.920EBFD05@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0437-1 Rating: important References: #1012382 #1047626 #1068032 #1070623 #1073311 #1073792 #1073874 #1075091 #1075908 #1075994 #1076017 #1076110 #1076154 #1076278 #1077355 #1077560 #1077922 #893777 #893949 #902893 #951638 Cross-References: CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922) - CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355) - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311) - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908) - CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017) - CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874) - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792) The following non-security bugs were fixed: - bcache allocator: send discards with correct size (bsc#1047626). - bcache.txt: standardize document format (bsc#1076110). - bcache: Abstract out stuff needed for sorting (bsc#1076110). - bcache: Add a cond_resched() call to gc (bsc#1076110). - bcache: Add a real GC_MARK_RECLAIMABLE (bsc#1076110). - bcache: Add bch_bkey_equal_header() (bsc#1076110). - bcache: Add bch_btree_keys_u64s_remaining() (bsc#1076110). - bcache: Add bch_keylist_init_single() (bsc#1047626). - bcache: Add btree_insert_node() (bnc#951638). - bcache: Add btree_map() functions (bsc#1047626). - bcache: Add btree_node_write_sync() (bsc#1076110). - bcache: Add explicit keylist arg to btree_insert() (bnc#951638). - bcache: Add make_btree_freeing_key() (bsc#1076110). - bcache: Add on error panic/unregister setting (bsc#1047626). - bcache: Add struct bset_sort_state (bsc#1076110). - bcache: Add struct btree_keys (bsc#1076110). - bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110). - bcache: Avoid deadlocking in garbage collection (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: Better alloc tracepoints (bsc#1076110). - bcache: Better full stripe scanning (bsc#1076110). - bcache: Bkey indexing renaming (bsc#1076110). - bcache: Break up struct search (bsc#1076110). - bcache: Btree verify code improvements (bsc#1076110). - bcache: Bypass torture test (bsc#1076110). - bcache: Change refill_dirty() to always scan entire disk if necessary (bsc#1076110). - bcache: Clean up cache_lookup_fn (bsc#1076110). - bcache: Clean up keylist code (bnc#951638). - bcache: Convert bch_btree_insert() to bch_btree_map_leaf_nodes() (bsc#1076110). - bcache: Convert bch_btree_read_async() to bch_btree_map_keys() (bsc#1076110). - bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638). - bcache: Convert btree_iter to struct btree_keys (bsc#1076110). - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638). - bcache: Convert debug code to btree_keys (bsc#1076110). - bcache: Convert gc to a kthread (bsc#1047626). - bcache: Convert sorting to btree_keys (bsc#1076110). - bcache: Convert try_wait to wait_queue_head_t (bnc#951638). - bcache: Convert writeback to a kthread (bsc#1076110). - bcache: Correct return value for sysfs attach errors (bsc#1076110). - bcache: Debug code improvements (bsc#1076110). - bcache: Delete some slower inline asm (bsc#1047626). - bcache: Do bkey_put() in btree_split() error path (bsc#1076110). - bcache: Do not bother with bucket refcount for btree node allocations (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: Do not return -EINTR when insert finished (bsc#1076110). - bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110). - bcache: Do not use op->insert_collision (bsc#1076110). - bcache: Drop some closure stuff (bsc#1076110). - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626). - bcache: Explicitly track btree node's parent (bnc#951638). - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626). - bcache: Fix a bug when detaching (bsc#951638). - bcache: Fix a journal replay bug (bsc#1076110). - bcache: Fix a journalling performance bug (bnc#893777). - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626). - bcache: Fix a lockdep splat (bnc#893777). - bcache: Fix a lockdep splat in an error path (bnc#951638). - bcache: Fix a null ptr deref in journal replay (bsc#1047626). - bcache: Fix a race when freeing btree nodes (bsc#1076110). - bcache: Fix a shutdown bug (bsc#951638). - bcache: Fix an infinite loop in journal replay (bsc#1047626). - bcache: Fix another bug recovering from unclean shutdown (bsc#1076110). - bcache: Fix another compiler warning on m68k (bsc#1076110). - bcache: Fix auxiliary search trees for key size > cacheline size (bsc#1076110). - bcache: Fix bch_ptr_bad() (bsc#1047626). - bcache: Fix building error on MIPS (bsc#1076110). - bcache: Fix dirty_data accounting (bsc#1076110). - bcache: Fix discard granularity (bsc#1047626). - bcache: Fix flash_dev_cache_miss() for real this time (bsc#1076110). - bcache: Fix for can_attach_cache() (bsc#1047626). - bcache: Fix heap_peek() macro (bsc#1047626). - bcache: Fix leak of bdev reference (bsc#1076110). - bcache: Fix more early shutdown bugs (bsc#951638). - bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110). - bcache: Fix moving_pred() (bsc#1047626). - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - bcache: Fix to remove the rcu_sched stalls (bsc#1047626). - bcache: Have btree_split() insert into parent directly (bsc#1076110). - bcache: Improve bucket_prio() calculation (bsc#1047626). - bcache: Improve priority_stats (bsc#1047626). - bcache: Incremental gc (bsc#1076110). - bcache: Insert multiple keys at a time (bnc#951638). - bcache: Kill bch_next_recurse_key() (bsc#1076110). - bcache: Kill btree_io_wq (bsc#1076110). - bcache: Kill bucket->gc_gen (bsc#1076110). - bcache: Kill dead cgroup code (bsc#1076110). - bcache: Kill op->cl (bsc#1076110). - bcache: Kill op->replace (bsc#1076110). - bcache: Kill sequential_merge option (bsc#1076110). - bcache: Kill unaligned bvec hack (bsc#1076110). - bcache: Kill unused freelist (bsc#1076110). - bcache: Make bch_keylist_realloc() take u64s, not nptrs (bsc#1076110). - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1076110). - bcache: Minor btree cache fix (bsc#1047626). - bcache: Minor fixes from kbuild robot (bsc#1076110). - bcache: Move insert_fixup() to btree_keys_ops (bsc#1076110). - bcache: Move keylist out of btree_op (bsc#1047626). - bcache: Move sector allocator to alloc.c (bsc#1076110). - bcache: Move some stuff to btree.c (bsc#1076110). - bcache: Move spinlock into struct time_stats (bsc#1076110). - bcache: New writeback PD controller (bsc#1047626). - bcache: PRECEDING_KEY() (bsc#1047626). - bcache: Performance fix for when journal entry is full (bsc#1047626). - bcache: Prune struct btree_op (bsc#1076110). - bcache: Pull on disk data structures out into a separate header (bsc#1076110). - bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power of two (bsc#1076110). - bcache: Really show state of work pending bit (bsc#1076110). - bcache: Refactor bset_tree sysfs stats (bsc#1076110). - bcache: Refactor journalling flow control (bnc#951638). - bcache: Refactor read request code a bit (bsc#1076110). - bcache: Refactor request_write() (bnc#951638). - bcache: Remove deprecated create_workqueue (bsc#1076110). - bcache: Remove redundant block_size assignment (bsc#1047626). - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: Remove unnecessary check in should_split() (bsc#1076110). - bcache: Remove/fix some header dependencies (bsc#1047626). - bcache: Rename/shuffle various code around (bsc#1076110). - bcache: Rework allocator reserves (bsc#1076110). - bcache: Rework btree cache reserve handling (bsc#1076110). - bcache: Split out sort_extent_cmp() (bsc#1076110). - bcache: Stripe size isn't necessarily a power of two (bnc#893949). - bcache: Trivial error handling fix (bsc#1047626). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: Use a mempool for mergesort temporary space (bsc#1076110). - bcache: Use blkdev_issue_discard() (bnc#951638). - bcache: Use ida for bcache block dev minor (bsc#1047626). - bcache: Use uninterruptible sleep in writeback (bsc#1076110). - bcache: Zero less memory (bsc#1076110). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: add mutex lock for bch_is_open (bnc#902893). - bcache: allows use of register in udev to avoid "device_busy" error (bsc#1047626). - bcache: bcache_write tracepoint was crashing (bsc#1076110). - bcache: bch_(btree|extent)_ptr_invalid() (bsc#1076110). - bcache: bch_allocator_thread() is not freezable (bsc#1047626). - bcache: bch_gc_thread() is not freezable (bsc#1047626). - bcache: bch_writeback_thread() is not freezable (bsc#1076110). - bcache: btree locking rework (bsc#1076110). - bcache: bugfix - gc thread now gets woken when cache is full (bsc#1047626). - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626). - bcache: bugfix for race between moving_gc and bucket_invalidate (bsc#1076110). - bcache: check ca->alloc_thread initialized before wake up it (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: cleaned up error handling around register_cache() (bsc#1047626). - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device (bsc#1047626). - bcache: correct cache_dirty_target in __update_writeback_rate() (bsc#1076110). - bcache: defensively handle format strings (bsc#1047626). - bcache: do not embed 'return' statements in closure macros (bsc#1076110). - bcache: do not subtract sectors_to_gc for bypassed IO (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bsc#1076110). - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED (bsc#1047626). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: fix a livelock when we cause a huge number of cache misses (bsc#1047626). - bcache: fix bch_hprint crash and improve output (bsc#1076110). - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint (bsc#1047626). - bcache: fix crash on shutdown in passthrough mode (bsc#1076110). - bcache: fix for gc and write-back race (bsc#1076110). - bcache: fix for gc and writeback race (bsc#1047626). - bcache: fix for gc crashing when no sectors are used (bsc#1047626). - bcache: fix lockdep warnings on shutdown (bsc#1047626). - bcache: fix race of writeback thread starting before complete initialization (bsc#1076110). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix sparse non static symbol warning (bsc#1076110). - bcache: fix typo in bch_bkey_equal_header (bsc#1076110). - bcache: fix uninterruptible sleep in writeback thread (bsc#1076110). - bcache: fix use-after-free in btree_gc_coalesce() (bsc#1076110). - bcache: fix wrong cache_misses statistics (bsc#1076110). - bcache: gc does not work when triggering by manual command (bsc#1076110). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: initialize dirty stripes in flash_dev_run() (bsc#1076110). - bcache: kill closure locking code (bsc#1076110). - bcache: kill closure locking usage (bnc#951638). - bcache: kill index() (bsc#1047626). - bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bsc#1076110). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110). - bcache: pr_err: more meaningful error message when nr_stripes is invalid (bsc#1076110). - bcache: prevent crash on changing writeback_running (bsc#1076110). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bsc#1076110). - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails (bsc#1047626). - bcache: remove nested function usage (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626). - bcache: try to set b->parent properly (bsc#1076110). - bcache: update bch_bkey_try_merge (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: update document info (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use kvfree() in various places (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: wait for buckets when allocating new btree root (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - fork: clear thread stack upon allocation (bsc#1077560). - gcov: disable for COMPILE_TEST (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076154). - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278). - md: more open-coded offset_in_page() (bsc#1076110). - nfsd: do not share group_info among threads (bsc at 1070623). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-301=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-301=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.119.1 kernel-default-base-3.12.61-52.119.1 kernel-default-base-debuginfo-3.12.61-52.119.1 kernel-default-debuginfo-3.12.61-52.119.1 kernel-default-debugsource-3.12.61-52.119.1 kernel-default-devel-3.12.61-52.119.1 kernel-syms-3.12.61-52.119.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.119.1 kernel-macros-3.12.61-52.119.1 kernel-source-3.12.61-52.119.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.119.1 kernel-xen-base-3.12.61-52.119.1 kernel-xen-base-debuginfo-3.12.61-52.119.1 kernel-xen-debuginfo-3.12.61-52.119.1 kernel-xen-debugsource-3.12.61-52.119.1 kernel-xen-devel-3.12.61-52.119.1 kgraft-patch-3_12_61-52_119-default-1-1.7.1 kgraft-patch-3_12_61-52_119-xen-1-1.7.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.119.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.119.1 kernel-ec2-debuginfo-3.12.61-52.119.1 kernel-ec2-debugsource-3.12.61-52.119.1 kernel-ec2-devel-3.12.61-52.119.1 kernel-ec2-extra-3.12.61-52.119.1 kernel-ec2-extra-debuginfo-3.12.61-52.119.1 References: https://www.suse.com/security/cve/CVE-2015-1142857.html https://www.suse.com/security/cve/CVE-2017-13215.html https://www.suse.com/security/cve/CVE-2017-17741.html https://www.suse.com/security/cve/CVE-2017-17805.html https://www.suse.com/security/cve/CVE-2017-17806.html https://www.suse.com/security/cve/CVE-2017-18079.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1047626 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1070623 https://bugzilla.suse.com/1073311 https://bugzilla.suse.com/1073792 https://bugzilla.suse.com/1073874 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075908 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1076154 https://bugzilla.suse.com/1076278 https://bugzilla.suse.com/1077355 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1077922 https://bugzilla.suse.com/893777 https://bugzilla.suse.com/893949 https://bugzilla.suse.com/902893 https://bugzilla.suse.com/951638 From sle-updates at lists.suse.com Wed Feb 14 07:07:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Feb 2018 15:07:42 +0100 (CET) Subject: SUSE-SU-2018:0438-1: important: Security update for xen Message-ID: <20180214140742.D7559FD15@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0438-1 Rating: important References: #1027519 #1035442 #1051729 #1061081 #1067317 #1068032 #1070158 #1070159 #1070160 #1070163 #1074562 #1076116 #1076180 Cross-References: CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-5683 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 10 vulnerabilities and has three fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka "Spectre" and "Meltdown" attacks (bsc#1074562, bsc#1068032) - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). These non-security issues were fixed: - bsc#1067317: pass cache=writeback|unsafe|directsync to qemu depending on the libxl disk settings - bsc#1051729: Prevent invalid symlinks after install of SLES 12 SP2 - bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many domUs shutdown in parallel the backends couldn't keep up - bsc#1027519: Added several upstream patches Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-302=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-302=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-302=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-302=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.1_08-3.26.1 xen-devel-4.9.1_08-3.26.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.1_08-3.26.1 xen-debugsource-4.9.1_08-3.26.1 xen-doc-html-4.9.1_08-3.26.1 xen-libs-32bit-4.9.1_08-3.26.1 xen-libs-4.9.1_08-3.26.1 xen-libs-debuginfo-32bit-4.9.1_08-3.26.1 xen-libs-debuginfo-4.9.1_08-3.26.1 xen-tools-4.9.1_08-3.26.1 xen-tools-debuginfo-4.9.1_08-3.26.1 xen-tools-domU-4.9.1_08-3.26.1 xen-tools-domU-debuginfo-4.9.1_08-3.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.1_08-3.26.1 xen-debugsource-4.9.1_08-3.26.1 xen-libs-32bit-4.9.1_08-3.26.1 xen-libs-4.9.1_08-3.26.1 xen-libs-debuginfo-32bit-4.9.1_08-3.26.1 xen-libs-debuginfo-4.9.1_08-3.26.1 - SUSE CaaS Platform ALL (x86_64): xen-debugsource-4.9.1_08-3.26.1 xen-libs-4.9.1_08-3.26.1 xen-libs-debuginfo-4.9.1_08-3.26.1 xen-tools-domU-4.9.1_08-3.26.1 xen-tools-domU-debuginfo-4.9.1_08-3.26.1 References: https://www.suse.com/security/cve/CVE-2017-15595.html https://www.suse.com/security/cve/CVE-2017-17563.html https://www.suse.com/security/cve/CVE-2017-17564.html https://www.suse.com/security/cve/CVE-2017-17565.html https://www.suse.com/security/cve/CVE-2017-17566.html https://www.suse.com/security/cve/CVE-2017-18030.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-5683.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1035442 https://bugzilla.suse.com/1051729 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1067317 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1070158 https://bugzilla.suse.com/1070159 https://bugzilla.suse.com/1070160 https://bugzilla.suse.com/1070163 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1076116 https://bugzilla.suse.com/1076180 From sle-updates at lists.suse.com Wed Feb 14 10:08:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Feb 2018 18:08:07 +0100 (CET) Subject: SUSE-RU-2018:0439-1: Recommended update for hawk2 Message-ID: <20180214170807.680B3FCB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0439-1 Rating: low References: #1054027 #1074856 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hawk2 provides the following fixes: - High: Support guest nodes (bsc#1074856) - Show descriptions in cluster config (bsc#1054027) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-303=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): hawk2-2.1.0+git.1516013868.bada8da4-2.8.1 hawk2-debuginfo-2.1.0+git.1516013868.bada8da4-2.8.1 hawk2-debugsource-2.1.0+git.1516013868.bada8da4-2.8.1 References: https://bugzilla.suse.com/1054027 https://bugzilla.suse.com/1074856 From sle-updates at lists.suse.com Wed Feb 14 10:10:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Feb 2018 18:10:19 +0100 (CET) Subject: SUSE-SU-2018:0443-1: important: Security update for libreoffice Message-ID: <20180214171019.B4C64FCC0@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0443-1 Rating: important References: #1080249 Cross-References: CVE-2018-6871 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libreoffice fixes the following issues: LibreOffice was updated to 5.4.5.1: - CVE-2018-6871: Fixes data exposure when using WEBSERVICE (bsc#1080249) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-305=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-305=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-305=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libreoffice-icon-theme-galaxy-5.4.5.1-43.19.1 libreoffice-icon-theme-tango-5.4.5.1-43.19.1 libreoffice-l10n-af-5.4.5.1-43.19.1 libreoffice-l10n-ar-5.4.5.1-43.19.1 libreoffice-l10n-bg-5.4.5.1-43.19.1 libreoffice-l10n-ca-5.4.5.1-43.19.1 libreoffice-l10n-cs-5.4.5.1-43.19.1 libreoffice-l10n-da-5.4.5.1-43.19.1 libreoffice-l10n-de-5.4.5.1-43.19.1 libreoffice-l10n-en-5.4.5.1-43.19.1 libreoffice-l10n-es-5.4.5.1-43.19.1 libreoffice-l10n-fi-5.4.5.1-43.19.1 libreoffice-l10n-fr-5.4.5.1-43.19.1 libreoffice-l10n-gu-5.4.5.1-43.19.1 libreoffice-l10n-hi-5.4.5.1-43.19.1 libreoffice-l10n-hr-5.4.5.1-43.19.1 libreoffice-l10n-hu-5.4.5.1-43.19.1 libreoffice-l10n-it-5.4.5.1-43.19.1 libreoffice-l10n-ja-5.4.5.1-43.19.1 libreoffice-l10n-ko-5.4.5.1-43.19.1 libreoffice-l10n-lt-5.4.5.1-43.19.1 libreoffice-l10n-nb-5.4.5.1-43.19.1 libreoffice-l10n-nl-5.4.5.1-43.19.1 libreoffice-l10n-nn-5.4.5.1-43.19.1 libreoffice-l10n-pl-5.4.5.1-43.19.1 libreoffice-l10n-pt_BR-5.4.5.1-43.19.1 libreoffice-l10n-pt_PT-5.4.5.1-43.19.1 libreoffice-l10n-ro-5.4.5.1-43.19.1 libreoffice-l10n-ru-5.4.5.1-43.19.1 libreoffice-l10n-sk-5.4.5.1-43.19.1 libreoffice-l10n-sv-5.4.5.1-43.19.1 libreoffice-l10n-uk-5.4.5.1-43.19.1 libreoffice-l10n-xh-5.4.5.1-43.19.1 libreoffice-l10n-zh_CN-5.4.5.1-43.19.1 libreoffice-l10n-zh_TW-5.4.5.1-43.19.1 libreoffice-l10n-zu-5.4.5.1-43.19.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libreoffice-5.4.5.1-43.19.1 libreoffice-base-5.4.5.1-43.19.1 libreoffice-base-debuginfo-5.4.5.1-43.19.1 libreoffice-base-drivers-mysql-5.4.5.1-43.19.1 libreoffice-base-drivers-mysql-debuginfo-5.4.5.1-43.19.1 libreoffice-base-drivers-postgresql-5.4.5.1-43.19.1 libreoffice-base-drivers-postgresql-debuginfo-5.4.5.1-43.19.1 libreoffice-calc-5.4.5.1-43.19.1 libreoffice-calc-debuginfo-5.4.5.1-43.19.1 libreoffice-calc-extensions-5.4.5.1-43.19.1 libreoffice-debuginfo-5.4.5.1-43.19.1 libreoffice-debugsource-5.4.5.1-43.19.1 libreoffice-draw-5.4.5.1-43.19.1 libreoffice-draw-debuginfo-5.4.5.1-43.19.1 libreoffice-filters-optional-5.4.5.1-43.19.1 libreoffice-gnome-5.4.5.1-43.19.1 libreoffice-gnome-debuginfo-5.4.5.1-43.19.1 libreoffice-impress-5.4.5.1-43.19.1 libreoffice-impress-debuginfo-5.4.5.1-43.19.1 libreoffice-mailmerge-5.4.5.1-43.19.1 libreoffice-math-5.4.5.1-43.19.1 libreoffice-math-debuginfo-5.4.5.1-43.19.1 libreoffice-officebean-5.4.5.1-43.19.1 libreoffice-officebean-debuginfo-5.4.5.1-43.19.1 libreoffice-pyuno-5.4.5.1-43.19.1 libreoffice-pyuno-debuginfo-5.4.5.1-43.19.1 libreoffice-writer-5.4.5.1-43.19.1 libreoffice-writer-debuginfo-5.4.5.1-43.19.1 libreoffice-writer-extensions-5.4.5.1-43.19.1 libreofficekit-5.4.5.1-43.19.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): libreoffice-debuginfo-5.4.5.1-43.19.1 libreoffice-debugsource-5.4.5.1-43.19.1 libreoffice-sdk-5.4.5.1-43.19.1 libreoffice-sdk-debuginfo-5.4.5.1-43.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libreoffice-icon-theme-galaxy-5.4.5.1-43.19.1 libreoffice-icon-theme-tango-5.4.5.1-43.19.1 libreoffice-l10n-af-5.4.5.1-43.19.1 libreoffice-l10n-ar-5.4.5.1-43.19.1 libreoffice-l10n-ca-5.4.5.1-43.19.1 libreoffice-l10n-cs-5.4.5.1-43.19.1 libreoffice-l10n-da-5.4.5.1-43.19.1 libreoffice-l10n-de-5.4.5.1-43.19.1 libreoffice-l10n-en-5.4.5.1-43.19.1 libreoffice-l10n-es-5.4.5.1-43.19.1 libreoffice-l10n-fi-5.4.5.1-43.19.1 libreoffice-l10n-fr-5.4.5.1-43.19.1 libreoffice-l10n-gu-5.4.5.1-43.19.1 libreoffice-l10n-hi-5.4.5.1-43.19.1 libreoffice-l10n-hu-5.4.5.1-43.19.1 libreoffice-l10n-it-5.4.5.1-43.19.1 libreoffice-l10n-ja-5.4.5.1-43.19.1 libreoffice-l10n-ko-5.4.5.1-43.19.1 libreoffice-l10n-nb-5.4.5.1-43.19.1 libreoffice-l10n-nl-5.4.5.1-43.19.1 libreoffice-l10n-nn-5.4.5.1-43.19.1 libreoffice-l10n-pl-5.4.5.1-43.19.1 libreoffice-l10n-pt_BR-5.4.5.1-43.19.1 libreoffice-l10n-pt_PT-5.4.5.1-43.19.1 libreoffice-l10n-ro-5.4.5.1-43.19.1 libreoffice-l10n-ru-5.4.5.1-43.19.1 libreoffice-l10n-sk-5.4.5.1-43.19.1 libreoffice-l10n-sv-5.4.5.1-43.19.1 libreoffice-l10n-xh-5.4.5.1-43.19.1 libreoffice-l10n-zh_CN-5.4.5.1-43.19.1 libreoffice-l10n-zh_TW-5.4.5.1-43.19.1 libreoffice-l10n-zu-5.4.5.1-43.19.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libreoffice-5.4.5.1-43.19.1 libreoffice-base-5.4.5.1-43.19.1 libreoffice-base-debuginfo-5.4.5.1-43.19.1 libreoffice-base-drivers-mysql-5.4.5.1-43.19.1 libreoffice-base-drivers-mysql-debuginfo-5.4.5.1-43.19.1 libreoffice-base-drivers-postgresql-5.4.5.1-43.19.1 libreoffice-base-drivers-postgresql-debuginfo-5.4.5.1-43.19.1 libreoffice-calc-5.4.5.1-43.19.1 libreoffice-calc-debuginfo-5.4.5.1-43.19.1 libreoffice-calc-extensions-5.4.5.1-43.19.1 libreoffice-debuginfo-5.4.5.1-43.19.1 libreoffice-debugsource-5.4.5.1-43.19.1 libreoffice-draw-5.4.5.1-43.19.1 libreoffice-draw-debuginfo-5.4.5.1-43.19.1 libreoffice-filters-optional-5.4.5.1-43.19.1 libreoffice-gnome-5.4.5.1-43.19.1 libreoffice-gnome-debuginfo-5.4.5.1-43.19.1 libreoffice-impress-5.4.5.1-43.19.1 libreoffice-impress-debuginfo-5.4.5.1-43.19.1 libreoffice-mailmerge-5.4.5.1-43.19.1 libreoffice-math-5.4.5.1-43.19.1 libreoffice-math-debuginfo-5.4.5.1-43.19.1 libreoffice-officebean-5.4.5.1-43.19.1 libreoffice-officebean-debuginfo-5.4.5.1-43.19.1 libreoffice-pyuno-5.4.5.1-43.19.1 libreoffice-pyuno-debuginfo-5.4.5.1-43.19.1 libreoffice-writer-5.4.5.1-43.19.1 libreoffice-writer-debuginfo-5.4.5.1-43.19.1 libreoffice-writer-extensions-5.4.5.1-43.19.1 libreofficekit-5.4.5.1-43.19.1 References: https://www.suse.com/security/cve/CVE-2018-6871.html https://bugzilla.suse.com/1080249 From sle-updates at lists.suse.com Wed Feb 14 13:09:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Feb 2018 21:09:22 +0100 (CET) Subject: SUSE-SU-2018:0444-1: moderate: Security update for dhcp Message-ID: <20180214200922.4F590FCB8@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0444-1 Rating: moderate References: #1023415 #1076119 Cross-References: CVE-2017-3144 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119) This non-security issue was fixed: - Enhance dhclient-script to handle static route updates. (bsc#1023415) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-dhcp-13465=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dhcp-13465=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dhcp-13465=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-devel-4.2.4.P2-0.28.5.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-4.2.4.P2-0.28.5.3 dhcp-client-4.2.4.P2-0.28.5.3 dhcp-relay-4.2.4.P2-0.28.5.3 dhcp-server-4.2.4.P2-0.28.5.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-debuginfo-4.2.4.P2-0.28.5.3 dhcp-debugsource-4.2.4.P2-0.28.5.3 References: https://www.suse.com/security/cve/CVE-2017-3144.html https://bugzilla.suse.com/1023415 https://bugzilla.suse.com/1076119 From sle-updates at lists.suse.com Wed Feb 14 13:10:17 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Feb 2018 21:10:17 +0100 (CET) Subject: SUSE-RU-2018:0445-1: Recommended update for sapconf Message-ID: <20180214201017.A67BDFCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0445-1 Rating: low References: #1057986 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapconf provides the following fix: - Fix a variable assignment that was preventing the pagecache_limit_mb from being calculated correctly. (bsc#1057986) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-307=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-307=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-307=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): sapconf-4.1.11-18.17.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): sapconf-4.1.11-18.17.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): sapconf-4.1.11-18.17.2 References: https://bugzilla.suse.com/1057986 From sle-updates at lists.suse.com Thu Feb 15 10:09:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Feb 2018 18:09:39 +0100 (CET) Subject: SUSE-RU-2018:0450-1: moderate: Recommended update for gcc43 Message-ID: <20180215170939.1EB64FD15@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc43 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0450-1 Rating: moderate References: #1074621 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc43 fixes the following issues: - Fixed a bug in the indirect retpoline thunk generations. (bsc#1074621) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gcc43-13469=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gcc43-13469=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gcc43-13469=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): cpp43-4.3.4_20091019-37.6.1 gcc43-fortran-4.3.4_20091019-37.6.1 gcc43-obj-c++-4.3.4_20091019-37.6.1 gcc43-objc-4.3.4_20091019-37.6.1 libobjc43-4.3.4_20091019-37.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): gcc43-fortran-32bit-4.3.4_20091019-37.6.1 gcc43-objc-32bit-4.3.4_20091019-37.6.1 libobjc43-32bit-4.3.4_20091019-37.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 x86_64): gcc43-ada-4.3.4_20091019-37.6.1 libada43-4.3.4_20091019-37.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): cpp43-4.3.4_20091019-37.6.1 gcc43-4.3.4_20091019-37.6.1 gcc43-c++-4.3.4_20091019-37.6.1 gcc43-info-4.3.4_20091019-37.6.1 gcc43-locale-4.3.4_20091019-37.6.1 libstdc++43-devel-4.3.4_20091019-37.6.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gcc43-32bit-4.3.4_20091019-37.6.1 libstdc++43-devel-32bit-4.3.4_20091019-37.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gcc43-debuginfo-4.3.4_20091019-37.6.1 gcc43-debugsource-4.3.4_20091019-37.6.1 References: https://bugzilla.suse.com/1074621 From sle-updates at lists.suse.com Thu Feb 15 10:10:28 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Feb 2018 18:10:28 +0100 (CET) Subject: SUSE-SU-2018:0451-1: important: Security update for glibc Message-ID: <20180215171028.138ABFD26@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0451-1 Rating: important References: #1037930 #1051791 #1073990 #1074293 #1079036 Cross-References: CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293) Non security bugs fixed: - Release read lock after resetting timeout (bsc#1073990) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-314=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-314=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-314=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-314=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-314=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-314=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-314=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-314=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-314=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-62.6.2 glibc-debugsource-2.22-62.6.2 glibc-devel-static-2.22-62.6.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): glibc-info-2.22-62.6.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-62.6.2 glibc-debugsource-2.22-62.6.2 glibc-devel-static-2.22-62.6.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): glibc-info-2.22-62.6.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): glibc-2.22-62.6.2 glibc-debuginfo-2.22-62.6.2 glibc-debugsource-2.22-62.6.2 glibc-devel-2.22-62.6.2 glibc-devel-debuginfo-2.22-62.6.2 glibc-locale-2.22-62.6.2 glibc-locale-debuginfo-2.22-62.6.2 glibc-profile-2.22-62.6.2 nscd-2.22-62.6.2 nscd-debuginfo-2.22-62.6.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): glibc-html-2.22-62.6.2 glibc-i18ndata-2.22-62.6.2 glibc-info-2.22-62.6.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.22-62.6.2 glibc-debuginfo-2.22-62.6.2 glibc-debugsource-2.22-62.6.2 glibc-devel-2.22-62.6.2 glibc-devel-debuginfo-2.22-62.6.2 glibc-locale-2.22-62.6.2 glibc-locale-debuginfo-2.22-62.6.2 glibc-profile-2.22-62.6.2 nscd-2.22-62.6.2 nscd-debuginfo-2.22-62.6.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): glibc-32bit-2.22-62.6.2 glibc-debuginfo-32bit-2.22-62.6.2 glibc-devel-32bit-2.22-62.6.2 glibc-devel-debuginfo-32bit-2.22-62.6.2 glibc-locale-32bit-2.22-62.6.2 glibc-locale-debuginfo-32bit-2.22-62.6.2 glibc-profile-32bit-2.22-62.6.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): glibc-html-2.22-62.6.2 glibc-i18ndata-2.22-62.6.2 glibc-info-2.22-62.6.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): glibc-2.22-62.6.2 glibc-debuginfo-2.22-62.6.2 glibc-debugsource-2.22-62.6.2 glibc-devel-2.22-62.6.2 glibc-devel-debuginfo-2.22-62.6.2 glibc-locale-2.22-62.6.2 glibc-locale-debuginfo-2.22-62.6.2 glibc-profile-2.22-62.6.2 nscd-2.22-62.6.2 nscd-debuginfo-2.22-62.6.2 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): glibc-32bit-2.22-62.6.2 glibc-debuginfo-32bit-2.22-62.6.2 glibc-devel-32bit-2.22-62.6.2 glibc-devel-debuginfo-32bit-2.22-62.6.2 glibc-locale-32bit-2.22-62.6.2 glibc-locale-debuginfo-32bit-2.22-62.6.2 glibc-profile-32bit-2.22-62.6.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): glibc-html-2.22-62.6.2 glibc-i18ndata-2.22-62.6.2 glibc-info-2.22-62.6.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): glibc-2.22-62.6.2 glibc-32bit-2.22-62.6.2 glibc-debuginfo-2.22-62.6.2 glibc-debuginfo-32bit-2.22-62.6.2 glibc-debugsource-2.22-62.6.2 glibc-devel-2.22-62.6.2 glibc-devel-32bit-2.22-62.6.2 glibc-devel-debuginfo-2.22-62.6.2 glibc-devel-debuginfo-32bit-2.22-62.6.2 glibc-locale-2.22-62.6.2 glibc-locale-32bit-2.22-62.6.2 glibc-locale-debuginfo-2.22-62.6.2 glibc-locale-debuginfo-32bit-2.22-62.6.2 nscd-2.22-62.6.2 nscd-debuginfo-2.22-62.6.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): glibc-i18ndata-2.22-62.6.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): glibc-i18ndata-2.22-62.6.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): glibc-2.22-62.6.2 glibc-32bit-2.22-62.6.2 glibc-debuginfo-2.22-62.6.2 glibc-debuginfo-32bit-2.22-62.6.2 glibc-debugsource-2.22-62.6.2 glibc-devel-2.22-62.6.2 glibc-devel-32bit-2.22-62.6.2 glibc-devel-debuginfo-2.22-62.6.2 glibc-devel-debuginfo-32bit-2.22-62.6.2 glibc-locale-2.22-62.6.2 glibc-locale-32bit-2.22-62.6.2 glibc-locale-debuginfo-2.22-62.6.2 glibc-locale-debuginfo-32bit-2.22-62.6.2 nscd-2.22-62.6.2 nscd-debuginfo-2.22-62.6.2 - SUSE CaaS Platform ALL (x86_64): glibc-2.22-62.6.2 glibc-debuginfo-2.22-62.6.2 glibc-debugsource-2.22-62.6.2 glibc-locale-2.22-62.6.2 glibc-locale-debuginfo-2.22-62.6.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glibc-2.22-62.6.2 glibc-debuginfo-2.22-62.6.2 glibc-debugsource-2.22-62.6.2 glibc-locale-2.22-62.6.2 glibc-locale-debuginfo-2.22-62.6.2 References: https://www.suse.com/security/cve/CVE-2017-12132.html https://www.suse.com/security/cve/CVE-2017-8804.html https://www.suse.com/security/cve/CVE-2018-1000001.html https://www.suse.com/security/cve/CVE-2018-6485.html https://www.suse.com/security/cve/CVE-2018-6551.html https://bugzilla.suse.com/1037930 https://bugzilla.suse.com/1051791 https://bugzilla.suse.com/1073990 https://bugzilla.suse.com/1074293 https://bugzilla.suse.com/1079036 From sle-updates at lists.suse.com Thu Feb 15 10:12:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Feb 2018 18:12:06 +0100 (CET) Subject: SUSE-RU-2018:0452-1: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20180215171206.2878DFD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0452-1 Rating: low References: #1020320 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching adds the life cycle data for the following Kernel Live Patches: - 3_12_61-52_111, 3_12_74-60_64_69, 4_4_103-6_38, 4_4_103-92_56, 4_4_114-94_11. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-312=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2018-312=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.18.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.18.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Thu Feb 15 22:08:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Feb 2018 06:08:43 +0100 (CET) Subject: SUSE-SU-2018:0455-1: important: Security update for quagga Message-ID: <20180216050843.A9FA8FD2B@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0455-1 Rating: important References: #1021669 #1065641 #1079798 #1079799 #1079800 #1079801 Cross-References: CVE-2017-16227 CVE-2017-5495 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for quagga fixes the following security issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon did not check whether data sent to peers via NOTIFY had an invalid attribute length. It was possible to exploit this issue and cause the bgpd process to leak sensitive information over the network to a configured peer. [CVE-2018-5378, bsc#1079798] - The Quagga BGP daemon used to double-free memory when processing certain forms of UPDATE messages. This issue could be exploited by sending an optional/transitive UPDATE attribute that all conforming eBGP speakers should pass along. Consequently, a single UPDATE message could have affected many bgpd processes across a wide area of a network. Through this vulnerability, attackers could potentially have taken over control of affected bgpd processes remotely. [CVE-2018-5379, bsc#1079799] - It was possible to overrun internal BGP code-to-string conversion tables in the Quagga BGP daemon. Configured peers could have exploited this issue and cause bgpd to emit debug and warning messages into the logs that would contained arbitrary bytes. [CVE-2018-5380, bsc#1079800] - The Quagga BGP daemon could have entered an infinite loop if sent an invalid OPEN message by a configured peer. If this issue was exploited, then bgpd would cease to respond to any other events. BGP sessions would have been dropped and not be reestablished. The CLI interface would have been unresponsive. The bgpd daemon would have stayed in this state until restarted. [CVE-2018-5381, bsc#1079801] - The Quagga daemon's telnet "vty" CLI contains an unbounded memory allocation bug that could be exploited for a denial-of-service attack on the daemon. This issue has been fixed. [CVE-2017-5495, bsc#1021669] - The telnet "vty" CLI of the Quagga daemon is no longer enabled by default, because the passwords in the default "zebra.conf" config file are now disabled. The vty interface is available via "vtysh" utility using pam authentication to permit management access for root without password. [bsc#1021669] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-315=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-315=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-315=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-315=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): quagga-0.99.22.1-16.4.1 quagga-debuginfo-0.99.22.1-16.4.1 quagga-debugsource-0.99.22.1-16.4.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): quagga-0.99.22.1-16.4.1 quagga-debuginfo-0.99.22.1-16.4.1 quagga-debugsource-0.99.22.1-16.4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): quagga-0.99.22.1-16.4.1 quagga-debuginfo-0.99.22.1-16.4.1 quagga-debugsource-0.99.22.1-16.4.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): quagga-0.99.22.1-16.4.1 quagga-debuginfo-0.99.22.1-16.4.1 quagga-debugsource-0.99.22.1-16.4.1 References: https://www.suse.com/security/cve/CVE-2017-16227.html https://www.suse.com/security/cve/CVE-2017-5495.html https://www.suse.com/security/cve/CVE-2018-5378.html https://www.suse.com/security/cve/CVE-2018-5379.html https://www.suse.com/security/cve/CVE-2018-5380.html https://www.suse.com/security/cve/CVE-2018-5381.html https://bugzilla.suse.com/1021669 https://bugzilla.suse.com/1065641 https://bugzilla.suse.com/1079798 https://bugzilla.suse.com/1079799 https://bugzilla.suse.com/1079800 https://bugzilla.suse.com/1079801 From sle-updates at lists.suse.com Thu Feb 15 22:10:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Feb 2018 06:10:07 +0100 (CET) Subject: SUSE-SU-2018:0456-1: important: Security update for quagga Message-ID: <20180216051007.A1B8DFD26@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0456-1 Rating: important References: #1065641 #1079798 #1079799 #1079800 #1079801 Cross-References: CVE-2017-16227 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for quagga fixes the security following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon did not check whether data sent to peers via NOTIFY had an invalid attribute length. It was possible to exploit this issue and cause the bgpd process to leak sensitive information over the network to a configured peer. [CVE-2018-5378, bsc#1079798] - The Quagga BGP daemon used to double-free memory when processing certain forms of UPDATE messages. This issue could be exploited by sending an optional/transitive UPDATE attribute that all conforming eBGP speakers should pass along. Consequently, a single UPDATE message could have affected many bgpd processes across a wide area of a network. Through this vulnerability, attackers could potentially have taken over control of affected bgpd processes remotely. [CVE-2018-5379, bsc#1079799] - It was possible to overrun internal BGP code-to-string conversion tables in the Quagga BGP daemon. Configured peers could have exploited this issue and cause bgpd to emit debug and warning messages into the logs that would contained arbitrary bytes. [CVE-2018-5380, bsc#1079800] - The Quagga BGP daemon could have entered an infinite loop if sent an invalid OPEN message by a configured peer. If this issue was exploited, then bgpd would cease to respond to any other events. BGP sessions would have been dropped and not be reestablished. The CLI interface would have been unresponsive. The bgpd daemon would have stayed in this state until restarted. [CVE-2018-5381, bsc#1079801] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-316=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-316=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-316=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-316=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-316=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): quagga-debuginfo-1.1.1-17.7.1 quagga-debugsource-1.1.1-17.7.1 quagga-devel-1.1.1-17.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): quagga-debuginfo-1.1.1-17.7.1 quagga-debugsource-1.1.1-17.7.1 quagga-devel-1.1.1-17.7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libfpm_pb0-1.1.1-17.7.1 libfpm_pb0-debuginfo-1.1.1-17.7.1 libospf0-1.1.1-17.7.1 libospf0-debuginfo-1.1.1-17.7.1 libospfapiclient0-1.1.1-17.7.1 libospfapiclient0-debuginfo-1.1.1-17.7.1 libquagga_pb0-1.1.1-17.7.1 libquagga_pb0-debuginfo-1.1.1-17.7.1 libzebra1-1.1.1-17.7.1 libzebra1-debuginfo-1.1.1-17.7.1 quagga-1.1.1-17.7.1 quagga-debuginfo-1.1.1-17.7.1 quagga-debugsource-1.1.1-17.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libfpm_pb0-1.1.1-17.7.1 libfpm_pb0-debuginfo-1.1.1-17.7.1 libospf0-1.1.1-17.7.1 libospf0-debuginfo-1.1.1-17.7.1 libospfapiclient0-1.1.1-17.7.1 libospfapiclient0-debuginfo-1.1.1-17.7.1 libquagga_pb0-1.1.1-17.7.1 libquagga_pb0-debuginfo-1.1.1-17.7.1 libzebra1-1.1.1-17.7.1 libzebra1-debuginfo-1.1.1-17.7.1 quagga-1.1.1-17.7.1 quagga-debuginfo-1.1.1-17.7.1 quagga-debugsource-1.1.1-17.7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libfpm_pb0-1.1.1-17.7.1 libfpm_pb0-debuginfo-1.1.1-17.7.1 libospf0-1.1.1-17.7.1 libospf0-debuginfo-1.1.1-17.7.1 libospfapiclient0-1.1.1-17.7.1 libospfapiclient0-debuginfo-1.1.1-17.7.1 libquagga_pb0-1.1.1-17.7.1 libquagga_pb0-debuginfo-1.1.1-17.7.1 libzebra1-1.1.1-17.7.1 libzebra1-debuginfo-1.1.1-17.7.1 quagga-1.1.1-17.7.1 quagga-debuginfo-1.1.1-17.7.1 quagga-debugsource-1.1.1-17.7.1 References: https://www.suse.com/security/cve/CVE-2017-16227.html https://www.suse.com/security/cve/CVE-2018-5378.html https://www.suse.com/security/cve/CVE-2018-5379.html https://www.suse.com/security/cve/CVE-2018-5380.html https://www.suse.com/security/cve/CVE-2018-5381.html https://bugzilla.suse.com/1065641 https://bugzilla.suse.com/1079798 https://bugzilla.suse.com/1079799 https://bugzilla.suse.com/1079800 https://bugzilla.suse.com/1079801 From sle-updates at lists.suse.com Fri Feb 16 01:08:11 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Feb 2018 09:08:11 +0100 (CET) Subject: SUSE-SU-2018:0457-1: important: Security update for quagga Message-ID: <20180216080811.6080BFD2B@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0457-1 Rating: important References: #1021669 #1065641 #1079798 #1079799 #1079800 #1079801 Cross-References: CVE-2017-16227 CVE-2017-5495 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for quagga fixes the following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon did not check whether data sent to peers via NOTIFY had an invalid attribute length. It was possible to exploit this issue and cause the bgpd process to leak sensitive information over the network to a configured peer. [CVE-2018-5378, bsc#1079798] - The Quagga BGP daemon used to double-free memory when processing certain forms of UPDATE messages. This issue could be exploited by sending an optional/transitive UPDATE attribute that all conforming eBGP speakers should pass along. Consequently, a single UPDATE message could have affected many bgpd processes across a wide area of a network. Through this vulnerability, attackers could potentially have taken over control of affected bgpd processes remotely. [CVE-2018-5379, bsc#1079799] - It was possible to overrun internal BGP code-to-string conversion tables in the Quagga BGP daemon. Configured peers could have exploited this issue and cause bgpd to emit debug and warning messages into the logs that would contained arbitrary bytes. [CVE-2018-5380, bsc#1079800] - The Quagga BGP daemon could have entered an infinite loop if sent an invalid OPEN message by a configured peer. If this issue was exploited, then bgpd would cease to respond to any other events. BGP sessions would have been dropped and not be reestablished. The CLI interface would have been unresponsive. The bgpd daemon would have stayed in this state until restarted. [CVE-2018-5381, bsc#1079801] - The Quagga daemon's telnet "vty" CLI contains an unbounded memory allocation bug that could be exploited for a denial-of-service attack on the daemon. This issue has been fixed. [CVE-2017-5495, bsc#1021669] - The telnet "vty" CLI of the Quagga daemon is no longer enabled by default, because the passwords in the default "zebra.conf" config file are now disabled. The vty interface is available via "vtysh" utility using pam authentication to permit management access for root without password. [bsc#1021669] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-quagga-13471=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-quagga-13471=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-quagga-13471=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-quagga-13471=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-quagga-13471=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-quagga-13471=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-devel-0.99.15-0.30.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): quagga-0.99.15-0.30.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-0.99.15-0.30.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): quagga-0.99.15-0.30.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): quagga-0.99.15-0.30.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-debuginfo-0.99.15-0.30.3.1 quagga-debugsource-0.99.15-0.30.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): quagga-debuginfo-0.99.15-0.30.3.1 quagga-debugsource-0.99.15-0.30.3.1 References: https://www.suse.com/security/cve/CVE-2017-16227.html https://www.suse.com/security/cve/CVE-2017-5495.html https://www.suse.com/security/cve/CVE-2018-5378.html https://www.suse.com/security/cve/CVE-2018-5379.html https://www.suse.com/security/cve/CVE-2018-5380.html https://www.suse.com/security/cve/CVE-2018-5381.html https://bugzilla.suse.com/1021669 https://bugzilla.suse.com/1065641 https://bugzilla.suse.com/1079798 https://bugzilla.suse.com/1079799 https://bugzilla.suse.com/1079800 https://bugzilla.suse.com/1079801 From sle-updates at lists.suse.com Fri Feb 16 07:07:26 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Feb 2018 15:07:26 +0100 (CET) Subject: SUSE-SU-2018:0462-1: moderate: Security update for freetype2 Message-ID: <20180216140726.DB891FD2B@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0462-1 Rating: moderate References: #1028103 #1035807 #1036457 Cross-References: CVE-2016-10244 CVE-2017-8105 CVE-2017-8287 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for freetype2 fixes the following issues: Security issue fixed: - CVE-2016-10244: The parse_charstrings function in type1/t1load.c did not ensure that a font contains a glyph name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file (bsc#1028103). - CVE-2017-8105: Fixed an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-freetype2-13472=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-freetype2-13472=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-freetype2-13472=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): freetype2-devel-2.3.7-25.45.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): freetype2-devel-32bit-2.3.7-25.45.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): freetype2-2.3.7-25.45.5.1 ft2demos-2.3.7-25.45.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): freetype2-32bit-2.3.7-25.45.5.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): freetype2-x86-2.3.7-25.45.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): freetype2-debuginfo-2.3.7-25.45.5.1 freetype2-debugsource-2.3.7-25.45.5.1 ft2demos-debuginfo-2.3.7-25.45.5.1 ft2demos-debugsource-2.3.7-25.45.5.1 References: https://www.suse.com/security/cve/CVE-2016-10244.html https://www.suse.com/security/cve/CVE-2017-8105.html https://www.suse.com/security/cve/CVE-2017-8287.html https://bugzilla.suse.com/1028103 https://bugzilla.suse.com/1035807 https://bugzilla.suse.com/1036457 From sle-updates at lists.suse.com Fri Feb 16 10:08:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Feb 2018 18:08:06 +0100 (CET) Subject: SUSE-RU-2018:0463-1: Recommended update for patterns-public-cloud Message-ID: <20180216170806.814A4FD15@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0463-1 Rating: low References: #1040606 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The installation patterns for the Google Cloud Platform have been updated to reflect packages that have been obsoleted or replaced by newer implementations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-320=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): patterns-public-cloud-Amazon-Web-Services-12-11.3.1 patterns-public-cloud-Amazon-Web-Services-Instance-Init-12-11.3.1 patterns-public-cloud-Amazon-Web-Services-Instance-Tools-12-11.3.1 patterns-public-cloud-Amazon-Web-Services-Tools-12-11.3.1 patterns-public-cloud-Google-Cloud-Platform-12-11.3.1 patterns-public-cloud-Google-Cloud-Platform-Instance-Init-12-11.3.1 patterns-public-cloud-Google-Cloud-Platform-Instance-Tools-12-11.3.1 patterns-public-cloud-Google-Cloud-Platform-Tools-12-11.3.1 patterns-public-cloud-Microsoft-Azure-12-11.3.1 patterns-public-cloud-Microsoft-Azure-Instance-Init-12-11.3.1 patterns-public-cloud-Microsoft-Azure-Instance-Tools-12-11.3.1 patterns-public-cloud-Microsoft-Azure-Tools-12-11.3.1 patterns-public-cloud-OpenStack-12-11.3.1 patterns-public-cloud-OpenStack-Instance-Init-12-11.3.1 patterns-public-cloud-OpenStack-Instance-Tools-12-11.3.1 patterns-public-cloud-OpenStack-Tools-12-11.3.1 References: https://bugzilla.suse.com/1040606 From sle-updates at lists.suse.com Fri Feb 16 10:08:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Feb 2018 18:08:42 +0100 (CET) Subject: SUSE-SU-2018:0464-1: important: Security update for p7zip Message-ID: <20180216170842.C2E4EFD26@maintenance.suse.de> SUSE Security Update: Security update for p7zip ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0464-1 Rating: important References: #1077724 #1077725 #1077978 #984650 Cross-References: CVE-2016-1372 CVE-2017-17969 CVE-2018-5996 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for p7zip fixes the following issues: Security issues fixed: - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650) - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725) - CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-319=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-319=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-319=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-319=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-319=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): p7zip-9.20.1-7.3.1 p7zip-debuginfo-9.20.1-7.3.1 p7zip-debugsource-9.20.1-7.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): p7zip-9.20.1-7.3.1 p7zip-debuginfo-9.20.1-7.3.1 p7zip-debugsource-9.20.1-7.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): p7zip-9.20.1-7.3.1 p7zip-debuginfo-9.20.1-7.3.1 p7zip-debugsource-9.20.1-7.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): p7zip-9.20.1-7.3.1 p7zip-debuginfo-9.20.1-7.3.1 p7zip-debugsource-9.20.1-7.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): p7zip-9.20.1-7.3.1 p7zip-debuginfo-9.20.1-7.3.1 p7zip-debugsource-9.20.1-7.3.1 References: https://www.suse.com/security/cve/CVE-2016-1372.html https://www.suse.com/security/cve/CVE-2017-17969.html https://www.suse.com/security/cve/CVE-2018-5996.html https://bugzilla.suse.com/1077724 https://bugzilla.suse.com/1077725 https://bugzilla.suse.com/1077978 https://bugzilla.suse.com/984650 From sle-updates at lists.suse.com Fri Feb 16 13:07:39 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Feb 2018 21:07:39 +0100 (CET) Subject: SUSE-SU-2018:0465-1: moderate: Security update for unzip Message-ID: <20180216200739.3DDB7FD15@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0465-1 Rating: moderate References: #1080074 Cross-References: CVE-2018-1000035 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for unzip fixes the following issues: - CVE-2018-1000035: Fixed a heap-based buffer overflow in password protected ZIP archives (bsc#1080074) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-unzip-13474=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): unzip-6.00-11.18.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000035.html https://bugzilla.suse.com/1080074 From sle-updates at lists.suse.com Fri Feb 16 13:08:06 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Feb 2018 21:08:06 +0100 (CET) Subject: SUSE-SU-2018:0466-1: moderate: Security update for dovecot22 Message-ID: <20180216200806.52AFEFD26@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0466-1 Rating: moderate References: #1075608 Cross-References: CVE-2017-15132 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot22 fixes one issue. This security issue was fixed: - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-321=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-321=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-321=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-321=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-321=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.5.1 dovecot22-debugsource-2.2.31-19.5.1 dovecot22-devel-2.2.31-19.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.5.1 dovecot22-debugsource-2.2.31-19.5.1 dovecot22-devel-2.2.31-19.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dovecot22-2.2.31-19.5.1 dovecot22-backend-mysql-2.2.31-19.5.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.5.1 dovecot22-backend-pgsql-2.2.31-19.5.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.5.1 dovecot22-backend-sqlite-2.2.31-19.5.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.5.1 dovecot22-debuginfo-2.2.31-19.5.1 dovecot22-debugsource-2.2.31-19.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.5.1 dovecot22-backend-mysql-2.2.31-19.5.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.5.1 dovecot22-backend-pgsql-2.2.31-19.5.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.5.1 dovecot22-backend-sqlite-2.2.31-19.5.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.5.1 dovecot22-debuginfo-2.2.31-19.5.1 dovecot22-debugsource-2.2.31-19.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.5.1 dovecot22-backend-mysql-2.2.31-19.5.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.5.1 dovecot22-backend-pgsql-2.2.31-19.5.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.5.1 dovecot22-backend-sqlite-2.2.31-19.5.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.5.1 dovecot22-debuginfo-2.2.31-19.5.1 dovecot22-debugsource-2.2.31-19.5.1 References: https://www.suse.com/security/cve/CVE-2017-15132.html https://bugzilla.suse.com/1075608 From sle-updates at lists.suse.com Fri Feb 16 13:08:34 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Feb 2018 21:08:34 +0100 (CET) Subject: SUSE-SU-2018:0467-1: moderate: Security update for gtk2 Message-ID: <20180216200834.58DB2FD26@maintenance.suse.de> SUSE Security Update: Security update for gtk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0467-1 Rating: moderate References: #1053417 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for gtk2 fixes the following issues: This security issue was fixed: - Add checks for multiplications at several locations to avoid mishandling memory. This allowed attackers to cause DoS or potentially RCE (bsc#1053417). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gtk2-13473=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gtk2-13473=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gtk2-13473=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-devel-2.18.9-0.45.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): gtk2-devel-32bit-2.18.9-0.45.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-2.18.9-0.45.3.1 gtk2-doc-2.18.9-0.45.3.1 gtk2-lang-2.18.9-0.45.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gtk2-32bit-2.18.9-0.45.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): gtk2-x86-2.18.9-0.45.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-debuginfo-2.18.9-0.45.3.1 gtk2-debugsource-2.18.9-0.45.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): gtk2-debuginfo-32bit-2.18.9-0.45.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gtk2-debuginfo-x86-2.18.9-0.45.3.1 References: https://bugzilla.suse.com/1053417 From sle-updates at lists.suse.com Mon Feb 19 07:11:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Feb 2018 15:11:31 +0100 (CET) Subject: SUSE-SU-2018:0472-1: important: Security update for xen Message-ID: <20180219141131.32CAAFD15@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0472-1 Rating: important References: #1027519 #1035442 #1051729 #1061081 #1068032 #1070158 #1070159 #1070160 #1070163 #1074562 #1076116 #1076180 Cross-References: CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-5683 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka "Spectre" and "Meltdown" attacks (bsc#1074562, bsc#1068032) - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). These non-security issues were fixed: - bsc#1051729: Prevent invalid symlinks after install of SLES 12 SP2 - bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many domUs shutdown in parallel the backends couldn't keep up - bsc#1027519: Added several upstream patches Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-325=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-325=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-325=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.4_06-43.24.1 xen-devel-4.7.4_06-43.24.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.4_06-43.24.1 xen-debugsource-4.7.4_06-43.24.1 xen-doc-html-4.7.4_06-43.24.1 xen-libs-32bit-4.7.4_06-43.24.1 xen-libs-4.7.4_06-43.24.1 xen-libs-debuginfo-32bit-4.7.4_06-43.24.1 xen-libs-debuginfo-4.7.4_06-43.24.1 xen-tools-4.7.4_06-43.24.1 xen-tools-debuginfo-4.7.4_06-43.24.1 xen-tools-domU-4.7.4_06-43.24.1 xen-tools-domU-debuginfo-4.7.4_06-43.24.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.4_06-43.24.1 xen-debugsource-4.7.4_06-43.24.1 xen-libs-32bit-4.7.4_06-43.24.1 xen-libs-4.7.4_06-43.24.1 xen-libs-debuginfo-32bit-4.7.4_06-43.24.1 xen-libs-debuginfo-4.7.4_06-43.24.1 References: https://www.suse.com/security/cve/CVE-2017-15595.html https://www.suse.com/security/cve/CVE-2017-17563.html https://www.suse.com/security/cve/CVE-2017-17564.html https://www.suse.com/security/cve/CVE-2017-17565.html https://www.suse.com/security/cve/CVE-2017-17566.html https://www.suse.com/security/cve/CVE-2017-18030.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2018-5683.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1035442 https://bugzilla.suse.com/1051729 https://bugzilla.suse.com/1061081 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1070158 https://bugzilla.suse.com/1070159 https://bugzilla.suse.com/1070160 https://bugzilla.suse.com/1070163 https://bugzilla.suse.com/1074562 https://bugzilla.suse.com/1076116 https://bugzilla.suse.com/1076180 From sle-updates at lists.suse.com Mon Feb 19 16:08:57 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Feb 2018 00:08:57 +0100 (CET) Subject: SUSE-SU-2018:0482-1: important: Security update for the Linux Kernel Message-ID: <20180219230857.90700FD15@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0482-1 Rating: important References: #1012382 #1019784 #1031717 #1036737 #1038078 #1038085 #1043652 #1048585 #1052360 #1060279 #1066223 #1066842 #1068032 #1068038 #1068569 #1068984 #1069160 #1070799 #1072163 #1072484 #1072589 #1073229 #1073230 #1073928 #1074134 #1074488 #1074621 #1074709 #1074839 #1074847 #1075066 #1075078 #1075087 #1075091 #1075428 #1075617 #1075621 #1075627 #1075994 #1076017 #1076110 #1076806 #1076809 #1076872 #1076899 #1077068 #1077560 #1077592 #1077871 #1078526 #1078681 #963844 #988524 Cross-References: CVE-2017-15129 CVE-2017-17712 CVE-2017-17862 CVE-2017-17864 CVE-2017-18017 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP2 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 44 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a "pointer leak (bnc#1073928). - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229 1073230). - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - 509: fix printing uninitialized stack memory when OID is empty (bsc#1075078). - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382). - acpi / scan: Prefer devices without _HID/_CID for _ADR matching (bnc#1012382). - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382). - af_key: fix buffer overread in verify_address_len() (bnc#1012382). - afs: Adjust mode bits processing (bnc#1012382). - afs: Connect up the CB.ProbeUuid (bnc#1012382). - afs: Fix afs_kill_pages() (bnc#1012382). - afs: Fix missing put_page() (bnc#1012382). - afs: Fix page leak in afs_write_begin() (bnc#1012382). - afs: Fix the maths in afs_fs_store_data() (bnc#1012382). - afs: Flush outstanding writes when an fd is closed (bnc#1012382). - afs: Migrate vlocation fields to 64-bit (bnc#1012382). - afs: Populate and use client modification time (bnc#1012382). - afs: Populate group ID from vnode status (bnc#1012382). - afs: Prevent callback expiry timer overflow (bnc#1012382). - alpha: fix build failures (bnc#1012382). - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717). - alsa: aloop: Release cable upon open error path (bsc#1031717). - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717). - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717). - arc: uaccess: dont use "l" gcc inline asm constraint modifier (bnc#1012382). - arm64: Add hypervisor safe helper for checking constant capabilities (bsc#1068032). - arm64: Add macros to read/write system registers (bsc#1068032). - arm64: add macro to extract ESR_ELx.EC (bsc#1068032). - arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032). - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032). - arm64: alternative: add auto-nop infrastructure (bsc#1068032). - arm64: barriers: introduce nops and __nops macros for NOP sequences (bsc#1068032). - arm64: cpu_errata: Allow an erratum to be match for all revisions of a core (bsc#1068032). - arm64: cpufeature: Add scope for capability check (bsc#1068032). - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032). - arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032). - arm64: debug: remove unused local_dbg_{enable, disable} macros (bsc#1068032). - arm64: Disable kpti for non broadcast TLB HW (bsc#1068032). - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032). - arm64: do not pull uaccess.h into *.S (bsc#1068032). - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032). - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032). - arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032). - arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032). - arm64: entry: remove pointless SPSR mode check (bsc#1068032). - arm64: entry.S convert el0_sync (bsc#1068032). - arm64: entry.S: convert el1_sync (bsc#1068032). - arm64: entry.S: convert elX_irq (bsc#1068032). - arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032). - arm64: entry.S: Remove disable_dbg (bsc#1068032). - arm64: explicitly mask all exceptions (bsc#1068032). - arm64: factor out entry stack manipulation (bsc#1068032). - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032). - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032). - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032). - arm64: factor work_pending state machine to C (bsc#1068032). - arm64: Fix circular include of asm/lse.h through linux/jump_label.h (bsc#1068032). - arm64: Fix compilation (bsc#1068032). - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382). - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032). - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032). - arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032). - arm64: Initialise high_memory global variable earlier (bnc#1012382). - arm64: introduce an order for exceptions (bsc#1068032). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032). - arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 (bsc#1068032). - arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032). - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032). - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032). - arm64: kill ESR_LNX_EXEC (bsc#1068032). - arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032). - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bnc#1012382). - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm64: kvm: Survive unknown traps from guests (bnc#1012382). - arm64: kvm: Use per-CPU vector when BP hardening is enabled (bsc#1068032). - arm64: Mask all exceptions during kernel_exit (bsc#1068032). - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032). - arm64: mm: Allocate ASIDs in pairs (bsc#1068032). - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: hardcode rodata=true (bsc#1068032). - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR (bsc#1068032). - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032). - arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032). - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032). - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032). - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: Use non-global mappings for kernel space (bsc#1068032). - arm64: Move BP hardening to check_and_switch_context (bsc#1068032). - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032). - arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032). - arm64: Store struct thread_info in sp_el0 (bsc#1068032). - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032). - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032). - arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032). - arm64: sysreg: allow write_sysreg to use XZR (bsc#1068032). - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032). - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032). - arm64: tlbflush.h: add __tlbi() macro (bsc#1068032). - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032). - arm64: use alternative auto-nop (bsc#1068032). - arm64: use RET instruction for exiting the trampoline (bsc#1068032). - arm64: Use static keys for CPU features (bsc#1068032). - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032). - arm: avoid faulting on qemu (bnc#1012382). - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382). - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382). - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory (bnc#1012382). - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382). - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382). - arm: dts: ti: fix pci bus dtc warnings (bnc#1012382). - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382). - arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm: kvm: Survive unknown traps from guests (bnc#1012382). - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382). - arm: OMAP2+: Fix device node reference counts (bnc#1012382). - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382). - arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382). - asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes). - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382). - asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382). - ath9k: fix tx99 potential info leak (bnc#1012382). - atm: horizon: Fix irq release error (bnc#1012382). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382). - axonram: Fix gendisk handling (bnc#1012382). - backlight: pwm_bl: Fix overflow condition (bnc#1012382). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: debug: avoid accessing .bi_io_vec directly (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bnc#1012382). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix wrong cache_misses statistics (bnc#1012382). - bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110). - bcache: pr_err: more meaningful error message when nr_stripes is invalid (bsc#1076110). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652). - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails (bsc#1076110). - bcache: Remove deprecated create_workqueue (bsc#1076110). - bcache: Remove redundant block_size assignment (bsc#1076110). - bcache: Remove redundant parameter for cache_alloc() (bsc#1076110). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085, bsc#1019784). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache: switch to using blk_queue_write_cache() (bsc#1076110). - bcache.txt: standardize document format (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: update document info (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - be2net: restore properly promisc mode after queues reconfiguration (bsc#963844 FATE#320192). - block: export bio_free_pages to other modules (bsc#1076110). - block: wake up all tasks blocked in get_request() (bnc#1012382). - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382). - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382). - bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382). - bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382). - btrfs: account for pinned bytes in should_alloc_chunk (bsc#1066842). - btrfs: add missing memset while reading compressed inline extents (bnc#1012382). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: gs_usb: fix return value of the "set_bittiming" callback (bnc#1012382). - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bnc#1012382). - can: kvaser_usb: free buf in error paths (bnc#1012382). - can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382). - can: peak: fix potential bug in packet fragmentation (bnc#1012382). - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382). - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - ceph: drop negative child dentries before try pruning inode's alias (bnc#1012382). - ceph: more accurate statfs (bsc#1077068). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382). - clk: mediatek: add the option for determining PLL source clock (bnc#1012382). - clk: tegra: Fix cclk_lp divisor register (bnc#1012382). - cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382). - cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382). - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382). - crypto: algapi - fix NULL dereference in crypto_remove_spawns() (bnc#1012382). - crypto: chacha20poly1305 - validate the digest size (bnc#1012382). - crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382). - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382). - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382). - crypto: n2 - cure use after free (bnc#1012382). - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382). - crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382). - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382). - cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223). - dax: Pass detailed error code from __dax_fault() (bsc#1072484). - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (bnc#1012382). - delay: add poll_event_interruptible (bsc#1048585). - dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382). - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() (bnc#1012382). - dmaengine: pl330: fix double lock (bnc#1012382). - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382). - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382). - dm bufio: fix shrinker scans when (nr_to_scan < retain_target) (bnc#1012382). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382). - drivers: base: cacheinfo: fix boot error message when acpi is enabled (bnc#1012382). - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled (bnc#1012382). - drivers/firmware: Expose psci_get_version through psci_ops structure (bsc#1068032). - drivers/md/bcache/util.h: remove duplicate inclusion of blkdev.h (bsc#1076110). - drivers: net: xgene: Fix hardware checksum setting (bsc#1078526). - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382). - drm: extra printk() wrapper macros (bnc#1012382). - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement (bnc#1012382). - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382). - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382). - drm/radeon: reinstate oland workaround for sclk (bnc#1012382). - drm/radeon/si: add dpm quirk for Oland (bnc#1012382). - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382). - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382). - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382). - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382). - edac, sb_edac: Fix missing break in switch (bnc#1012382). - efi/esrt: Cleanup bad memory map log messages (bnc#1012382). - efi: Move some sysfs files to be read-only by root (bnc#1012382). - eventpoll.h: add missing epoll event masks (bnc#1012382). - ext4: fix crash when a directory's i_size is too small (bnc#1012382). - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484). - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382). - fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382). - Fix build error in vma.c (bnc#1012382). - fjes: Fix wrong netdevice feature flags (bnc#1012382). - flow_dissector: properly cap thoff field (bnc#1012382). - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382). - fork: clear thread stack upon allocation (bsc#1077560). Conflicts: series.conf - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382). - futex: Prevent overflow by strengthen input validation (bnc#1012382). - gcov: disable for COMPILE_TEST (bnc#1012382). - gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382). - gpio: altera: Use handle_level_irq when configured as a level_high (bnc#1012382). - hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382). - hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382). - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382). - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382). - i40e: Do not enable NAPI on q_vectors that have no rings (bnc#1012382). - ib/hfi1: Correct defered count after processing qp_wait_list (git-fixes). - ib/hfi1: Fix rnr_timer addition (git-fixes). - ib/hfi1: Handle kzalloc failure in init_pervl_scs (git-fixes). - ib/hfi1: Move iowait_init() to priv allocate (git-fixes). - ib/hfi1: Prevent kernel QP post send hard lockups (git-fixes). - ib/hfi1: Reset QSFP on every run through channel tuning (git-fixes). - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush (git-fixes). - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382). - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382). - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382). - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872). - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066). - ibmvnic: Fix IP offload control buffer (bsc#1076899). - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899). - ibmvnic: Fix pending MAC address changes (bsc#1075627). - ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872). - ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872). - ibmvnic: Wait for device response when changing MAC (bsc#1078681). - ib/qib: Remove qpt_mask global (git-fixes). - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (git-fixes). - ib/srpt: Disable RDMA access by the initiator (bnc#1012382). - igb: check memory allocation failure (bnc#1012382). - ima: fix hash algorithm initialization (bnc#1012382). - inet: frag: release spinlock before calling icmp_send() (bnc#1012382). - input: 88pm860x-ts - fix child-node lookup (bnc#1012382). - input: elantech - add new icbody type 15 (bnc#1012382). - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382). - input: trackpoint - force 3 buttons if 0 button is reported (bnc#1012382). - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382). - input: twl6040-vibra - fix child-node lookup (bnc#1012382). - input: twl6040-vibra - fix DT node memory management (bnc#1012382). - intel_th: pci: Add Gemini Lake support (bnc#1012382). - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382). - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382). - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382). - ipmi: Stop timers before cleaning up the module (bnc#1012382). - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382). - ipv4: igmp: guard against silly MTU values (bnc#1012382). - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (bnc#1012382). - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (bnc#1012382). - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382). - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382). - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes). - ipv6: mcast: better catch silly mtu values (bnc#1012382). - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382). - ipvlan: fix ipv6 outbound device (bnc#1012382). - ipvlan: remove excessive packet scrubbing (bsc#1070799). - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382). - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382). - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382). - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref (bnc#1012382). - isdn: kcapi: avoid uninitialized data (bnc#1012382). - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382). - ixgbe: fix use of uninitialized padding (bnc#1012382). - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382). - jump_label: Make it possible for arches to invoke jump_label_init() earlier (bsc#1068032). - jump_labels: Allow array initialisers (bsc#1068032). - Kabi: Keep KVM stable after enable s390 wire up bpb feature (bsc#1076806). - kABI: protect struct bpf_map (kabi). - kABI: protect struct ipv6_pinfo (kabi). - kABI: protect struct t10_alua_tg_pt_gp (kabi). - kABI: protect struct usbip_device (kabi). - kabi/severities: do not care about stuff_RSB - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382). - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382). - kernel/acct.c: fix the acct->needcheck check in check_free_space() (bnc#1012382). - kernel: make groups_sort calling a responsibility group_info allocators (bnc#1012382). - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (bnc#1012382). - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (bnc#1012382). - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (bnc#1012382). - keys: add missing permission check for request_key() destination (bnc#1012382). - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382). - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382). - kpti: Report when enabled (bnc#1012382). - kvm: arm/arm64: Fix occasional warning from the timer work function (bnc#1012382 bsc#988524). - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382). - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset (bnc#1012382). - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382). - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables (bnc#1012382). - kvm: s390: Enable all facility bits that are known good for passthrough (bsc#1076806). - kvm: s390: wire up bpb feature (bsc#1076806). - kvm: VMX: Fix enable VPID conditions (bnc#1012382). - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382). - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382). - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382). - kvm: x86: correct async page present tracepoint (bnc#1012382). - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382). - kvm: x86: fix RSM when pciD is non-zero (bnc#1012382). - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382). - lan78xx: Fix failure in USB Full Speed (bnc#1012382). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012382). - libata: drop WARN from protocol error in ata_sff_qc_issue() (bnc#1012382). - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382). - macvlan: Only deliver one copy of the frame to the macvlan interface (bnc#1012382). - md-cluster: free md_cluster_info if node leave cluster (bnc#1012382). - media: dvb: i2c transfers over usb cannot be done from stack (bnc#1012382). - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382). - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382). - mfd: twl6040: Fix child-node lookup (bnc#1012382). - MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET (bnc#1012382). - MIPS: AR7: ensure the port type's FCR value is used (bnc#1012382). - MIPS: Consistently handle buffer counter with PTRACE_SETREGSET (bnc#1012382). - MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses (bnc#1012382). - MIPS: Factor out NT_PRFPREG regset access helpers (bnc#1012382). - MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA (bnc#1012382). - MIPS: Guard against any partial write attempt with PTRACE_SETREGSET (bnc#1012382). - MIPS: math-emu: Fix final emulation phase for certain instructions (bnc#1012382). - MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task (bnc#1012382). - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382). - mlxsw: reg: Fix SPVM max record count (bnc#1012382). - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers (bnc#1012382). - mmc: mediatek: Fixed bug where clock frequency could be set wrong (bnc#1012382). - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382). - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382). - mm: Introduce lm_alias (bsc#1068032). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1012382). - mm/mprotect: add a cond_resched() inside change_pmd_range() (bnc#1077871). - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP (bnc#1012382). - module: set __jump_table alignment to 8 (bnc#1012382). - more bio_map_user_iov() leak fixes (bnc#1012382). - net: Allow neigh contructor functions ability to modify the primary_key (bnc#1012382). - net/appletalk: Fix kernel memory disclosure (bnc#1012382). - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382). - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values (bnc#1012382). - net: bcmgenet: power down internal phy if open or resume fails (bnc#1012382). - net: bcmgenet: Power up the internal PHY before probing the MII (bnc#1012382). - net: bcmgenet: reserved phy revisions must be checked first (bnc#1012382). - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (bnc#1012382). - net: core: fix module type in sock_diag_bind (bnc#1012382). - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces (bnc#1012382). - net: fec: fix multicast filtering hardware setup (bnc#1012382). - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382). - netfilter: do not track fragmented packets (bnc#1012382). - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382). - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382). - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134). - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table (bnc#1012382). - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382). - netfilter: nfnl_cthelper: fix runtime expectation policy updates (bnc#1012382). - net: Fix double free and memory corruption in get_net_ns_by_id() (bnc#1012382). - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382). - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382). - net: initialize msg.msg_flags in recvfrom (bnc#1012382). - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382). - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y (bnc#1012382). - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382). - net: mvneta: clear interface link status on port disable (bnc#1012382). - net/packet: fix a race in packet_bind() and packet_notifier() (bnc#1012382). - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382). - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (bnc#1012382). - net: qdisc_pkt_len_init() should be more robust (bnc#1012382). - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382). - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 (bnc#1012382). - net: reevalulate autoflowlabel setting after sysctl setting (bnc#1012382). - net: Resend IGMP memberships upon peer notification (bnc#1012382). - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382). - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382). - net: systemport: Pad packet before inserting TSB (bnc#1012382). - net: systemport: Utilize skb_put_padto() (bnc#1012382). - net: tcp: close sock if net namespace is exiting (bnc#1012382). - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382). - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382). - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382). - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382). - nfs: Do not take a reference on fl->fl_file for LOCK operation (bnc#1012382). - nfs: Fix a typo in nfs_rename() (bnc#1012382). - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382). - nfsv4: Fix client recovery when server reboots multiple times (bnc#1012382). - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() (bnc#1012382). - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1012382). - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382). - packet: fix crash in fanout_demux_rollover() (bnc#1012382). - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel (bnc#1012382). - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382). - partially revert tipc improve link resiliency when rps is activated (bsc#1068038). - pci/aer: Report non-fatal errors only to the affected endpoint (bnc#1012382). - pci: Avoid bus reset if bridge itself is broken (bnc#1012382). - pci: Create SR-IOV virtfn/physfn links before attaching driver (bnc#1012382). - pci: Detach driver before procfs & sysfs teardown on device remove (bnc#1012382). - pci/pme: Handle invalid data when reading Root Status (bnc#1012382). - pci / pm: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382). - perf symbols: Fix symbols__fixup_end heuristic for corner cases (bnc#1012382). - perf test attr: Fix ignored test case result (bnc#1012382). - perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver (bsc#1036737). - perf: xgene: Add support for SoC PMU version 3 (bsc#1076809). - perf: xgene: Include module.h (bsc#1076809). - perf: xgene: Move PMU leaf functions into function pointer structure (bsc#1076809). - perf: xgene: Parse PMU subnode from the match table (bsc#1076809). - perf: xgene: Remove unnecessary managed resources cleanup (bsc#1076809). - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012382). - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382). - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382). - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075087). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075087). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075087). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075087). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075087). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075087). - powerpc/ipic: Fix status get and status clear (bnc#1012382). - powerpc/perf: Dereference BHRB entries safely (bsc#1066223). - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382). - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo (bnc#1012382). - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested (bnc#1012382). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075087). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075087). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot (bsc#1068032, bsc#1075087). - ppp: Destroy the mutex when cleanup (bnc#1012382). - pppoe: take ->needed_headroom of lower device into account on xmit (bnc#1012382). - pti: unbreak EFI (bsc#1074709). - r8152: fix the list rx_done may be used without initialization (bnc#1012382). - r8152: prevent the driver from transmitting packets with carrier off (bnc#1012382). - r8169: fix memory corruption on retrieval of hardware statistics (bnc#1012382). - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382). - ravb: Remove Rx overflow log messages (bnc#1012382). - rbd: set max_segments to USHRT_MAX (bnc#1012382). - rdma/cma: Avoid triggering undefined behavior (bnc#1012382). - rdma/iser: Fix possible mr leak on device removal event (bnc#1012382). - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382). - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382). - rds: null pointer dereference in rds_atomic_free_op (bnc#1012382). - regulator: core: Rely on regulator_dev_release to free constraints (bsc#1074847). - regulator: da9063: Return an error code on probe failure (bsc#1074847). - regulator: pwm: Fix regulator ramp delay for continuous mode (bsc#1074847). - regulator: Try to resolve regulators supplies on registration (bsc#1074847). - Revert "arm64: alternatives: add enable parameter to conditional asm macros" (bsc#1068032). - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" (bnc#1012382). - Revert "drm/armada: Fix compile fail" (bnc#1012382). - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi). - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi). - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi). - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()" (bnc#1012382). - Revert "s390/kbuild: enable modversions for symbols exported from asm" (bnc#1012382). - Revert "sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks" (kabi). - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline" (kabi). - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382). - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory" (bnc#1012382). - Revert "x86/efi: Build our own page table structures" (bnc#1012382). - Revert "x86/efi: Hoist page table switching code into efi_call_virt()" (bnc#1012382). - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" (bnc#1012382). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087). - ring-buffer: Mask out the info bits when returning buffer page length (bnc#1012382). - route: also update fnhe_genid when updating a route cache (bnc#1012382). - route: update fnhe_expires for redirect when the fnhe exists (bnc#1012382). - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592). - rtc: pcf8563: fix output clock rate (bnc#1012382). - rtc: pl031: make interrupt optional (bnc#1012382). - rtc: set the alarm to the next expiring timer (bnc#1012382). - s390: always save and restore all registers on context switch (bnc#1012382). - s390: fix compat system call table (bnc#1012382). - s390/pci: do not require AIS facility (bnc#1012382). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1012382). - s390/runtime instrumentation: simplify task exit handling (bnc#1012382). - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382). - sched/deadline: Make sure the replenishment timer fires in the next period (bnc#1012382). - sched/deadline: Throttle a constrained deadline task activated after the deadline (bnc#1012382). - sched/deadline: Use deadline instead of period when calculating overflow (bnc#1012382). - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks (bnc#1012382). - sched/deadline: Zero out positive runtime after throttling constrained tasks (git-fixes). - scsi: bfa: integer overflow in debugfs (bnc#1012382). - scsi: check for device state in __scsi_remove_target() (bsc#1072589). - scsi: cxgb4i: fix Tx skb leak (bnc#1012382). - scsi: fixup kernel warning during rmmod() (bsc#1052360). - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading (bnc#1012382). - scsi: hpsa: destroy sas transport properties before scsi_host (bnc#1012382). - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382). - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters (bnc#1012382). - scsi: lpfc: Fix PT2PT PRLI reject (bnc#1012382). - scsi: lpfc: Fix secure firmware updates (bnc#1012382). - scsi: lpfc: PLOGI failures during NPIV testing (bnc#1012382). - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bnc#1012382). - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382). - scsi: sd: change manage_start_stop to bool in sysfs interface (bnc#1012382). - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382). - scsi: sr: wait for the medium to become ready (bsc#1048585). - sctp: do not allow the v4 socket to bind a v4mapped v6 address (bnc#1012382). - sctp: do not free asoc when it is already dead in sctp_sendmsg (bnc#1012382). - sctp: Replace use of sockets_allocated with specified macro (bnc#1012382). - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (bnc#1012382). - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382). - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382). - selftests/x86: Add test_vsyscall (bnc#1012382). - selftests/x86/ldt_get: Add a few additional tests for limits (bnc#1012382). - serial: 8250_pci: Add Amazon pci serial device ID (bnc#1012382). - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382). - Set supported_modules_check 1 (bsc#1072163). - sfc: do not warn on successful change of MAC (bnc#1012382). - sh_eth: fix SH7757 GEther initialization (bnc#1012382). - sh_eth: fix TSU resource handling (bnc#1012382). - sit: update frag_off info (bnc#1012382). - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382). - sparc64/mm: set fields in deferred pages (bnc#1012382). - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382). - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382). - spi: xilinx: Detect stall with Unknown commands (bnc#1012382). - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl (bnc#1012382). - sunrpc: Fix rpc_task_begin trace point (bnc#1012382). - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - sysrq : fix Show Regs call trace on ARM (bnc#1012382). - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK (bnc#1012382). - target/file: Do not return error for UNMAP if length is zero (bnc#1012382). - target: fix ALUA transition timeout handling (bnc#1012382). - target:fix condition return in core_pr_dump_initiator_port() (bnc#1012382). - target: fix race during implicit transition work flushes (bnc#1012382). - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() (bnc#1012382). - target: Use system workqueue for ALUA transitions (bnc#1012382). - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382). - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382). - tcp md5sig: Use skb's saddr when replying to an incoming segment (bnc#1012382). - tcp: __tcp_hdrlen() helper (bnc#1012382). - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382). - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bnc#1012382). - thermal: hisilicon: Handle return value of clk_prepare_enable (bnc#1012382). - tipc: fix cleanup at module unload (bnc#1012382). - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382). - tipc: improve link resiliency when rps is activated (bsc#1068038). - tracing: Allocate mask_str buffer dynamically (bnc#1012382). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012382). - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382). - tracing: Fix possible double free on failure of allocating trace buffer (bnc#1012382). - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382). - tty fix oops when rmmod 8250 (bnc#1012382). - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382). - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382). - udf: Avoid overflow when session starts at large offset (bnc#1012382). - um: link vmlinux with -no-pie (bnc#1012382). - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382). - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382). - USB: core: Add type-specific length check of BOS descriptors (bnc#1012382). - USB: core: prevent malicious bNumInterfaces overflow (bnc#1012382). - USB: devio: Prevent integer overflow in proc_do_submiturb() (bnc#1012382). - USB: Fix off by one in type-specific length check of BOS SSP capability (git-fixes). - USB: fix usbmon BUG trigger (bnc#1012382). - usb: gadget: configs: plug memory leak (bnc#1012382). - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping (bnc#1012382). - USB: gadgetfs: Fix a potential memory leak in 'dev_config()' (bnc#1012382). - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed (bnc#1012382). - usb: gadget: udc: remove pointer dereference after free (bnc#1012382). - usb: hub: Cycle HUB power when initialization fails (bnc#1012382). - USB: Increase usbfs transfer limit (bnc#1012382). - usbip: Fix implicit fallthrough warning (bnc#1012382). - usbip: Fix potential format overflow in userspace tools (bnc#1012382). - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382). - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (bnc#1012382). - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (bnc#1012382). - usbip: fix usbip bind writing random string after command in match_busid (bnc#1012382). - usbip: prevent leaking socket pointer address in messages (bnc#1012382). - usbip: prevent vhci_hcd driver from leaking a socket pointer address (bnc#1012382). - usbip: remove kernel addresses from usb device and urb debug msgs (bnc#1012382). - usbip: stub: stop printing kernel pointer addresses in messages (bnc#1012382). - usbip: vhci: stop printing kernel pointer addresses in messages (bnc#1012382). - usb: misc: usb3503: make sure reset is low for at least 100us (bnc#1012382). - usb: musb: da8xx: fix babble condition handling (bnc#1012382). - usb: phy: isp1301: Add OF device ID table (bnc#1012382). - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled (git-fixes). - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382). - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bnc#1012382). - USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bnc#1012382). - USB: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382). - USB: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382). - USB: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382). - USB: serial: option: add Quectel BG96 id (bnc#1012382). - USB: serial: option: add support for Telit ME910 PID 0x1101 (bnc#1012382). - USB: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382). - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID (bnc#1012382). - USB: usbfs: Filter flags passed in from user space (bnc#1012382). - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382). - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382). - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382). - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382). - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382). - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bnc#1012382). - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bnc#1012382). - virtio: release virtio index when fail to device_register (bnc#1012382). - vmxnet3: repair memory leak (bnc#1012382). - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382). - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bnc#1012382). - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382). - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382). - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq (bnc#1012382). - writeback: fix memory leak in wb_queue_work() (bnc#1012382). - X.509: fix buffer overflow detection in sprint_oid() (bsc#1075078). - X.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (bnc#1012382). - x86/alternatives: Fix optimize_nops() checking (bnc#1012382). - x86/apic/vector: Fix off by one in error path (bnc#1012382). - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels (bnc#1012382). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382). - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382). - x86/Documentation: Add PTI description (bnc#1012382). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bnc#1012382). - x86/hpet: Prevent might sleep splat on resume (bnc#1012382). - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382). - x86/kasan: Write protect kasan zero shadow (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading with a revision check (bnc#1012382). - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382). - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (git-fixes). - x86/mm: Disable pciD on 32-bit kernels (bnc#1012382). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382). - x86/pti: Document fix wrong index (bnc#1012382). - x86/pti/efi: broken conversion from efi to kernel page table (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382). - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (bnc#1012382). - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() (bnc#1012382). - xen-netfront: Improve error handling during initialization (bnc#1012382). - xfrm: Copy policy family in clone_policy (bnc#1012382). - xfs: add configurable error support to metadata buffers (bsc#1068569). - xfs: add configuration handlers for specific errors (bsc#1068569). - xfs: add configuration of error failure speed (bsc#1068569). - xfs: add "fail at unmount" error handling configuration (bsc#1068569). - xfs: Add infrastructure needed for error propagation during buffer IO failure (bsc#1068569). - xfs: address kabi for xfs buffer retry infrastructure (kabi). - xfs: configurable error behavior via sysfs (bsc#1068569). - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real (bnc#1012382). - xfs: fix log block underflow during recovery cycle verification (bnc#1012382). - xfs: fix up inode32/64 (re)mount handling (bsc#1069160). - xfs: introduce metadata IO error class (bsc#1068569). - xfs: introduce table-based init for error behaviors (bsc#1068569). - xfs: Properly retry failed inode items in case of error during buffer writeback (bsc#1068569). - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569). - xhci: Do not add a virt_dev to the devs array before it's fully allocated (bnc#1012382). - xhci: Fix ring leak in failure path of xhci_alloc_virt_device() (bnc#1012382). - xhci: plat: Register shutdown for xhci_plat (bnc#1012382). - zram: set physical queue limits to avoid array out of bounds accesses (bnc#1012382). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP2: zypper in -t patch SUSE-SLE-RT-12-SP2-2018-327=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP2 (noarch): kernel-devel-rt-4.4.114-27.1 kernel-source-rt-4.4.114-27.1 - SUSE Linux Enterprise Real Time Extension 12-SP2 (x86_64): cluster-md-kmp-rt-4.4.114-27.1 cluster-md-kmp-rt-debuginfo-4.4.114-27.1 cluster-network-kmp-rt-4.4.114-27.1 cluster-network-kmp-rt-debuginfo-4.4.114-27.1 dlm-kmp-rt-4.4.114-27.1 dlm-kmp-rt-debuginfo-4.4.114-27.1 gfs2-kmp-rt-4.4.114-27.1 gfs2-kmp-rt-debuginfo-4.4.114-27.1 kernel-rt-4.4.114-27.1 kernel-rt-base-4.4.114-27.1 kernel-rt-base-debuginfo-4.4.114-27.1 kernel-rt-debuginfo-4.4.114-27.1 kernel-rt-debugsource-4.4.114-27.1 kernel-rt-devel-4.4.114-27.1 kernel-rt_debug-debuginfo-4.4.114-27.1 kernel-rt_debug-debugsource-4.4.114-27.1 kernel-rt_debug-devel-4.4.114-27.1 kernel-rt_debug-devel-debuginfo-4.4.114-27.1 kernel-syms-rt-4.4.114-27.1 ocfs2-kmp-rt-4.4.114-27.1 ocfs2-kmp-rt-debuginfo-4.4.114-27.1 References: https://www.suse.com/security/cve/CVE-2017-15129.html https://www.suse.com/security/cve/CVE-2017-17712.html https://www.suse.com/security/cve/CVE-2017-17862.html https://www.suse.com/security/cve/CVE-2017-17864.html https://www.suse.com/security/cve/CVE-2017-18017.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-5332.html https://www.suse.com/security/cve/CVE-2018-5333.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1019784 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1036737 https://bugzilla.suse.com/1038078 https://bugzilla.suse.com/1038085 https://bugzilla.suse.com/1043652 https://bugzilla.suse.com/1048585 https://bugzilla.suse.com/1052360 https://bugzilla.suse.com/1060279 https://bugzilla.suse.com/1066223 https://bugzilla.suse.com/1066842 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068038 https://bugzilla.suse.com/1068569 https://bugzilla.suse.com/1068984 https://bugzilla.suse.com/1069160 https://bugzilla.suse.com/1070799 https://bugzilla.suse.com/1072163 https://bugzilla.suse.com/1072484 https://bugzilla.suse.com/1072589 https://bugzilla.suse.com/1073229 https://bugzilla.suse.com/1073230 https://bugzilla.suse.com/1073928 https://bugzilla.suse.com/1074134 https://bugzilla.suse.com/1074488 https://bugzilla.suse.com/1074621 https://bugzilla.suse.com/1074709 https://bugzilla.suse.com/1074839 https://bugzilla.suse.com/1074847 https://bugzilla.suse.com/1075066 https://bugzilla.suse.com/1075078 https://bugzilla.suse.com/1075087 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075428 https://bugzilla.suse.com/1075617 https://bugzilla.suse.com/1075621 https://bugzilla.suse.com/1075627 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1076806 https://bugzilla.suse.com/1076809 https://bugzilla.suse.com/1076872 https://bugzilla.suse.com/1076899 https://bugzilla.suse.com/1077068 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1077592 https://bugzilla.suse.com/1077871 https://bugzilla.suse.com/1078526 https://bugzilla.suse.com/1078681 https://bugzilla.suse.com/963844 https://bugzilla.suse.com/988524 From sle-updates at lists.suse.com Tue Feb 20 07:07:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Feb 2018 15:07:51 +0100 (CET) Subject: SUSE-SU-2018:0486-1: moderate: Security update for ImageMagick Message-ID: <20180220140751.ACB43FCC0@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0486-1 Rating: moderate References: #1042824 #1048110 #1049374 #1049375 #1050048 #1050617 #1050669 #1052207 #1052248 #1052251 #1052254 #1052472 #1052688 #1052711 #1052747 #1052750 #1052761 #1055069 #1055229 #1058009 #1074119 #1076182 #1078433 Cross-References: CVE-2017-11166 CVE-2017-11448 CVE-2017-11450 CVE-2017-11537 CVE-2017-11637 CVE-2017-11638 CVE-2017-11642 CVE-2017-12418 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12654 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 CVE-2017-12674 CVE-2017-13058 CVE-2017-13131 CVE-2017-14224 CVE-2017-17885 CVE-2017-18028 CVE-2017-9407 CVE-2018-6405 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-11637: A NULL pointer dereference in WritePCLImage() in coders/pcl.c was fixed which could lead to a crash (bsc#1050669) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13476=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13476=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13476=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.78.34.1 ImageMagick-devel-6.4.3.6-7.78.34.1 libMagick++-devel-6.4.3.6-7.78.34.1 libMagick++1-6.4.3.6-7.78.34.1 libMagickWand1-6.4.3.6-7.78.34.1 perl-PerlMagick-6.4.3.6-7.78.34.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.78.34.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.78.34.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.78.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.78.34.1 ImageMagick-debugsource-6.4.3.6-7.78.34.1 References: https://www.suse.com/security/cve/CVE-2017-11166.html https://www.suse.com/security/cve/CVE-2017-11448.html https://www.suse.com/security/cve/CVE-2017-11450.html https://www.suse.com/security/cve/CVE-2017-11537.html https://www.suse.com/security/cve/CVE-2017-11637.html https://www.suse.com/security/cve/CVE-2017-11638.html https://www.suse.com/security/cve/CVE-2017-11642.html https://www.suse.com/security/cve/CVE-2017-12418.html https://www.suse.com/security/cve/CVE-2017-12427.html https://www.suse.com/security/cve/CVE-2017-12429.html https://www.suse.com/security/cve/CVE-2017-12432.html https://www.suse.com/security/cve/CVE-2017-12566.html https://www.suse.com/security/cve/CVE-2017-12654.html https://www.suse.com/security/cve/CVE-2017-12664.html https://www.suse.com/security/cve/CVE-2017-12665.html https://www.suse.com/security/cve/CVE-2017-12668.html https://www.suse.com/security/cve/CVE-2017-12674.html https://www.suse.com/security/cve/CVE-2017-13058.html https://www.suse.com/security/cve/CVE-2017-13131.html https://www.suse.com/security/cve/CVE-2017-14224.html https://www.suse.com/security/cve/CVE-2017-17885.html https://www.suse.com/security/cve/CVE-2017-18028.html https://www.suse.com/security/cve/CVE-2017-9407.html https://www.suse.com/security/cve/CVE-2018-6405.html https://bugzilla.suse.com/1042824 https://bugzilla.suse.com/1048110 https://bugzilla.suse.com/1049374 https://bugzilla.suse.com/1049375 https://bugzilla.suse.com/1050048 https://bugzilla.suse.com/1050617 https://bugzilla.suse.com/1050669 https://bugzilla.suse.com/1052207 https://bugzilla.suse.com/1052248 https://bugzilla.suse.com/1052251 https://bugzilla.suse.com/1052254 https://bugzilla.suse.com/1052472 https://bugzilla.suse.com/1052688 https://bugzilla.suse.com/1052711 https://bugzilla.suse.com/1052747 https://bugzilla.suse.com/1052750 https://bugzilla.suse.com/1052761 https://bugzilla.suse.com/1055069 https://bugzilla.suse.com/1055229 https://bugzilla.suse.com/1058009 https://bugzilla.suse.com/1074119 https://bugzilla.suse.com/1076182 https://bugzilla.suse.com/1078433 From sle-updates at lists.suse.com Tue Feb 20 10:15:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Feb 2018 18:15:22 +0100 (CET) Subject: SUSE-RU-2018:0495-1: Recommended update for ses-release Message-ID: <20180220171522.0DBC2FD26@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0495-1 Rating: low References: #1080806 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the SUSE Enterprise Storage release package fixes the End of Life date of the product. The wrong End of Life 2018-01-31 has been changed to 2019-03-01. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-330=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): ses-release-4-23.1 References: https://bugzilla.suse.com/1080806 From sle-updates at lists.suse.com Wed Feb 21 04:10:41 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 12:10:41 +0100 (CET) Subject: SUSE-SU-2018:0505-1: moderate: Security update for openvswitch Message-ID: <20180221111041.D19A8FCB8@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0505-1 Rating: moderate References: #1040543 #1041447 #1041470 #1050896 #1061310 Cross-References: CVE-2017-14970 CVE-2017-9214 CVE-2017-9263 CVE-2017-9265 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for openvswitch fixes the following issues: * CVE-2017-9263: While parsing an OpenFlow role status message, there is a call to the abort() functio for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. (bsc#1041470) * CVE-2017-9265: Buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.(bsc#1041447) * CVE-2017-9214: While parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. (bsc#1040543) * CVE-2017-14970: In lib/ofp-util.c, there are multiple memory leaks while parsing malformed OpenFlow group mod messages.(bsc#1061310) * Do not stop the systemd service on package removals as this can break networking. Moreover, this allows us to easily update to more recent openvswitch releases without connectivity problems (bsc#1050896) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-334=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): openvswitch-2.5.1-6.4.7 openvswitch-debuginfo-2.5.1-6.4.7 openvswitch-debugsource-2.5.1-6.4.7 openvswitch-kmp-default-2.5.1_k3.12.74_60.64.69-6.4.7 openvswitch-kmp-default-debuginfo-2.5.1_k3.12.74_60.64.69-6.4.7 openvswitch-kmp-xen-2.5.1_k3.12.74_60.64.69-6.4.7 openvswitch-kmp-xen-debuginfo-2.5.1_k3.12.74_60.64.69-6.4.7 openvswitch-switch-2.5.1-6.4.7 openvswitch-switch-debuginfo-2.5.1-6.4.7 References: https://www.suse.com/security/cve/CVE-2017-14970.html https://www.suse.com/security/cve/CVE-2017-9214.html https://www.suse.com/security/cve/CVE-2017-9263.html https://www.suse.com/security/cve/CVE-2017-9265.html https://bugzilla.suse.com/1040543 https://bugzilla.suse.com/1041447 https://bugzilla.suse.com/1041470 https://bugzilla.suse.com/1050896 https://bugzilla.suse.com/1061310 From sle-updates at lists.suse.com Wed Feb 21 04:11:44 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 12:11:44 +0100 (CET) Subject: SUSE-SU-2018:0506-1: moderate: Security update for postgresql94 Message-ID: <20180221111144.E25F3FD15@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0506-1 Rating: moderate References: #1077983 Cross-References: CVE-2018-1053 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.16, full release notes: https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Security issues fixed: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-postgresql94-13478=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgresql94-13478=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-postgresql94-13478=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.16-0.23.13.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.16-0.23.13.2 libpq5-9.4.16-0.23.13.2 postgresql94-9.4.16-0.23.13.2 postgresql94-contrib-9.4.16-0.23.13.2 postgresql94-docs-9.4.16-0.23.13.2 postgresql94-server-9.4.16-0.23.13.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpq5-32bit-9.4.16-0.23.13.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.16-0.23.13.2 postgresql94-debugsource-9.4.16-0.23.13.2 postgresql94-libs-debuginfo-9.4.16-0.23.13.2 postgresql94-libs-debugsource-9.4.16-0.23.13.2 References: https://www.suse.com/security/cve/CVE-2018-1053.html https://bugzilla.suse.com/1077983 From sle-updates at lists.suse.com Wed Feb 21 04:12:14 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 12:12:14 +0100 (CET) Subject: SUSE-SU-2018:0507-1: moderate: Security update for postgresql96 Message-ID: <20180221111214.3C616FD15@maintenance.suse.de> SUSE Security Update: Security update for postgresql96 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0507-1 Rating: moderate References: #1077983 Cross-References: CVE-2018-1053 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql96 to version 9.6.7 fixes the following issues: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) A full changelog is available here: https://www.postgresql.org/docs/9.6/static/release-9-6-7.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-332=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-332=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-332=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-332=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-332=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-332=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-332=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): postgresql96-devel-9.6.7-3.13.1 postgresql96-devel-debuginfo-9.6.7-3.13.1 postgresql96-libs-debugsource-9.6.7-3.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): postgresql96-devel-9.6.7-3.13.1 postgresql96-devel-debuginfo-9.6.7-3.13.1 postgresql96-libs-debugsource-9.6.7-3.13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libecpg6-9.6.7-3.13.1 libecpg6-debuginfo-9.6.7-3.13.1 libpq5-9.6.7-3.13.1 libpq5-debuginfo-9.6.7-3.13.1 postgresql96-9.6.7-3.13.1 postgresql96-contrib-9.6.7-3.13.1 postgresql96-contrib-debuginfo-9.6.7-3.13.1 postgresql96-debuginfo-9.6.7-3.13.1 postgresql96-debugsource-9.6.7-3.13.1 postgresql96-libs-debugsource-9.6.7-3.13.1 postgresql96-server-9.6.7-3.13.1 postgresql96-server-debuginfo-9.6.7-3.13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): postgresql96-docs-9.6.7-3.13.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-9.6.7-3.13.1 libecpg6-debuginfo-9.6.7-3.13.1 libpq5-9.6.7-3.13.1 libpq5-debuginfo-9.6.7-3.13.1 postgresql96-9.6.7-3.13.1 postgresql96-contrib-9.6.7-3.13.1 postgresql96-contrib-debuginfo-9.6.7-3.13.1 postgresql96-debuginfo-9.6.7-3.13.1 postgresql96-debugsource-9.6.7-3.13.1 postgresql96-libs-debugsource-9.6.7-3.13.1 postgresql96-server-9.6.7-3.13.1 postgresql96-server-debuginfo-9.6.7-3.13.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libpq5-32bit-9.6.7-3.13.1 libpq5-debuginfo-32bit-9.6.7-3.13.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): postgresql96-docs-9.6.7-3.13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libecpg6-9.6.7-3.13.1 libecpg6-debuginfo-9.6.7-3.13.1 libpq5-9.6.7-3.13.1 libpq5-debuginfo-9.6.7-3.13.1 postgresql96-9.6.7-3.13.1 postgresql96-contrib-9.6.7-3.13.1 postgresql96-contrib-debuginfo-9.6.7-3.13.1 postgresql96-debuginfo-9.6.7-3.13.1 postgresql96-debugsource-9.6.7-3.13.1 postgresql96-libs-debugsource-9.6.7-3.13.1 postgresql96-server-9.6.7-3.13.1 postgresql96-server-debuginfo-9.6.7-3.13.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libpq5-32bit-9.6.7-3.13.1 libpq5-debuginfo-32bit-9.6.7-3.13.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): postgresql96-docs-9.6.7-3.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libecpg6-9.6.7-3.13.1 libecpg6-debuginfo-9.6.7-3.13.1 libpq5-32bit-9.6.7-3.13.1 libpq5-9.6.7-3.13.1 libpq5-debuginfo-32bit-9.6.7-3.13.1 libpq5-debuginfo-9.6.7-3.13.1 postgresql96-9.6.7-3.13.1 postgresql96-debuginfo-9.6.7-3.13.1 postgresql96-debugsource-9.6.7-3.13.1 postgresql96-libs-debugsource-9.6.7-3.13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libecpg6-9.6.7-3.13.1 libecpg6-debuginfo-9.6.7-3.13.1 libpq5-32bit-9.6.7-3.13.1 libpq5-9.6.7-3.13.1 libpq5-debuginfo-32bit-9.6.7-3.13.1 libpq5-debuginfo-9.6.7-3.13.1 postgresql96-9.6.7-3.13.1 postgresql96-debuginfo-9.6.7-3.13.1 postgresql96-debugsource-9.6.7-3.13.1 postgresql96-libs-debugsource-9.6.7-3.13.1 References: https://www.suse.com/security/cve/CVE-2018-1053.html https://bugzilla.suse.com/1077983 From sle-updates at lists.suse.com Wed Feb 21 07:07:55 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 15:07:55 +0100 (CET) Subject: SUSE-RU-2018:0508-1: moderate: Recommended update for osc Message-ID: <20180221140755.E3CC0FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for osc ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0508-1 Rating: moderate References: #1079083 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for osc fixes the following issues: osc was updated to 0.162.1, fixing: - Send sha256 hashes for tracked files if the wc is pulled/linkrepair (bsc#1079083) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-335=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-335=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): osc-0.162.1-15.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): osc-0.162.1-15.6.1 References: https://bugzilla.suse.com/1079083 From sle-updates at lists.suse.com Wed Feb 21 10:15:08 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 18:15:08 +0100 (CET) Subject: SUSE-SU-2018:0509-1: moderate: Security update for drm Message-ID: <20180221171508.F1BFCFD2E@maintenance.suse.de> SUSE Security Update: Security update for drm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0509-1 Rating: moderate References: #1041744 #1046821 #1047277 #1047729 #1048155 #1050256 #1055493 #1066175 #1077885 Cross-References: CVE-2017-10810 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: This update for drm provides the following fixes: This security issue was fixed: - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277) These non-security issues were fixed: - Backport upstream 4.9.x stable fixes up to 4.9.81 (bsc#1041744). - Fixed crash at suspend/resume on old Intel chipsets (bsc#1047729, bsc#1050256) - Fixed large topology support for vmwgfx (bsc#1048155) - Workaround for BXT aperture vs GTT chip bug (bsc#1046821) - Limit the supplements for the default hardware support to only Intel Skylake / Kabylake and AMDGPU (bsc#1077885) 4.9.x i915 seems more buggy than expected for old chipsets. - Conditionally build aarch64 as well (bsc#1066175) - Build host1x module (taken from the kernel-source) as well for avoiding the unneeded dependency on kernel-default-extra on ARM64 (bsc#1066175) - Enable AMDGPU CIK and SI (bsc#1066175): - Add missing hisilicon hibmc driver (bsc#1066175): - Add si_support and cik_support options to radeon and amdgpu (bsc#1066175): - Update Module.supported and apply it properly; following SLE12-SP3 kernel status - Backport the upstream DP-MST fixes, addressing a hang at S3 resume (bsc#1055493): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-337=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-337=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): drm-kmp-default-4.9.33_k4.4.114_94.11-4.11.1 drm-kmp-default-debuginfo-4.9.33_k4.4.114_94.11-4.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): drm-kmp-default-4.9.33_k4.4.114_94.11-4.11.1 drm-kmp-default-debuginfo-4.9.33_k4.4.114_94.11-4.11.1 References: https://www.suse.com/security/cve/CVE-2017-10810.html https://bugzilla.suse.com/1041744 https://bugzilla.suse.com/1046821 https://bugzilla.suse.com/1047277 https://bugzilla.suse.com/1047729 https://bugzilla.suse.com/1048155 https://bugzilla.suse.com/1050256 https://bugzilla.suse.com/1055493 https://bugzilla.suse.com/1066175 https://bugzilla.suse.com/1077885 From sle-updates at lists.suse.com Wed Feb 21 10:18:42 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 18:18:42 +0100 (CET) Subject: SUSE-SU-2018:0510-1: moderate: Security update for libdb-4_8 Message-ID: <20180221171842.87541FD81@maintenance.suse.de> SUSE Security Update: Security update for libdb-4_8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0510-1 Rating: moderate References: #1043886 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libdb-4_8 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-336=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-336=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-336=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-336=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-336=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-336=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-336=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-336=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-336=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libdb-4_8-debuginfo-4.8.30-29.6 libdb-4_8-debugsource-4.8.30-29.6 libdb-4_8-devel-4.8.30-29.6 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libdb-4_8-debuginfo-4.8.30-29.6 libdb-4_8-debugsource-4.8.30-29.6 libdb-4_8-devel-4.8.30-29.6 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): db48-utils-4.8.30-29.6 libdb-4_8-4.8.30-29.6 libdb-4_8-debuginfo-4.8.30-29.6 libdb-4_8-debugsource-4.8.30-29.6 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): db48-utils-4.8.30-29.6 libdb-4_8-4.8.30-29.6 libdb-4_8-debuginfo-4.8.30-29.6 libdb-4_8-debugsource-4.8.30-29.6 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdb-4_8-32bit-4.8.30-29.6 libdb-4_8-debuginfo-32bit-4.8.30-29.6 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): db48-utils-4.8.30-29.6 libdb-4_8-4.8.30-29.6 libdb-4_8-debuginfo-4.8.30-29.6 libdb-4_8-debugsource-4.8.30-29.6 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libdb-4_8-32bit-4.8.30-29.6 libdb-4_8-debuginfo-32bit-4.8.30-29.6 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): db48-utils-4.8.30-29.6 libdb-4_8-32bit-4.8.30-29.6 libdb-4_8-4.8.30-29.6 libdb-4_8-debuginfo-32bit-4.8.30-29.6 libdb-4_8-debuginfo-4.8.30-29.6 libdb-4_8-debugsource-4.8.30-29.6 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): db48-utils-4.8.30-29.6 libdb-4_8-32bit-4.8.30-29.6 libdb-4_8-4.8.30-29.6 libdb-4_8-debuginfo-32bit-4.8.30-29.6 libdb-4_8-debuginfo-4.8.30-29.6 libdb-4_8-debugsource-4.8.30-29.6 - SUSE CaaS Platform ALL (x86_64): libdb-4_8-4.8.30-29.6 libdb-4_8-debuginfo-4.8.30-29.6 libdb-4_8-debugsource-4.8.30-29.6 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libdb-4_8-4.8.30-29.6 libdb-4_8-debuginfo-4.8.30-29.6 libdb-4_8-debugsource-4.8.30-29.6 References: https://bugzilla.suse.com/1043886 From sle-updates at lists.suse.com Wed Feb 21 13:12:45 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 21:12:45 +0100 (CET) Subject: SUSE-RU-2018:0511-1: Recommended update for cloud-init Message-ID: <20180221201245.70715FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0511-1 Rating: low References: #1035106 #1042913 #1047363 #1055649 #1063716 #1064594 #1064854 #1069471 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update provides cloud-init 17.1, which brings fixes and enhancements: - Fix sed expression to set the distribution name in spec file. (bsc#1063716) - Support user processes running in cloud-init-final to consume a large number of threads. (bsc#1047363) - Start after dbus.service, needed by hostnamectl. (bsc#1055649) - Adjust SUSE template. (bsc#1064594) - Don't ignore network settings from config-drive in external network. (bsc#1064854) - Fix cc_resizefs to not fail if the current root is a read-only btrfs subvolume. (bsc#1042913) For a comprehensive list of changes please refer to the package's change log. Additionally, cloud-init-config-caasp has been updated to stay compatible with the new version of cloud-init. - Enable growpart and resizefs modules by default. (bsc#1069471) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-341=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-341=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-341=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): cloud-init-17.1-37.9.6 cloud-init-config-suse-17.1-37.9.6 - SUSE CaaS Platform ALL (x86_64): cloud-init-17.1-37.9.6 - SUSE CaaS Platform ALL (noarch): cloud-init-config-caasp-1.0-3.4.1 python-jsonschema-2.4.0-5.2.4 - OpenStack Cloud Magnum Orchestration 7 (x86_64): cloud-init-17.1-37.9.6 cloud-init-config-suse-17.1-37.9.6 - OpenStack Cloud Magnum Orchestration 7 (noarch): python-jsonschema-2.4.0-5.2.4 References: https://bugzilla.suse.com/1035106 https://bugzilla.suse.com/1042913 https://bugzilla.suse.com/1047363 https://bugzilla.suse.com/1055649 https://bugzilla.suse.com/1063716 https://bugzilla.suse.com/1064594 https://bugzilla.suse.com/1064854 https://bugzilla.suse.com/1069471 From sle-updates at lists.suse.com Wed Feb 21 13:16:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 21:16:04 +0100 (CET) Subject: SUSE-RU-2018:0512-1: Recommended update for timezone, timezone-java Message-ID: <20180221201604.95765FD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone, timezone-java ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0512-1 Rating: low References: #1073275 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2018c) for your system, including following changes: - Sao Tome and Principe switched from +00 to +01 on 2018-01-01. - Southern Brazil's DST will now start on November's first Sunday. (bsc#1073275) - New zic option -t to specify the time zone file if TZ is unset. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-13480=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-13480=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-timezone-13480=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-timezone-13480=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-13480=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2018c-0.52.6.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2018c-0.52.6.2 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2018c-0.52.6.3 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): timezone-2018c-0.52.6.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): timezone-java-2018c-0.52.6.3 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): timezone-java-2018c-0.52.6.3 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): timezone-2018c-0.52.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2018c-0.52.6.2 timezone-debugsource-2018c-0.52.6.2 References: https://bugzilla.suse.com/1073275 From sle-updates at lists.suse.com Wed Feb 21 13:16:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 21:16:58 +0100 (CET) Subject: SUSE-RU-2018:0513-1: Recommended update for rabbitmq-server Message-ID: <20180221201658.69100FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0513-1 Rating: low References: #1075357 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server fixes the following issues: - Modified logrotate to use rabbitmqctl to force the creation of the log file after logrotation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-342=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2018-342=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): rabbitmq-server-3.4.4-5.6.1 rabbitmq-server-plugins-3.4.4-5.6.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): rabbitmq-server-3.4.4-5.6.1 References: https://bugzilla.suse.com/1075357 From sle-updates at lists.suse.com Wed Feb 21 13:17:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 21:17:43 +0100 (CET) Subject: SUSE-RU-2018:0514-1: Recommended update for Crowbar Message-ID: <20180221201743.3C2FEFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for Crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0514-1 Rating: low References: #1020922 #1066171 #1069792 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for Crowbar brings the latest version provided by the OpenStack project and fixes various issues. crowbar-core: - ohai: Use proper hex format for permanent MAC - provisioner: Use also permanent addresses for dhcp. - ohai: Collect permanent address of NICs. - network: Protect against all_children being empty. - network: Set max mtu of parent to max of children. - utils: Add systemd override LWRP. crowbar-openstack: - database, rabbitmq, apache, cinder: Add resource limits controls and options. (bsc#1020922) - neutron: Fix additional external nets on compute nodes. (bsc#1066171) rubygem-crowbar-client: - Display invalid nodes when editing proposal. - Escape reserved characters in credentials. - Fix for custom user and password for database subcommand. - Fix IP allocation subcommand. (bsc#1069792) rubygem-chef-server-api: - Changed systemd service KillMode to 'mixed'. This results in proper stopping of clustered chef-server where main process needs to be SIGTERMed and the workers SIGKILLed. For single-process scenarios this change is a no-op. - Fixed $OPTIONS expansion in systemd service file. If ${OPTIONS} is used, systemd expands it as one argument (including spaces), making it impossible to use more than one option. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-343=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-chef-server-api-10.32.2-6.3.1 ruby2.1-rubygem-crowbar-client-3.5.2-10.6.1 rubygem-chef-server-api-10.32.2-6.3.1 - SUSE OpenStack Cloud 6 (noarch): crowbar-core-3.0+git.1512474213.2abc97053-21.6.2 crowbar-core-branding-upstream-3.0+git.1512474213.2abc97053-21.6.2 crowbar-openstack-3.0+git.1511449175.d6d39cc7f-39.6.1 References: https://bugzilla.suse.com/1020922 https://bugzilla.suse.com/1066171 https://bugzilla.suse.com/1069792 From sle-updates at lists.suse.com Wed Feb 21 13:19:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 21:19:05 +0100 (CET) Subject: SUSE-RU-2018:0515-1: moderate: Recommended update for google-compute-engine Message-ID: <20180221201905.BA800FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0515-1 Rating: moderate References: #1079077 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-compute-engine fixes the following issues: - Improve rsyslog daemon reset when using the dhcp exit hook. - The OS Login feature is generally available. - Change the OS Login uid restriction to allow uid 1000. - Close socket connections after requesting metadata. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-google-compute-engine-13479=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): google-compute-engine-init-20180129-12.1 google-compute-engine-oslogin-20180129-12.1 References: https://bugzilla.suse.com/1079077 From sle-updates at lists.suse.com Wed Feb 21 13:19:46 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Feb 2018 21:19:46 +0100 (CET) Subject: SUSE-RU-2018:0516-1: moderate: Recommended update for google-compute-engine Message-ID: <20180221201946.33FAFFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0516-1 Rating: moderate References: #1078349 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-compute-engine fixes the following issues: - Improve rsyslog daemon reset when using the dhcp exit hook. - The OS Login feature is generally available. - Change the OS Login uid restriction to allow uid 1000. - Close socket connections after requesting metadata. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-339=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20180129-12.1 google-compute-engine-oslogin-debuginfo-20180129-12.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20180129-12.1 References: https://bugzilla.suse.com/1078349 From sle-updates at lists.suse.com Thu Feb 22 07:08:16 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Feb 2018 15:08:16 +0100 (CET) Subject: SUSE-SU-2018:0524-1: moderate: Security update for GraphicsMagick Message-ID: <20180222140816.2218AFD05@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0524-1 Rating: moderate References: #1042824 #1047900 #1049374 #1049375 #1050617 #1050669 #1052248 #1052251 #1052254 #1052472 #1052688 #1055069 #1055229 #1058009 #1072934 #1073081 #1074307 #1076182 #1078433 Cross-References: CVE-2017-11140 CVE-2017-11448 CVE-2017-11450 CVE-2017-11637 CVE-2017-11638 CVE-2017-11642 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12668 CVE-2017-13058 CVE-2017-13131 CVE-2017-14224 CVE-2017-17502 CVE-2017-17503 CVE-2017-17912 CVE-2017-18028 CVE-2017-9407 CVE-2018-6405 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2017-9407: The ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11140: coders/jpeg.c allowed remote attackers to cause a denial of service (application crash). [boo#1047900] - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed [boo#1049374] - CVE-2017-11637: A NULL pointer dereference in WritePCLImage() in coders/pcl.c was fixed which could lead to a crash (bsc#1050669) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-12432: A memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-12668: A memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-13058: A memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. [boo#1058009] - CVE-2017-17502: ReadCMYKImage in ImportCMYKQuantumType had a heap-based buffer over-read via a crafted file. [boo#1073081] - CVE-2017-17912: A heap-based buffer over-read in ReadNewsProfile in coders/tiff.c was fixed. [boo#1074307] - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. [boo#1076182] - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) - CVE-2017-17503: A heap-based buffer overflow in the ReadGRAYImage was fixed (bsc#1072934) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13481=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13481=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13481=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.78.38.1 libGraphicsMagick2-1.2.5-4.78.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.78.38.1 libGraphicsMagick2-1.2.5-4.78.38.1 perl-GraphicsMagick-1.2.5-4.78.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.78.38.1 GraphicsMagick-debugsource-1.2.5-4.78.38.1 References: https://www.suse.com/security/cve/CVE-2017-11140.html https://www.suse.com/security/cve/CVE-2017-11448.html https://www.suse.com/security/cve/CVE-2017-11450.html https://www.suse.com/security/cve/CVE-2017-11637.html https://www.suse.com/security/cve/CVE-2017-11638.html https://www.suse.com/security/cve/CVE-2017-11642.html https://www.suse.com/security/cve/CVE-2017-12427.html https://www.suse.com/security/cve/CVE-2017-12429.html https://www.suse.com/security/cve/CVE-2017-12432.html https://www.suse.com/security/cve/CVE-2017-12566.html https://www.suse.com/security/cve/CVE-2017-12668.html https://www.suse.com/security/cve/CVE-2017-13058.html https://www.suse.com/security/cve/CVE-2017-13131.html https://www.suse.com/security/cve/CVE-2017-14224.html https://www.suse.com/security/cve/CVE-2017-17502.html https://www.suse.com/security/cve/CVE-2017-17503.html https://www.suse.com/security/cve/CVE-2017-17912.html https://www.suse.com/security/cve/CVE-2017-18028.html https://www.suse.com/security/cve/CVE-2017-9407.html https://www.suse.com/security/cve/CVE-2018-6405.html https://bugzilla.suse.com/1042824 https://bugzilla.suse.com/1047900 https://bugzilla.suse.com/1049374 https://bugzilla.suse.com/1049375 https://bugzilla.suse.com/1050617 https://bugzilla.suse.com/1050669 https://bugzilla.suse.com/1052248 https://bugzilla.suse.com/1052251 https://bugzilla.suse.com/1052254 https://bugzilla.suse.com/1052472 https://bugzilla.suse.com/1052688 https://bugzilla.suse.com/1055069 https://bugzilla.suse.com/1055229 https://bugzilla.suse.com/1058009 https://bugzilla.suse.com/1072934 https://bugzilla.suse.com/1073081 https://bugzilla.suse.com/1074307 https://bugzilla.suse.com/1076182 https://bugzilla.suse.com/1078433 From sle-updates at lists.suse.com Thu Feb 22 13:07:20 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Feb 2018 21:07:20 +0100 (CET) Subject: SUSE-SU-2018:0525-1: important: Security update for the Linux Kernel Message-ID: <20180222200720.DEA5FFCC0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0525-1 Rating: important References: #1012382 #1047118 #1047626 #1068032 #1070623 #1073246 #1073311 #1073792 #1073874 #1074709 #1075091 #1075411 #1075908 #1075994 #1076017 #1076110 #1076154 #1076278 #1077182 #1077355 #1077560 #1077922 #1081317 #893777 #893949 #902893 #951638 Cross-References: CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 19 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355). - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311). - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908). - CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017). - CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed: - NFS: only invalidate dentrys that are clearly invalid (bsc#1047118). - bcache.txt: standardize document format (bsc#1076110). - bcache: Abstract out stuff needed for sorting (bsc#1076110). - bcache: Add a cond_resched() call to gc (bsc#1076110). - bcache: Add a real GC_MARK_RECLAIMABLE (bsc#1076110). - bcache: Add bch_bkey_equal_header() (bsc#1076110). - bcache: Add bch_btree_keys_u64s_remaining() (bsc#1076110). - bcache: Add bch_keylist_init_single() (bsc#1047626). - bcache: Add btree_insert_node() (bnc#951638). - bcache: Add btree_map() functions (bsc#1047626). - bcache: Add btree_node_write_sync() (bsc#1076110). - bcache: Add explicit keylist arg to btree_insert() (bnc#951638). - bcache: Add make_btree_freeing_key() (bsc#1076110). - bcache: Add on error panic/unregister setting (bsc#1047626). - bcache: Add struct bset_sort_state (bsc#1076110). - bcache: Add struct btree_keys (bsc#1076110). - bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110). - bcache: Avoid deadlocking in garbage collection (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: Better alloc tracepoints (bsc#1076110). - bcache: Better full stripe scanning (bsc#1076110). - bcache: Bkey indexing renaming (bsc#1076110). - bcache: Break up struct search (bsc#1076110). - bcache: Btree verify code improvements (bsc#1076110). - bcache: Bypass torture test (bsc#1076110). - bcache: Change refill_dirty() to always scan entire disk if necessary (bsc#1076110). - bcache: Clean up cache_lookup_fn (bsc#1076110). - bcache: Clean up keylist code (bnc#951638). - bcache: Convert bch_btree_insert() to bch_btree_map_leaf_nodes() (bsc#1076110). - bcache: Convert bch_btree_read_async() to bch_btree_map_keys() (bsc#1076110). - bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638). - bcache: Convert btree_iter to struct btree_keys (bsc#1076110). - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638). - bcache: Convert debug code to btree_keys (bsc#1076110). - bcache: Convert gc to a kthread (bsc#1047626). - bcache: Convert sorting to btree_keys (bsc#1076110). - bcache: Convert try_wait to wait_queue_head_t (bnc#951638). - bcache: Convert writeback to a kthread (bsc#1076110). - bcache: Correct return value for sysfs attach errors (bsc#1076110). - bcache: Debug code improvements (bsc#1076110). - bcache: Delete some slower inline asm (bsc#1047626). - bcache: Do bkey_put() in btree_split() error path (bsc#1076110). - bcache: Do not bother with bucket refcount for btree node allocations (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: Do not return -EINTR when insert finished (bsc#1076110). - bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110). - bcache: Do not use op->insert_collision (bsc#1076110). - bcache: Drop some closure stuff (bsc#1076110). - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626). - bcache: Explicitly track btree node's parent (bnc#951638). - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626). - bcache: Fix a bug when detaching (bsc#951638). - bcache: Fix a journal replay bug (bsc#1076110). - bcache: Fix a journalling performance bug (bnc#893777). - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626). - bcache: Fix a lockdep splat (bnc#893777). - bcache: Fix a lockdep splat in an error path (bnc#951638). - bcache: Fix a null ptr deref in journal replay (bsc#1047626). - bcache: Fix a race when freeing btree nodes (bsc#1076110). - bcache: Fix a shutdown bug (bsc#951638). - bcache: Fix an infinite loop in journal replay (bsc#1047626). - bcache: Fix another bug recovering from unclean shutdown (bsc#1076110). - bcache: Fix another compiler warning on m68k (bsc#1076110). - bcache: Fix auxiliary search trees for key size greater than cacheline size (bsc#1076110). - bcache: Fix bch_ptr_bad() (bsc#1047626). - bcache: Fix building error on MIPS (bsc#1076110). - bcache: Fix dirty_data accounting (bsc#1076110). - bcache: Fix discard granularity (bsc#1047626). - bcache: Fix flash_dev_cache_miss() for real this time (bsc#1076110). - bcache: Fix for can_attach_cache() (bsc#1047626). - bcache: Fix heap_peek() macro (bsc#1047626). - bcache: Fix leak of bdev reference (bsc#1076110). - bcache: Fix more early shutdown bugs (bsc#951638). - bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110). - bcache: Fix moving_pred() (bsc#1047626). - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - bcache: Fix to remove the rcu_sched stalls (bsc#1047626). - bcache: Have btree_split() insert into parent directly (bsc#1076110). - bcache: Improve bucket_prio() calculation (bsc#1047626). - bcache: Improve priority_stats (bsc#1047626). - bcache: Incremental gc (bsc#1076110). - bcache: Insert multiple keys at a time (bnc#951638). - bcache: Kill bch_next_recurse_key() (bsc#1076110). - bcache: Kill btree_io_wq (bsc#1076110). - bcache: Kill bucket->gc_gen (bsc#1076110). - bcache: Kill dead cgroup code (bsc#1076110). - bcache: Kill op->cl (bsc#1076110). - bcache: Kill op->replace (bsc#1076110). - bcache: Kill sequential_merge option (bsc#1076110). - bcache: Kill unaligned bvec hack (bsc#1076110). - bcache: Kill unused freelist (bsc#1076110). - bcache: Make bch_keylist_realloc() take u64s, not nptrs (bsc#1076110). - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1076110). - bcache: Minor btree cache fix (bsc#1047626). - bcache: Minor fixes from kbuild robot (bsc#1076110). - bcache: Move insert_fixup() to btree_keys_ops (bsc#1076110). - bcache: Move keylist out of btree_op (bsc#1047626). - bcache: Move sector allocator to alloc.c (bsc#1076110). - bcache: Move some stuff to btree.c (bsc#1076110). - bcache: Move spinlock into struct time_stats (bsc#1076110). - bcache: New writeback PD controller (bsc#1047626). - bcache: PRECEDING_KEY() (bsc#1047626). - bcache: Performance fix for when journal entry is full (bsc#1047626). - bcache: Prune struct btree_op (bsc#1076110). - bcache: Pull on disk data structures out into a separate header (bsc#1076110). - bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power of two (bsc#1076110). - bcache: Really show state of work pending bit (bsc#1076110). - bcache: Refactor bset_tree sysfs stats (bsc#1076110). - bcache: Refactor journalling flow control (bnc#951638). - bcache: Refactor read request code a bit (bsc#1076110). - bcache: Refactor request_write() (bnc#951638). - bcache: Remove deprecated create_workqueue (bsc#1076110). - bcache: Remove redundant block_size assignment (bsc#1047626). - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: Remove unnecessary check in should_split() (bsc#1076110). - bcache: Remove/fix some header dependencies (bsc#1047626). - bcache: Rename/shuffle various code around (bsc#1076110). - bcache: Rework allocator reserves (bsc#1076110). - bcache: Rework btree cache reserve handling (bsc#1076110). - bcache: Split out sort_extent_cmp() (bsc#1076110). - bcache: Stripe size isn't necessarily a power of two (bnc#893949). - bcache: Trivial error handling fix (bsc#1047626). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: Use a mempool for mergesort temporary space (bsc#1076110). - bcache: Use blkdev_issue_discard() (bnc#951638). - bcache: Use ida for bcache block dev minor (bsc#1047626). - bcache: Use uninterruptible sleep in writeback (bsc#1076110). - bcache: Zero less memory (bsc#1076110). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: add mutex lock for bch_is_open (bnc#902893). - bcache: allows use of register in udev to avoid "device_busy" error (bsc#1047626). - bcache: bcache_write tracepoint was crashing (bsc#1076110). - bcache: bch_(btree|extent)_ptr_invalid() (bsc#1076110). - bcache: bch_allocator_thread() is not freezable (bsc#1047626). - bcache: bch_gc_thread() is not freezable (bsc#1047626). - bcache: bch_writeback_thread() is not freezable (bsc#1076110). - bcache: btree locking rework (bsc#1076110). - bcache: bugfix - gc thread now gets woken when cache is full (bsc#1047626). - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626). - bcache: bugfix for race between moving_gc and bucket_invalidate (bsc#1076110). - bcache: check ca->alloc_thread initialized before wake up it (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: cleaned up error handling around register_cache() (bsc#1047626). - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device (bsc#1047626). - bcache: correct cache_dirty_target in __update_writeback_rate() (bsc#1076110). - bcache: defensively handle format strings (bsc#1047626). - bcache: do not embed 'return' statements in closure macros (bsc#1076110). - bcache: do not subtract sectors_to_gc for bypassed IO (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bsc#1076110). - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED (bsc#1047626). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: fix a livelock when we cause a huge number of cache misses (bsc#1047626). - bcache: fix bch_hprint crash and improve output (bsc#1076110). - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint (bsc#1047626). - bcache: fix crash on shutdown in passthrough mode (bsc#1076110). - bcache: fix for gc and write-back race (bsc#1076110). - bcache: fix for gc and writeback race (bsc#1047626). - bcache: fix for gc crashing when no sectors are used (bsc#1047626). - bcache: fix race of writeback thread starting before complete initialization (bsc#1076110). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix sparse non static symbol warning (bsc#1076110). - bcache: fix typo in bch_bkey_equal_header (bsc#1076110). - bcache: fix uninterruptible sleep in writeback thread (bsc#1076110). - bcache: fix use-after-free in btree_gc_coalesce() (bsc#1076110). - bcache: fix wrong cache_misses statistics (bsc#1076110). - bcache: gc does not work when triggering by manual command (bsc#1076110). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: initialize dirty stripes in flash_dev_run() (bsc#1076110). - bcache: kill closure locking code (bsc#1076110). - bcache: kill closure locking usage (bnc#951638). - bcache: kill index() (bsc#1047626). - bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bsc#1076110). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110). - bcache: pr_err: more meaningful error message when nr_stripes is invalid (bsc#1076110). - bcache: prevent crash on changing writeback_running (bsc#1076110). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bsc#1076110). - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails (bsc#1047626). - bcache: remove nested function usage (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626). - bcache: try to set b->parent properly (bsc#1076110). - bcache: update bch_bkey_try_merge (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: update document info (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use kvfree() in various places (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: wait for buckets when allocating new btree root (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - block: bump BLK_DEF_MAX_SECTORS to 2560 (bsc#1073246) - fork: clear thread stack upon allocation (bsc#1077560). - gcov: disable for COMPILE_TEST (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278). - md: more open-coded offset_in_page() (bsc#1076110). - nfsd: do not share group_info among threads (bsc at 1070623). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1077182). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1077182). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1077182). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1077182). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1077182). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1077182). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1077182). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1077182). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1077182). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1077182). - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1077182). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags > wrapper (bsc#1068032, bsc#1077182). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1077182). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1077182). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1077182). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1077182). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1077182). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1077182). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075411). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-348=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-348=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-348=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-348=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.82.1 kernel-default-base-3.12.74-60.64.82.1 kernel-default-base-debuginfo-3.12.74-60.64.82.1 kernel-default-debuginfo-3.12.74-60.64.82.1 kernel-default-debugsource-3.12.74-60.64.82.1 kernel-default-devel-3.12.74-60.64.82.1 kernel-syms-3.12.74-60.64.82.1 kernel-xen-3.12.74-60.64.82.1 kernel-xen-base-3.12.74-60.64.82.1 kernel-xen-base-debuginfo-3.12.74-60.64.82.1 kernel-xen-debuginfo-3.12.74-60.64.82.1 kernel-xen-debugsource-3.12.74-60.64.82.1 kernel-xen-devel-3.12.74-60.64.82.1 kgraft-patch-3_12_74-60_64_82-default-1-2.9.1 kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1 - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.82.1 kernel-macros-3.12.74-60.64.82.1 kernel-source-3.12.74-60.64.82.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.82.1 kernel-default-base-3.12.74-60.64.82.1 kernel-default-base-debuginfo-3.12.74-60.64.82.1 kernel-default-debuginfo-3.12.74-60.64.82.1 kernel-default-debugsource-3.12.74-60.64.82.1 kernel-default-devel-3.12.74-60.64.82.1 kernel-syms-3.12.74-60.64.82.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.82.1 kernel-macros-3.12.74-60.64.82.1 kernel-source-3.12.74-60.64.82.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.82.1 kernel-xen-base-3.12.74-60.64.82.1 kernel-xen-base-debuginfo-3.12.74-60.64.82.1 kernel-xen-debuginfo-3.12.74-60.64.82.1 kernel-xen-debugsource-3.12.74-60.64.82.1 kernel-xen-devel-3.12.74-60.64.82.1 kgraft-patch-3_12_74-60_64_82-default-1-2.9.1 kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.82.1 kernel-default-base-3.12.74-60.64.82.1 kernel-default-base-debuginfo-3.12.74-60.64.82.1 kernel-default-debuginfo-3.12.74-60.64.82.1 kernel-default-debugsource-3.12.74-60.64.82.1 kernel-default-devel-3.12.74-60.64.82.1 kernel-syms-3.12.74-60.64.82.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.82.1 kernel-xen-base-3.12.74-60.64.82.1 kernel-xen-base-debuginfo-3.12.74-60.64.82.1 kernel-xen-debuginfo-3.12.74-60.64.82.1 kernel-xen-debugsource-3.12.74-60.64.82.1 kernel-xen-devel-3.12.74-60.64.82.1 kgraft-patch-3_12_74-60_64_82-default-1-2.9.1 kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.82.1 kernel-macros-3.12.74-60.64.82.1 kernel-source-3.12.74-60.64.82.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.82.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.82.1 kernel-ec2-debuginfo-3.12.74-60.64.82.1 kernel-ec2-debugsource-3.12.74-60.64.82.1 kernel-ec2-devel-3.12.74-60.64.82.1 kernel-ec2-extra-3.12.74-60.64.82.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.82.1 References: https://www.suse.com/security/cve/CVE-2015-1142857.html https://www.suse.com/security/cve/CVE-2017-13215.html https://www.suse.com/security/cve/CVE-2017-17741.html https://www.suse.com/security/cve/CVE-2017-17805.html https://www.suse.com/security/cve/CVE-2017-17806.html https://www.suse.com/security/cve/CVE-2017-18079.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1047118 https://bugzilla.suse.com/1047626 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1070623 https://bugzilla.suse.com/1073246 https://bugzilla.suse.com/1073311 https://bugzilla.suse.com/1073792 https://bugzilla.suse.com/1073874 https://bugzilla.suse.com/1074709 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075411 https://bugzilla.suse.com/1075908 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1076110 https://bugzilla.suse.com/1076154 https://bugzilla.suse.com/1076278 https://bugzilla.suse.com/1077182 https://bugzilla.suse.com/1077355 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1077922 https://bugzilla.suse.com/1081317 https://bugzilla.suse.com/893777 https://bugzilla.suse.com/893949 https://bugzilla.suse.com/902893 https://bugzilla.suse.com/951638 From sle-updates at lists.suse.com Thu Feb 22 13:12:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Feb 2018 21:12:52 +0100 (CET) Subject: SUSE-RU-2018:0526-1: Recommended update for kubernetes, dex, velum and docker Message-ID: <20180222201252.D5458FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes, dex, velum and docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0526-1 Rating: low References: #1043813 #1057277 #1065972 #1069258 #1071500 #1075001 #1079460 #1081520 Affected Products: SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This updates kubernetes to version 1.8.7. For all changes since the previous release please check the package changelog. With this also dex has been updated to version 2.7.1. Additionally some bugs have been fixed: docker: - Trim trailing slashes of registry and mirror URLs (bnc#1081520) velum: - The alert notifying the user that the bootstrap has failed was overriding the type of any previous alert that were on the page. This was causing some confusing to some users (bsc#1069258) - AutoYaST: disable creation of swap (bsc#1043813, bsc#1075001) - Reuse filter logic for known hosts (bsc#1071500) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-347=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE CaaS Platform ALL (noarch): kubernetes-salt-2.0.0+git_r492_eff6831-23.22.2 - SUSE CaaS Platform ALL (x86_64): docker-1.12.6-11.9.1 docker-debuginfo-1.12.6-11.9.1 docker-debugsource-1.12.6-11.9.1 kubernetes-client-1.8.7-11.3.3 kubernetes-common-1.8.7-11.3.3 kubernetes-kubelet-1.8.7-11.3.3 kubernetes-master-1.8.7-11.3.3 kubernetes-node-1.8.7-11.3.3 sles12-caasp-dex-image-2.0.0-3.6.5 sles12-velum-image-2.0.1-2.5.1 References: https://bugzilla.suse.com/1043813 https://bugzilla.suse.com/1057277 https://bugzilla.suse.com/1065972 https://bugzilla.suse.com/1069258 https://bugzilla.suse.com/1071500 https://bugzilla.suse.com/1075001 https://bugzilla.suse.com/1079460 https://bugzilla.suse.com/1081520 From sle-updates at lists.suse.com Fri Feb 23 07:07:30 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Feb 2018 15:07:30 +0100 (CET) Subject: SUSE-SU-2018:0530-1: important: Security update for php5 Message-ID: <20180223140730.6D00BFCC0@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0530-1 Rating: important References: #1080234 Cross-References: CVE-2016-10712 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issues: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled (e.g., during file uploads). (bsc#1080234) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-349=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-349=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-349=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.20.1 php5-debugsource-5.5.14-109.20.1 php5-devel-5.5.14-109.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.20.1 php5-debugsource-5.5.14-109.20.1 php5-devel-5.5.14-109.20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.20.1 apache2-mod_php5-debuginfo-5.5.14-109.20.1 php5-5.5.14-109.20.1 php5-bcmath-5.5.14-109.20.1 php5-bcmath-debuginfo-5.5.14-109.20.1 php5-bz2-5.5.14-109.20.1 php5-bz2-debuginfo-5.5.14-109.20.1 php5-calendar-5.5.14-109.20.1 php5-calendar-debuginfo-5.5.14-109.20.1 php5-ctype-5.5.14-109.20.1 php5-ctype-debuginfo-5.5.14-109.20.1 php5-curl-5.5.14-109.20.1 php5-curl-debuginfo-5.5.14-109.20.1 php5-dba-5.5.14-109.20.1 php5-dba-debuginfo-5.5.14-109.20.1 php5-debuginfo-5.5.14-109.20.1 php5-debugsource-5.5.14-109.20.1 php5-dom-5.5.14-109.20.1 php5-dom-debuginfo-5.5.14-109.20.1 php5-enchant-5.5.14-109.20.1 php5-enchant-debuginfo-5.5.14-109.20.1 php5-exif-5.5.14-109.20.1 php5-exif-debuginfo-5.5.14-109.20.1 php5-fastcgi-5.5.14-109.20.1 php5-fastcgi-debuginfo-5.5.14-109.20.1 php5-fileinfo-5.5.14-109.20.1 php5-fileinfo-debuginfo-5.5.14-109.20.1 php5-fpm-5.5.14-109.20.1 php5-fpm-debuginfo-5.5.14-109.20.1 php5-ftp-5.5.14-109.20.1 php5-ftp-debuginfo-5.5.14-109.20.1 php5-gd-5.5.14-109.20.1 php5-gd-debuginfo-5.5.14-109.20.1 php5-gettext-5.5.14-109.20.1 php5-gettext-debuginfo-5.5.14-109.20.1 php5-gmp-5.5.14-109.20.1 php5-gmp-debuginfo-5.5.14-109.20.1 php5-iconv-5.5.14-109.20.1 php5-iconv-debuginfo-5.5.14-109.20.1 php5-imap-5.5.14-109.20.1 php5-imap-debuginfo-5.5.14-109.20.1 php5-intl-5.5.14-109.20.1 php5-intl-debuginfo-5.5.14-109.20.1 php5-json-5.5.14-109.20.1 php5-json-debuginfo-5.5.14-109.20.1 php5-ldap-5.5.14-109.20.1 php5-ldap-debuginfo-5.5.14-109.20.1 php5-mbstring-5.5.14-109.20.1 php5-mbstring-debuginfo-5.5.14-109.20.1 php5-mcrypt-5.5.14-109.20.1 php5-mcrypt-debuginfo-5.5.14-109.20.1 php5-mysql-5.5.14-109.20.1 php5-mysql-debuginfo-5.5.14-109.20.1 php5-odbc-5.5.14-109.20.1 php5-odbc-debuginfo-5.5.14-109.20.1 php5-opcache-5.5.14-109.20.1 php5-opcache-debuginfo-5.5.14-109.20.1 php5-openssl-5.5.14-109.20.1 php5-openssl-debuginfo-5.5.14-109.20.1 php5-pcntl-5.5.14-109.20.1 php5-pcntl-debuginfo-5.5.14-109.20.1 php5-pdo-5.5.14-109.20.1 php5-pdo-debuginfo-5.5.14-109.20.1 php5-pgsql-5.5.14-109.20.1 php5-pgsql-debuginfo-5.5.14-109.20.1 php5-phar-5.5.14-109.20.1 php5-phar-debuginfo-5.5.14-109.20.1 php5-posix-5.5.14-109.20.1 php5-posix-debuginfo-5.5.14-109.20.1 php5-pspell-5.5.14-109.20.1 php5-pspell-debuginfo-5.5.14-109.20.1 php5-shmop-5.5.14-109.20.1 php5-shmop-debuginfo-5.5.14-109.20.1 php5-snmp-5.5.14-109.20.1 php5-snmp-debuginfo-5.5.14-109.20.1 php5-soap-5.5.14-109.20.1 php5-soap-debuginfo-5.5.14-109.20.1 php5-sockets-5.5.14-109.20.1 php5-sockets-debuginfo-5.5.14-109.20.1 php5-sqlite-5.5.14-109.20.1 php5-sqlite-debuginfo-5.5.14-109.20.1 php5-suhosin-5.5.14-109.20.1 php5-suhosin-debuginfo-5.5.14-109.20.1 php5-sysvmsg-5.5.14-109.20.1 php5-sysvmsg-debuginfo-5.5.14-109.20.1 php5-sysvsem-5.5.14-109.20.1 php5-sysvsem-debuginfo-5.5.14-109.20.1 php5-sysvshm-5.5.14-109.20.1 php5-sysvshm-debuginfo-5.5.14-109.20.1 php5-tokenizer-5.5.14-109.20.1 php5-tokenizer-debuginfo-5.5.14-109.20.1 php5-wddx-5.5.14-109.20.1 php5-wddx-debuginfo-5.5.14-109.20.1 php5-xmlreader-5.5.14-109.20.1 php5-xmlreader-debuginfo-5.5.14-109.20.1 php5-xmlrpc-5.5.14-109.20.1 php5-xmlrpc-debuginfo-5.5.14-109.20.1 php5-xmlwriter-5.5.14-109.20.1 php5-xmlwriter-debuginfo-5.5.14-109.20.1 php5-xsl-5.5.14-109.20.1 php5-xsl-debuginfo-5.5.14-109.20.1 php5-zip-5.5.14-109.20.1 php5-zip-debuginfo-5.5.14-109.20.1 php5-zlib-5.5.14-109.20.1 php5-zlib-debuginfo-5.5.14-109.20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.20.1 References: https://www.suse.com/security/cve/CVE-2016-10712.html https://bugzilla.suse.com/1080234 From sle-updates at lists.suse.com Fri Feb 23 13:07:29 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Feb 2018 21:07:29 +0100 (CET) Subject: SUSE-RU-2018:0531-1: Recommended update for grub2 Message-ID: <20180223200729.5E441FD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0531-1 Rating: low References: #1054453 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 provides the following fixes: - Use /boot//loader/linux instead of /contents file to determine if the installation media is a SUSE distribution. (bsc#1054453) - Use the pvops-enabled default kernel if the traditional xen pv kernel and initrd are not found. (bsc#1054453) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-grub2-13484=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-grub2-13484=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (x86_64): grub2-x86_64-efi-2.00-0.66.3.6 grub2-x86_64-xen-2.00-0.66.3.6 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): grub2-debuginfo-2.00-0.66.3.6 grub2-debugsource-2.00-0.66.3.6 References: https://bugzilla.suse.com/1054453 From sle-updates at lists.suse.com Fri Feb 23 16:07:33 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 24 Feb 2018 00:07:33 +0100 (CET) Subject: SUSE-SU-2018:0532-1: moderate: Security update for dhcp Message-ID: <20180223230733.94C80FCC0@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0532-1 Rating: moderate References: #1023415 #1059061 #1073935 #1076119 #987170 Cross-References: CVE-2017-3144 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119). These non-security issues were fixed: - Optimized if and when DNS client context and ports are initted (bsc#1073935) - Relax permission of dhclient-script for libguestfs (bsc#987170) - Modify dhclient-script to handle static route updates (bsc#1023415). - Use only the 12 least significant bits of an inbound packet's TCI value as the VLAN ID to fix some packages being wrongly discarded by the Linux packet filter. (bsc#1059061) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-351=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-351=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-351=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-351=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-351=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-351=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-351=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.3-10.11.1 dhcp-debugsource-4.3.3-10.11.1 dhcp-devel-4.3.3-10.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): dhcp-debuginfo-4.3.3-10.11.1 dhcp-debugsource-4.3.3-10.11.1 dhcp-devel-4.3.3-10.11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dhcp-4.3.3-10.11.1 dhcp-client-4.3.3-10.11.1 dhcp-client-debuginfo-4.3.3-10.11.1 dhcp-debuginfo-4.3.3-10.11.1 dhcp-debugsource-4.3.3-10.11.1 dhcp-relay-4.3.3-10.11.1 dhcp-relay-debuginfo-4.3.3-10.11.1 dhcp-server-4.3.3-10.11.1 dhcp-server-debuginfo-4.3.3-10.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dhcp-4.3.3-10.11.1 dhcp-client-4.3.3-10.11.1 dhcp-client-debuginfo-4.3.3-10.11.1 dhcp-debuginfo-4.3.3-10.11.1 dhcp-debugsource-4.3.3-10.11.1 dhcp-relay-4.3.3-10.11.1 dhcp-relay-debuginfo-4.3.3-10.11.1 dhcp-server-4.3.3-10.11.1 dhcp-server-debuginfo-4.3.3-10.11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): dhcp-4.3.3-10.11.1 dhcp-client-4.3.3-10.11.1 dhcp-client-debuginfo-4.3.3-10.11.1 dhcp-debuginfo-4.3.3-10.11.1 dhcp-debugsource-4.3.3-10.11.1 dhcp-relay-4.3.3-10.11.1 dhcp-relay-debuginfo-4.3.3-10.11.1 dhcp-server-4.3.3-10.11.1 dhcp-server-debuginfo-4.3.3-10.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): dhcp-4.3.3-10.11.1 dhcp-client-4.3.3-10.11.1 dhcp-client-debuginfo-4.3.3-10.11.1 dhcp-debuginfo-4.3.3-10.11.1 dhcp-debugsource-4.3.3-10.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dhcp-4.3.3-10.11.1 dhcp-client-4.3.3-10.11.1 dhcp-client-debuginfo-4.3.3-10.11.1 dhcp-debuginfo-4.3.3-10.11.1 dhcp-debugsource-4.3.3-10.11.1 References: https://www.suse.com/security/cve/CVE-2017-3144.html https://bugzilla.suse.com/1023415 https://bugzilla.suse.com/1059061 https://bugzilla.suse.com/1073935 https://bugzilla.suse.com/1076119 https://bugzilla.suse.com/987170 From sle-updates at lists.suse.com Fri Feb 23 19:07:25 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 24 Feb 2018 03:07:25 +0100 (CET) Subject: SUSE-RU-2018:0533-1: important: Recommended update for caasp-container-manifests Message-ID: <20180224020725.3ED61FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for caasp-container-manifests ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0533-1 Rating: important References: #1075001 Affected Products: SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for caasp-container-manifests fixes the following issues: - Do not use FileOrCreate resource type. The init container for the secrets will create this file. Move init containers from annotations to their own section. Also, make indentation style unique throughout the manifests. - Disable swap (bsc#1075001) This update is required for running kubernetes >= 1.8. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-352=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE CaaS Platform ALL (noarch): caasp-container-manifests-2.0.0+git_r204_d06e3f6-18.3.1 References: https://bugzilla.suse.com/1075001 From sle-updates at lists.suse.com Mon Feb 26 10:08:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Feb 2018 18:08:07 +0100 (CET) Subject: SUSE-RU-2018:0545-1: important: Recommended update for the Linux Kernel Message-ID: <20180226170807.80C53FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0545-1 Rating: important References: #1081436 #1081437 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to fix a regression in the microcode loader that could lead to system crashes. [bsc#1081436, bsc#1081437] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-354=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-354=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-354=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-354=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-354=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-354=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-354=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.114-94.14.1 kernel-default-debugsource-4.4.114-94.14.1 kernel-default-extra-4.4.114-94.14.1 kernel-default-extra-debuginfo-4.4.114-94.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.114-94.14.1 kernel-obs-build-debugsource-4.4.114-94.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.114-94.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.114-94.14.1 kernel-default-base-4.4.114-94.14.1 kernel-default-base-debuginfo-4.4.114-94.14.1 kernel-default-debuginfo-4.4.114-94.14.1 kernel-default-debugsource-4.4.114-94.14.1 kernel-default-devel-4.4.114-94.14.1 kernel-syms-4.4.114-94.14.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.114-94.14.1 kernel-macros-4.4.114-94.14.1 kernel-source-4.4.114-94.14.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.114-94.14.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_114-94_14-default-1-4.3.1 kgraft-patch-4_4_114-94_14-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.114-94.14.1 cluster-md-kmp-default-debuginfo-4.4.114-94.14.1 dlm-kmp-default-4.4.114-94.14.1 dlm-kmp-default-debuginfo-4.4.114-94.14.1 gfs2-kmp-default-4.4.114-94.14.1 gfs2-kmp-default-debuginfo-4.4.114-94.14.1 kernel-default-debuginfo-4.4.114-94.14.1 kernel-default-debugsource-4.4.114-94.14.1 ocfs2-kmp-default-4.4.114-94.14.1 ocfs2-kmp-default-debuginfo-4.4.114-94.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.114-94.14.1 kernel-macros-4.4.114-94.14.1 kernel-source-4.4.114-94.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.114-94.14.1 kernel-default-debuginfo-4.4.114-94.14.1 kernel-default-debugsource-4.4.114-94.14.1 kernel-default-devel-4.4.114-94.14.1 kernel-default-extra-4.4.114-94.14.1 kernel-default-extra-debuginfo-4.4.114-94.14.1 kernel-syms-4.4.114-94.14.1 - SUSE CaaS Platform ALL (x86_64): kernel-default-4.4.114-94.14.1 kernel-default-debuginfo-4.4.114-94.14.1 kernel-default-debugsource-4.4.114-94.14.1 References: https://bugzilla.suse.com/1081436 https://bugzilla.suse.com/1081437 From sle-updates at lists.suse.com Mon Feb 26 13:07:40 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Feb 2018 21:07:40 +0100 (CET) Subject: SUSE-SU-2018:0546-1: moderate: Security update for systemd Message-ID: <20180226200740.8AE32FD06@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0546-1 Rating: moderate References: #1057974 #1068588 #1071224 #1071311 #1075801 #1077925 Cross-References: CVE-2017-18078 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. This could be used by local attackers to gain privileges (bsc#1077925) Non Security issues fixed: - core: use id unit when retrieving unit file state (#8038) (bsc#1075801) - cryptsetup-generator: run cryptsetup service before swap unit (#5480) - udev-rules: all values can contain escaped double quotes now (#6890) - strv: fix buffer size calculation in strv_join_quoted() - tmpfiles: change ownership of symlinks too - stdio-bridge: Correctly propagate error - stdio-bridge: remove dead code - remove bus-proxyd (bsc#1057974) - core/timer: Prevent timer looping when unit cannot start (bsc#1068588) - Make systemd-timesyncd use the openSUSE NTP servers by default Previously systemd-timesyncd used the Google Public NTP servers time{1..4}.google.com - Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224) But we still ship a copy in /var. Users who want to use tmpfs on /tmp are supposed to add a symlink in /etc/ pointing to the copy shipped in /var. To support the update path we automatically create the symlink if tmp.mount in use is located in /usr. - Enable systemd-networkd on Leap distros only (bsc#1071311) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-355=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-355=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-355=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-355=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-355=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-355=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-355=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-355=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-355=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.32.1 systemd-debuginfo-228-150.32.1 systemd-debugsource-228-150.32.1 systemd-devel-228-150.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.32.1 systemd-debuginfo-228-150.32.1 systemd-debugsource-228-150.32.1 systemd-devel-228-150.32.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsystemd0-228-150.32.1 libsystemd0-debuginfo-228-150.32.1 libudev1-228-150.32.1 libudev1-debuginfo-228-150.32.1 systemd-228-150.32.1 systemd-debuginfo-228-150.32.1 systemd-debugsource-228-150.32.1 systemd-sysvinit-228-150.32.1 udev-228-150.32.1 udev-debuginfo-228-150.32.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): systemd-bash-completion-228-150.32.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.32.1 libsystemd0-debuginfo-228-150.32.1 libudev1-228-150.32.1 libudev1-debuginfo-228-150.32.1 systemd-228-150.32.1 systemd-debuginfo-228-150.32.1 systemd-debugsource-228-150.32.1 systemd-sysvinit-228-150.32.1 udev-228-150.32.1 udev-debuginfo-228-150.32.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsystemd0-32bit-228-150.32.1 libsystemd0-debuginfo-32bit-228-150.32.1 libudev1-32bit-228-150.32.1 libudev1-debuginfo-32bit-228-150.32.1 systemd-32bit-228-150.32.1 systemd-debuginfo-32bit-228-150.32.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-bash-completion-228-150.32.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.32.1 libsystemd0-debuginfo-228-150.32.1 libudev1-228-150.32.1 libudev1-debuginfo-228-150.32.1 systemd-228-150.32.1 systemd-debuginfo-228-150.32.1 systemd-debugsource-228-150.32.1 systemd-sysvinit-228-150.32.1 udev-228-150.32.1 udev-debuginfo-228-150.32.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libsystemd0-32bit-228-150.32.1 libsystemd0-debuginfo-32bit-228-150.32.1 libudev1-32bit-228-150.32.1 libudev1-debuginfo-32bit-228-150.32.1 systemd-32bit-228-150.32.1 systemd-debuginfo-32bit-228-150.32.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): systemd-bash-completion-228-150.32.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsystemd0-228-150.32.1 libsystemd0-32bit-228-150.32.1 libsystemd0-debuginfo-228-150.32.1 libsystemd0-debuginfo-32bit-228-150.32.1 libudev1-228-150.32.1 libudev1-32bit-228-150.32.1 libudev1-debuginfo-228-150.32.1 libudev1-debuginfo-32bit-228-150.32.1 systemd-228-150.32.1 systemd-32bit-228-150.32.1 systemd-debuginfo-228-150.32.1 systemd-debuginfo-32bit-228-150.32.1 systemd-debugsource-228-150.32.1 systemd-sysvinit-228-150.32.1 udev-228-150.32.1 udev-debuginfo-228-150.32.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-bash-completion-228-150.32.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsystemd0-228-150.32.1 libsystemd0-32bit-228-150.32.1 libsystemd0-debuginfo-228-150.32.1 libsystemd0-debuginfo-32bit-228-150.32.1 libudev1-228-150.32.1 libudev1-32bit-228-150.32.1 libudev1-debuginfo-228-150.32.1 libudev1-debuginfo-32bit-228-150.32.1 systemd-228-150.32.1 systemd-32bit-228-150.32.1 systemd-debuginfo-228-150.32.1 systemd-debuginfo-32bit-228-150.32.1 systemd-debugsource-228-150.32.1 systemd-sysvinit-228-150.32.1 udev-228-150.32.1 udev-debuginfo-228-150.32.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): systemd-bash-completion-228-150.32.1 - SUSE CaaS Platform ALL (x86_64): libsystemd0-228-150.32.1 libsystemd0-debuginfo-228-150.32.1 libudev1-228-150.32.1 libudev1-debuginfo-228-150.32.1 systemd-228-150.32.1 systemd-debuginfo-228-150.32.1 systemd-debugsource-228-150.32.1 systemd-sysvinit-228-150.32.1 udev-228-150.32.1 udev-debuginfo-228-150.32.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsystemd0-228-150.32.1 libsystemd0-debuginfo-228-150.32.1 libudev1-228-150.32.1 libudev1-debuginfo-228-150.32.1 systemd-228-150.32.1 systemd-debuginfo-228-150.32.1 systemd-debugsource-228-150.32.1 systemd-sysvinit-228-150.32.1 udev-228-150.32.1 udev-debuginfo-228-150.32.1 References: https://www.suse.com/security/cve/CVE-2017-18078.html https://bugzilla.suse.com/1057974 https://bugzilla.suse.com/1068588 https://bugzilla.suse.com/1071224 https://bugzilla.suse.com/1071311 https://bugzilla.suse.com/1075801 https://bugzilla.suse.com/1077925 From sle-updates at lists.suse.com Mon Feb 26 13:09:01 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Feb 2018 21:09:01 +0100 (CET) Subject: SUSE-RU-2018:0547-1: Recommended update for arpwatch Message-ID: <20180226200901.15D43FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for arpwatch ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0547-1 Rating: low References: #1077754 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for arpwatch provides the following fix: - Remove executable bit from service file (bsc#1077754) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-356=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-356=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-356=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-356=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-356=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): arpwatch-debuginfo-2.1a15-159.3.1 arpwatch-debugsource-2.1a15-159.3.1 arpwatch-ethercodes-build-2.1a15-159.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): arpwatch-debuginfo-2.1a15-159.3.1 arpwatch-debugsource-2.1a15-159.3.1 arpwatch-ethercodes-build-2.1a15-159.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): arpwatch-2.1a15-159.3.1 arpwatch-debuginfo-2.1a15-159.3.1 arpwatch-debugsource-2.1a15-159.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): arpwatch-2.1a15-159.3.1 arpwatch-debuginfo-2.1a15-159.3.1 arpwatch-debugsource-2.1a15-159.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): arpwatch-2.1a15-159.3.1 arpwatch-debuginfo-2.1a15-159.3.1 arpwatch-debugsource-2.1a15-159.3.1 References: https://bugzilla.suse.com/1077754 From sle-updates at lists.suse.com Tue Feb 27 07:07:47 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Feb 2018 15:07:47 +0100 (CET) Subject: SUSE-SU-2018:0548-1: moderate: Security update for zziplib Message-ID: <20180227140747.47487FD06@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0548-1 Rating: moderate References: #1024532 #1024536 #1034539 #1078497 #1078701 #1079096 Cross-References: CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for zziplib fixes the following issues: Version update to 0.13.67 contains lots of bug- and security fixes. - If an extension block is too small to hold an extension, do not use the information therein. - CVE-2018-6540: If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. (bsc#1079096) - CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. (bsc#1078701) - CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes should be identical. (bsc#1078497) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-357=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-357=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-357=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-357=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-357=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-357=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.5.1 libzzip-0-13-debuginfo-0.13.67-10.5.1 zziplib-debugsource-0.13.67-10.5.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libzzip-0-13-0.13.67-10.5.1 libzzip-0-13-debuginfo-0.13.67-10.5.1 zziplib-debugsource-0.13.67-10.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.67-10.5.1 libzzip-0-13-debuginfo-0.13.67-10.5.1 zziplib-debugsource-0.13.67-10.5.1 zziplib-devel-0.13.67-10.5.1 zziplib-devel-debuginfo-0.13.67-10.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.67-10.5.1 libzzip-0-13-debuginfo-0.13.67-10.5.1 zziplib-debugsource-0.13.67-10.5.1 zziplib-devel-0.13.67-10.5.1 zziplib-devel-debuginfo-0.13.67-10.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libzzip-0-13-0.13.67-10.5.1 libzzip-0-13-debuginfo-0.13.67-10.5.1 zziplib-debugsource-0.13.67-10.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libzzip-0-13-0.13.67-10.5.1 libzzip-0-13-debuginfo-0.13.67-10.5.1 zziplib-debugsource-0.13.67-10.5.1 References: https://www.suse.com/security/cve/CVE-2018-6381.html https://www.suse.com/security/cve/CVE-2018-6484.html https://www.suse.com/security/cve/CVE-2018-6540.html https://bugzilla.suse.com/1024532 https://bugzilla.suse.com/1024536 https://bugzilla.suse.com/1034539 https://bugzilla.suse.com/1078497 https://bugzilla.suse.com/1078701 https://bugzilla.suse.com/1079096 From sle-updates at lists.suse.com Tue Feb 27 10:08:32 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Feb 2018 18:08:32 +0100 (CET) Subject: SUSE-RU-2018:0549-1: moderate: Recommended update for SUSE Manager Proxy 3.1 Message-ID: <20180227170832.D96C2FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0549-1 Rating: moderate References: #1022078 #1055296 #1063419 #1071526 #1073482 #1073619 #1075044 Affected Products: SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: osad, rhncfg, rhnlib: - Fix update mechanism when updating the updateservice (bsc#1073619) spacewalk-backend: - Fix spacewalk-data-fsck restore of broken package database entry. (bsc#1071526) - Support multiple FQDNs per system. (bsc#1063419) - Fix restore hostname and ip*addr in templated documents. (bsc#1075044) - Fix directory name in spacewalk-data-fsck. spacewalk-client-tools: - Support multiple FQDNs per system. (bsc#1063419) - Fix update mechanism when updating the updateservice. (bsc#1073619) spacewalk-proxy-installer: - Do not use obsolete values in squid template. spacewalk-ssl-cert-check: - Implement ssl-cert-check tool in python. - Remove dependency to certwatch. - Adapt cron and sysconfig script. - Added man page. spacewalk-web: - Replace custom states with configuration channels. - Add 'yaml' option for Ace editor. - Add links to salt formula list and adjust behavior. (bsc#1022078) - Allow selecting unnamed context in kubeconfig. (bsc#1073482) - Add user preferences in order to change items-per-page. (bsc#1055296) - Fix main menu column height. - Adding initial version of web ui notifications. spacewalksd: - Fix update mechanism when updating the updateservice. (bsc#1073619) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-361=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.1 (x86_64): spacewalksd-5.0.26.4-2.6.3 spacewalksd-debuginfo-5.0.26.4-2.6.3 spacewalksd-debugsource-5.0.26.4-2.6.3 - SUSE Manager Proxy 3.1 (noarch): osa-common-5.11.80.5-2.9.2 osad-5.11.80.5-2.9.2 rhncfg-5.10.103.3-3.3.3 rhncfg-actions-5.10.103.3-3.3.3 rhncfg-client-5.10.103.3-3.3.3 rhncfg-management-5.10.103.3-3.3.3 rhnlib-2.7.2.2-3.3.2 spacewalk-backend-2.7.73.11-2.12.3 spacewalk-backend-libs-2.7.73.11-2.12.3 spacewalk-base-minimal-2.7.1.14-2.12.3 spacewalk-base-minimal-config-2.7.1.14-2.12.3 spacewalk-check-2.7.6.3-3.3.3 spacewalk-client-setup-2.7.6.3-3.3.3 spacewalk-client-tools-2.7.6.3-3.3.3 spacewalk-proxy-installer-2.7.2.5-2.6.3 spacewalk-ssl-cert-check-2.4.1.3-3.3.2 References: https://bugzilla.suse.com/1022078 https://bugzilla.suse.com/1055296 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1071526 https://bugzilla.suse.com/1073482 https://bugzilla.suse.com/1073619 https://bugzilla.suse.com/1075044 From sle-updates at lists.suse.com Tue Feb 27 10:09:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Feb 2018 18:09:52 +0100 (CET) Subject: SUSE-RU-2018:0550-1: Recommended update for the SUSE Manager 3.1 release notes and documentation Message-ID: <20180227170952.38AADFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.1 release notes and documentation ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0550-1 Rating: low References: #1080296 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy, susemanager-docs_en fixes the following issues: - New features for SUSE Manager Server + Configuration Management for Salt is not tech preview anymore. + Changes in "Custom States" and "State Catalog" features. + Support Proxies with multiple FQDNs. + Excessive logging reduced. + New notification UI. + New API calls. - New features for SUSE Manager Proxy + Support Proxies with multiple FQDNs. - SUSE Manager Server bugs fixed by latest updates + bsc#979633, bsc#1015956, bsc#1016377, bsc#1022077, bsc#1022078, bsc#1028285, bsc#1031081, bsc#1036302, bsc#1045289, bsc#1055296, bsc#1061273, bsc#1061574, bsc#1063419, bsc#1063759, bsc#1064258, bsc#1065023, bsc#1065259, bsc#1067608, bsc#1069943, bsc#1070161, bsc#1070372, bsc#1070597, bsc#1070782, bsc#1071314, bsc#1071468, bsc#1071526, bsc#1071553, bsc#1072153, bsc#1072157, bsc#1072160, bsc#1072350, bsc#1072797, bsc#1073474, bsc#1073482, bsc#1073619, bsc#1073713, bsc#1073739, bsc#1074430, bsc#1074508, bsc#1074854, bsc#1075044, bsc#1075254, bsc#1075345, bsc#1075408, bsc#1074300, bsc#1075862, bsc#1076034, bsc#1076201, bsc#1076578, bsc#1077076, bsc#1077730, bsc#1078749, bsc#1079820 - SUSE Manager Proxy bugs fixed by latest updates + bsc#1022078, bsc#1055296, bsc#1063419, bsc#1071526, bsc#1073482, bsc#1073619, bsc#1075044 - Salt bugs fixed by latest updates + bsc#1050003, bsc#1063419, bsc#1065792, bsc#1068566, bsc#1071322, bsc#1072218, bsc#1073618, bsc#1074227 - SUSE Manager documentation has been updated + Configuration Management for Salt minions is now supported. + Various fixes, mostly reported via docreview. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-362=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-362=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): release-notes-susemanager-3.1.4-5.20.1 - SUSE Manager Server 3.1 (noarch): susemanager-advanced-topics_en-pdf-3.1-10.14.2 susemanager-best-practices_en-pdf-3.1-10.14.2 susemanager-docs_en-3.1-10.14.2 susemanager-getting-started_en-pdf-3.1-10.14.2 susemanager-jsp_en-3.1-10.14.2 susemanager-reference_en-pdf-3.1-10.14.2 - SUSE Manager Proxy 3.1 (ppc64le x86_64): release-notes-susemanager-proxy-3.1.4-0.15.14.1 References: https://bugzilla.suse.com/1080296 From sle-updates at lists.suse.com Tue Feb 27 10:10:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Feb 2018 18:10:21 +0100 (CET) Subject: SUSE-RU-2018:0551-1: moderate: Recommended update for SUSE Manager Client Tools for SLE 12 Message-ID: <20180227171021.19327FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0551-1 Rating: moderate References: #1063419 #1070372 #1071526 #1073619 #1075044 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: osad, rhncfg, rhnlib, spacewalksd: - Fix update mechanism when updating the updateservice. (bsc#1073619) python-hwdata: - Use dnf instead of yum in README. spacecmd: - Support multiple FQDNs per system. (bsc#1063419) - Added custom JSON encoder in order to parse date fields correctly. (bsc#1070372) spacewalk-backend: - Fix spacewalk-data-fsck restore of broken package database entry. (bsc#1071526) - Support multiple FQDNs per system. (bsc#1063419) - Fix restore hostname and ip*addr in templated documents. (bsc#1075044) - Fix directory name in spacewalk-data-fsck. spacewalk-client-tools: - Support multiple FQDNs per system. (bsc#1063419) - Fix update mechanism when updating the updateservice. (bsc#1073619) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-359=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-359=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-359=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-359=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-359=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): spacewalksd-5.0.26.4-24.6.1 spacewalksd-debuginfo-5.0.26.4-24.6.1 spacewalksd-debugsource-5.0.26.4-24.6.1 - SUSE Manager Tools 12 (noarch): osa-common-5.11.80.5-31.9.1 osad-5.11.80.5-31.9.1 python2-hwdata-2.3.5-12.3.1 rhncfg-5.10.103.3-24.3.1 rhncfg-actions-5.10.103.3-24.3.1 rhncfg-client-5.10.103.3-24.3.1 rhncfg-management-5.10.103.3-24.3.1 rhnlib-2.7.2.2-21.3.1 spacecmd-2.7.8.9-38.12.1 spacewalk-backend-libs-2.7.73.11-55.12.1 spacewalk-check-2.7.6.3-52.3.1 spacewalk-client-setup-2.7.6.3-52.3.1 spacewalk-client-tools-2.7.6.3-52.3.1 - SUSE Manager Server 3.1 (noarch): python2-hwdata-2.3.5-12.3.1 - SUSE Manager Server 3.0 (noarch): python2-hwdata-2.3.5-12.3.1 - SUSE Manager Proxy 3.1 (noarch): python2-hwdata-2.3.5-12.3.1 - SUSE Manager Proxy 3.0 (noarch): python2-hwdata-2.3.5-12.3.1 References: https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1070372 https://bugzilla.suse.com/1071526 https://bugzilla.suse.com/1073619 https://bugzilla.suse.com/1075044 From sle-updates at lists.suse.com Tue Feb 27 10:11:21 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Feb 2018 18:11:21 +0100 (CET) Subject: SUSE-SU-2018:0552-1: moderate: Security update for SUSE Manager Server 3.1 Message-ID: <20180227171121.076DEFD05@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0552-1 Rating: moderate References: #1015956 #1016377 #1022077 #1022078 #1028285 #1031081 #1036302 #1045289 #1055296 #1061273 #1061574 #1063419 #1063759 #1064258 #1065023 #1065259 #1067608 #1068032 #1069943 #1070161 #1070372 #1070597 #1070782 #1071314 #1071468 #1071526 #1071553 #1072153 #1072157 #1072160 #1072797 #1073474 #1073482 #1073619 #1073713 #1073739 #1074300 #1074430 #1074508 #1074854 #1075044 #1075254 #1075345 #1075408 #1075862 #1076034 #1076201 #1076578 #1077076 #1077730 #1078749 #1079820 #979616 #979633 Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 51 fixes is now available. Description: This update fixes the following issues: nutch: - Fix hadoop log dir. (bsc#1061574) osad, rhnlib: - Fix update mechanism when updating the updateservice (bsc#1073619) pxe-default-image: - Spectre and Meltdown mitigation. (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, bsc#1068032) spacecmd: - Support multiple FQDNs per system. (bsc#1063419) - Added custom JSON encoder in order to parse date fields correctly. (bsc#1070372) spacewalk-backend: - Fix spacewalk-data-fsck restore of broken package database entry. (bsc#1071526) - Support multiple FQDNs per system. (bsc#1063419) - Fix restore hostname and ip*addr in templated documents. (bsc#1075044) - Fix directory name in spacewalk-data-fsck. spacewalk-branding: - Replace custom states with configuration channels. - Fix pre formatted code. (bsc#1067608) - Fix message about package profile sync. (bsc#1073739) - Fix naming of the Tools channel. (bsc#979633) spacewalk-client-tools: - Support multiple FQDNs per system. (bsc#1063419) - Fix update mechanism when updating the updateservice. (bsc#1073619) spacewalk-java: - Fix the file count for deployed files. (bsc#1074300) - Remove previous activation keys when migrating to salt. (bsc#1031081) - Improve webui for comparing files. (bsc#1076201) - Separate Salt calls based on config revisions and server grouping. (bsc#1074854) - For minion, no option to modifiy config file but just view. - Handle gpg_check correctly. (bsc#1076578) - Uniform date formatting in System Details view. (bsc#1045289) - Import content of custom states from filesystem to database on startup, backup old state files. - Change the directory of the (normal) configuration channels from mgr_cfg_org_N to manager_org_N. - Replace custom states with configuration channels. - Hide ownership/permission fields from create/upload config file forms for state channels. (bsc#1072153) - Hide files from state channels from deploy/compare file lists. (bsc#1072160) - Disable and hide deploy files tab for state config channels. (bsc#1072157) - Allow ordering config channels in state revision. - Disallow creating 'normal' config channels when a 'state' channel with the same name and org already exists and vice versa. - UI has been updated to manage state channels. - Support multiple FQDNs per system. (bsc#1063419) - Setting 'Base Channels' as default tab for 'Channels' tab in SSM Overview screen. (bsc#979616) - Log triggers that are in ERROR state. - Refresh pillar data on formular change. (bsc#1028285) - Uniform the notification message when rebooting a system. (bsc#1036302) - Avoid use of the potentially-slow rhnServerNeededPackageCache view. - Speed up scheduling of package updates through the SSM. (bsc#1076034) - Fix encoding/decoding of url_bounce with more parameters. (bsc#1075408) - After dry-run, sync channels back with the server. (bsc#1071468) - Fix message about package profile sync. (bsc#1073739) - On registration, assign server to the organization of the creator when activation key is empty. (bsc#1016377) - Fix logging issues when saving autoyast profiles. (bsc#1073474) - Add VM state as info gathered from VMware. (bsc#1063759) - Improve performance of token checking, when RPMs or metadata are downloaded from minions. (bsc#1061273) - Allow selecting unnamed context in kubeconfig. (bsc#1073482) - Fix action names and date formatting in system event history. (bsc#1073713) - Fix incorrect 'os-release' report after SP migration. (bsc#1071553) - Fix failed package installation when in RES 32 and 64 bit packages are installed together. (bsc#1071314) - Add user preferences in order to change items-per-page. (bsc#1055296) - Order salt formulas alphabetically. (bsc#1022077) - Improved error message. (bsc#1064258) - Display messages about wrong input more end-user friendly. (bsc#1015956) - Add api calls for content staging. - Fix content refresh when product keys change. (bsc#1069943) - Allow 'Package List Refresh' when package arch has changed. (bsc#1065259) - New API call for scheduling highstate application. - Adding initial version of web ui notifications. - Show the time on the event history page in the users preferred timezone. spacewalk-reports, spacewalk-search: - More rhnServerNetwork refactoring (bsc#1063419) spacewalk-utils: - Remove restrictions imposed on regex used in 'removelist' parameter passed to spacewalk-clone-by-date that allowed only exact match. (bsc#1075254) spacewalk-web: - Replace custom states with configuration channels. - Add 'yaml' option for Ace editor. - Add links to salt formula list and adjust behavior. (bsc#1022078) - Allow selecting unnamed context in kubeconfig. (bsc#1073482) - Add user preferences in order to change items-per-page. (bsc#1055296) - Fix main menu column height. - Adding initial version of web ui notifications. susemanager: - Fix custom SERVER_KEY overriding. (bsc#1075862) - Detect subvolumes on /var even with newer btrfs tools. (bsc#1077076) - Notify admin that database backups need reconfiguration after db upgrade. - Add syslinux-x86_64 dependency for ppc64le. (bsc#1065023) - Do not try to force db encoding on db upgrade; use same value as for installation. (bsc#1077730) susemanager-schema: - Make migration idempotent. (bsc#1078749) - Fix schema with proper extension. (bsc#1079820) - Migrate old custom states to state channels, assign systems to these new channels, delete old custom-state-to-system assignments, delete the custom states from the db; Before migrating, rename custom states with same name as existing configuration channel labels. - Update queries for global channels. - Check if channel is already subscribed even before checking if parent channel is subscribed or not. (bsc#1072797) - Support multiple FQDNs per system. (bsc#1063419) - Avoid use of the potentially-slow rhnServerNeededPackageCache view. - Handle duplicate serverpackage entries while fixing duplicate evr ids. (bsc#1075345) - Fix duplicate entries in channel listings. - Handle nevra not found case while fixing duplicate evr ids. (bsc#1074508) - Added a script which will remove existing server locks against minions. (bsc#1064258) - Add column to store the 'test' option for state apply actions. - Adding initial version of web ui notifications. susemanager-sls: - Compare osmajorrelease in jinja always as integer. - Python3 compatibility fixes in modules and states. - Fix cleanup state error when deleting ssh-push minion. (bsc#1070161) - Fix image inspect when entrypoint is used by overwriting it. (bsc#1070782) susemanager-sync-data: - Use TLS for mirroring OES2018 channels. (bsc#1074430) - Add SUSE Manager Server 3.0 and 3.1 channels for mirroring. virtual-host-gatherer: - Add VM state as info gathered from VMware. (bsc#1063759) - Explore the entire tree of nodes from VMware. (bsc#1070597) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-361=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (x86_64): spacewalk-branding-2.7.2.11-2.12.6 susemanager-3.1.12-2.12.3 susemanager-tools-3.1.12-2.12.3 - SUSE Manager Server 3.1 (noarch): nutch-1.0-0.9.6.2 osa-common-5.11.80.5-2.9.2 osa-dispatcher-5.11.80.5-2.9.2 pxe-default-image-3.1-0.13.3.3 pxe-default-image-debugsource-3.1-0.13.3.3 rhnlib-2.7.2.2-3.3.2 spacecmd-2.7.8.9-2.12.2 spacewalk-backend-2.7.73.11-2.12.3 spacewalk-backend-app-2.7.73.11-2.12.3 spacewalk-backend-applet-2.7.73.11-2.12.3 spacewalk-backend-config-files-2.7.73.11-2.12.3 spacewalk-backend-config-files-common-2.7.73.11-2.12.3 spacewalk-backend-config-files-tool-2.7.73.11-2.12.3 spacewalk-backend-iss-2.7.73.11-2.12.3 spacewalk-backend-iss-export-2.7.73.11-2.12.3 spacewalk-backend-libs-2.7.73.11-2.12.3 spacewalk-backend-package-push-server-2.7.73.11-2.12.3 spacewalk-backend-server-2.7.73.11-2.12.3 spacewalk-backend-sql-2.7.73.11-2.12.3 spacewalk-backend-sql-oracle-2.7.73.11-2.12.3 spacewalk-backend-sql-postgresql-2.7.73.11-2.12.3 spacewalk-backend-tools-2.7.73.11-2.12.3 spacewalk-backend-xml-export-libs-2.7.73.11-2.12.3 spacewalk-backend-xmlrpc-2.7.73.11-2.12.3 spacewalk-base-2.7.1.14-2.12.3 spacewalk-base-minimal-2.7.1.14-2.12.3 spacewalk-base-minimal-config-2.7.1.14-2.12.3 spacewalk-client-tools-2.7.6.3-3.3.3 spacewalk-html-2.7.1.14-2.12.3 spacewalk-java-2.7.46.10-2.14.2 spacewalk-java-config-2.7.46.10-2.14.2 spacewalk-java-lib-2.7.46.10-2.14.2 spacewalk-java-oracle-2.7.46.10-2.14.2 spacewalk-java-postgresql-2.7.46.10-2.14.2 spacewalk-reports-2.7.5.4-2.6.3 spacewalk-search-2.7.3.4-2.9.7 spacewalk-taskomatic-2.7.46.10-2.14.2 spacewalk-utils-2.7.10.6-2.6.3 susemanager-schema-3.1.15-2.16.1 susemanager-sls-3.1.15-2.16.2 susemanager-sync-data-3.1.10-2.14.2 virtual-host-gatherer-1.0.16-2.9.3 virtual-host-gatherer-Kubernetes-1.0.16-2.9.3 virtual-host-gatherer-VMware-1.0.16-2.9.3 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://bugzilla.suse.com/1015956 https://bugzilla.suse.com/1016377 https://bugzilla.suse.com/1022077 https://bugzilla.suse.com/1022078 https://bugzilla.suse.com/1028285 https://bugzilla.suse.com/1031081 https://bugzilla.suse.com/1036302 https://bugzilla.suse.com/1045289 https://bugzilla.suse.com/1055296 https://bugzilla.suse.com/1061273 https://bugzilla.suse.com/1061574 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1063759 https://bugzilla.suse.com/1064258 https://bugzilla.suse.com/1065023 https://bugzilla.suse.com/1065259 https://bugzilla.suse.com/1067608 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1069943 https://bugzilla.suse.com/1070161 https://bugzilla.suse.com/1070372 https://bugzilla.suse.com/1070597 https://bugzilla.suse.com/1070782 https://bugzilla.suse.com/1071314 https://bugzilla.suse.com/1071468 https://bugzilla.suse.com/1071526 https://bugzilla.suse.com/1071553 https://bugzilla.suse.com/1072153 https://bugzilla.suse.com/1072157 https://bugzilla.suse.com/1072160 https://bugzilla.suse.com/1072797 https://bugzilla.suse.com/1073474 https://bugzilla.suse.com/1073482 https://bugzilla.suse.com/1073619 https://bugzilla.suse.com/1073713 https://bugzilla.suse.com/1073739 https://bugzilla.suse.com/1074300 https://bugzilla.suse.com/1074430 https://bugzilla.suse.com/1074508 https://bugzilla.suse.com/1074854 https://bugzilla.suse.com/1075044 https://bugzilla.suse.com/1075254 https://bugzilla.suse.com/1075345 https://bugzilla.suse.com/1075408 https://bugzilla.suse.com/1075862 https://bugzilla.suse.com/1076034 https://bugzilla.suse.com/1076201 https://bugzilla.suse.com/1076578 https://bugzilla.suse.com/1077076 https://bugzilla.suse.com/1077730 https://bugzilla.suse.com/1078749 https://bugzilla.suse.com/1079820 https://bugzilla.suse.com/979616 https://bugzilla.suse.com/979633 From sle-updates at lists.suse.com Tue Feb 27 10:18:58 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Feb 2018 18:18:58 +0100 (CET) Subject: SUSE-RU-2018:0553-1: moderate: Recommended update for SUSE Manager Client Tools for SLE 11 Message-ID: <20180227171858.65FCEFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools for SLE 11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0553-1 Rating: moderate References: #1063419 #1070372 #1071526 #1073619 #1075044 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues with the SUSE Manager Client Tools for SLE 11: osad, rhncfg, rhnlib, spacewalksd: - Fix update mechanism when updating the updateservice. (bsc#1073619) spacecmd: - Support multiple FQDNs per system. (bsc#1063419) - Added custom JSON encoder in order to parse date fields correctly. (bsc#1070372) spacewalk-backend: - Fix spacewalk-data-fsck restore of broken package database entry. (bsc#1071526) - Support multiple FQDNs per system. (bsc#1063419) - Fix restore hostname and ip*addr in template documents. (bsc#1075044) - Fix directory name in spacewalk-data-fsck. spacewalk-client-tools: - Support multiple FQDNs per system. (bsc#1063419) - Fix update mechanism when updating the updateservice. (bsc#1073619) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201801-13486=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201801-13486=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (ia64 ppc64): rhnlib-2.7.2.2-12.3.1 spacecmd-2.7.8.9-18.14.1 spacewalk-backend-libs-2.7.73.11-28.13.1 spacewalksd-5.0.26.4-9.6.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): osa-common-5.11.80.5-9.9.1 osad-5.11.80.5-9.9.1 rhncfg-5.10.103.3-6.3.1 rhncfg-actions-5.10.103.3-6.3.1 rhncfg-client-5.10.103.3-6.3.1 rhncfg-management-5.10.103.3-6.3.1 spacewalk-check-2.7.6.3-27.3.1 spacewalk-client-setup-2.7.6.3-27.3.1 spacewalk-client-tools-2.7.6.3-27.3.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (ia64 ppc64 s390x x86_64): rhnlib-2.7.2.2-12.3.1 spacecmd-2.7.8.9-18.14.1 spacewalk-backend-libs-2.7.73.11-28.13.1 spacewalksd-5.0.26.4-9.6.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): osa-common-5.11.80.5-9.9.1 osad-5.11.80.5-9.9.1 rhncfg-5.10.103.3-6.3.1 rhncfg-actions-5.10.103.3-6.3.1 rhncfg-client-5.10.103.3-6.3.1 rhncfg-management-5.10.103.3-6.3.1 spacewalk-check-2.7.6.3-27.3.1 spacewalk-client-setup-2.7.6.3-27.3.1 spacewalk-client-tools-2.7.6.3-27.3.1 References: https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1070372 https://bugzilla.suse.com/1071526 https://bugzilla.suse.com/1073619 https://bugzilla.suse.com/1075044 From sle-updates at lists.suse.com Tue Feb 27 10:20:05 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Feb 2018 18:20:05 +0100 (CET) Subject: SUSE-RU-2018:0554-1: moderate: Recommended update for Salt Message-ID: <20180227172005.5B664FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0554-1 Rating: moderate References: #1050003 #1063419 #1065792 #1068446 #1068566 #1071322 #1072218 #1073618 #1074227 #1078001 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix state files with unicode. (bsc#1074227) - Catch ImportError for kubernetes.client import. (bsc#1078001) - Fix epoch handling for Rhel 6 and 7. - Fix zypper module to return UTC dates on 'pkg.list_downloaded'. - Fix return value parsing when calling vm_state. (bsc#1073618) - Fix 'user.present' when 'gid_from_name' is set but group does not exist. - Split only strings, if they are such. (bsc#1072218) - Feat: Add grain for all FQDNs. (bsc#1063419) - Fix "No service execution module loaded" issue. (bsc#1065792) - Removed unnecessary logging on shutdown. (bsc#1050003) - Add grain for retrieving FQDNs. (bsc#1063419) - Older logrotate need su directive. (bsc#1071322) - Fix for wrong version processing during yum pkg install. (bsc#1068566) - Avoid excessive syslogging by watchdog cronjob. - Check pillar: Fix the logic according to the exact described purpose of the function. (bsc#1068446) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-13488=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-13488=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-43.17.1 salt-doc-2016.11.4-43.17.1 salt-minion-2016.11.4-43.17.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-43.17.1 salt-doc-2016.11.4-43.17.1 salt-minion-2016.11.4-43.17.1 References: https://bugzilla.suse.com/1050003 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1065792 https://bugzilla.suse.com/1068446 https://bugzilla.suse.com/1068566 https://bugzilla.suse.com/1071322 https://bugzilla.suse.com/1072218 https://bugzilla.suse.com/1073618 https://bugzilla.suse.com/1074227 https://bugzilla.suse.com/1078001 From sle-updates at lists.suse.com Tue Feb 27 13:07:43 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Feb 2018 21:07:43 +0100 (CET) Subject: SUSE-SU-2018:0555-1: important: Security update for the Linux Kernel Message-ID: <20180227200743.11FDFFD06@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0555-1 Rating: important References: #1012382 #1045538 #1048585 #1050431 #1054305 #1059174 #1060279 #1060682 #1063544 #1064861 #1068032 #1068984 #1069508 #1070623 #1070781 #1073311 #1074488 #1074621 #1074880 #1075088 #1075091 #1075410 #1075617 #1075621 #1075908 #1075994 #1076017 #1076154 #1076278 #1076437 #1076849 #1077191 #1077355 #1077406 #1077487 #1077560 #1077922 #1078875 #1079917 #1080133 #1080359 #1080363 #1080372 #1080579 #1080685 #1080774 #1081500 #936530 #962257 Cross-References: CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741 CVE-2017-18017 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 40 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. (bnc#1077355). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538). - alsa: aloop: Release cable upon open error path (bsc#1045538). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538). - btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363). - btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056). - btrfs: make the state of the transaction more readable (FATE#325056). - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685). - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685). - btrfs: reset intwrite on transaction abort (FATE#325056). - btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359). - btrfs: stop waiting on current trans if we aborted (FATE#325056). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - delay: add poll_event_interruptible (bsc#1048585). - dm flakey: add corrupt_bio_byte feature (bsc#1080372). - dm flakey: add drop_writes (bsc#1080372). - dm flakey: error READ bios during the down_interval (bsc#1080372). - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372). - dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372). - dm flakey: introduce "error_writes" feature (bsc#1080372). - dm flakey: support feature args (bsc#1080372). - dm flakey: use dm_target_offset and support discards (bsc#1080372). - ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508). - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508). - ext3: add necessary check in case IO error happens (bnc#1069508). - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508). - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Add proper NX handling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278). - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy. - kaiser: Fix trampoline stack loading issue on XEN PV - kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579) - kaiser: make sure not to touch stack after CR3 switch in compat syscall return - kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579) - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880). - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431). - mISDN: fix a loop count (bsc#1077191). - nfsd: do not share group_info among threads (bsc at 1070623). - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437). - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437). - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088). - powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174). - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487). - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088). - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes). - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088). - powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088). - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088). - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088). - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088). - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088). - rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875). - scsi: sr: wait for the medium to become ready (bsc#1048585). - scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032 CVE-2017-5754). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (bsc#1068032 CVE-2017-5715). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-20180207-13491=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-20180207-13491=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20180207-13491=1 - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-20180207-13491=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-kernel-20180207-13491=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-20180207-13491=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.35.1 kernel-default-base-3.0.101-108.35.1 kernel-default-devel-3.0.101-108.35.1 kernel-source-3.0.101-108.35.1 kernel-syms-3.0.101-108.35.1 kernel-trace-3.0.101-108.35.1 kernel-trace-base-3.0.101-108.35.1 kernel-trace-devel-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.35.1 kernel-ec2-base-3.0.101-108.35.1 kernel-ec2-devel-3.0.101-108.35.1 kernel-xen-3.0.101-108.35.1 kernel-xen-base-3.0.101-108.35.1 kernel-xen-devel-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.35.1 kernel-bigmem-base-3.0.101-108.35.1 kernel-bigmem-devel-3.0.101-108.35.1 kernel-ppc64-3.0.101-108.35.1 kernel-ppc64-base-3.0.101-108.35.1 kernel-ppc64-devel-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.35.1 kernel-pae-base-3.0.101-108.35.1 kernel-pae-devel-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.35.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.35.1 - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): cluster-network-kmp-rt-1.4_3.0.101_rt130_69.14-2.32.4.6 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_69.14-2.32.4.6 drbd-kmp-rt-8.4.4_3.0.101_rt130_69.14-0.27.4.6 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_69.14-0.27.4.6 gfs2-kmp-rt-2_3.0.101_rt130_69.14-0.24.4.6 gfs2-kmp-rt_trace-2_3.0.101_rt130_69.14-0.24.4.6 ocfs2-kmp-rt-1.6_3.0.101_rt130_69.14-0.28.5.6 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_69.14-0.28.5.6 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_108.35-2.32.4.6 cluster-network-kmp-trace-1.4_3.0.101_108.35-2.32.4.6 drbd-8.4.4-0.27.4.2 drbd-bash-completion-8.4.4-0.27.4.2 drbd-heartbeat-8.4.4-0.27.4.2 drbd-kmp-default-8.4.4_3.0.101_108.35-0.27.4.6 drbd-kmp-trace-8.4.4_3.0.101_108.35-0.27.4.6 drbd-pacemaker-8.4.4-0.27.4.2 drbd-udev-8.4.4-0.27.4.2 drbd-utils-8.4.4-0.27.4.2 gfs2-kmp-default-2_3.0.101_108.35-0.24.4.6 gfs2-kmp-trace-2_3.0.101_108.35-0.24.4.6 ocfs2-kmp-default-1.6_3.0.101_108.35-0.28.5.6 ocfs2-kmp-trace-1.6_3.0.101_108.35-0.28.5.6 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_108.35-2.32.4.6 drbd-kmp-xen-8.4.4_3.0.101_108.35-0.27.4.6 gfs2-kmp-xen-2_3.0.101_108.35-0.24.4.6 ocfs2-kmp-xen-1.6_3.0.101_108.35-0.28.5.6 - SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64): drbd-xen-8.4.4-0.27.4.2 - SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64): cluster-network-kmp-bigmem-1.4_3.0.101_108.35-2.32.4.6 cluster-network-kmp-ppc64-1.4_3.0.101_108.35-2.32.4.6 drbd-kmp-bigmem-8.4.4_3.0.101_108.35-0.27.4.6 drbd-kmp-ppc64-8.4.4_3.0.101_108.35-0.27.4.6 gfs2-kmp-bigmem-2_3.0.101_108.35-0.24.4.6 gfs2-kmp-ppc64-2_3.0.101_108.35-0.24.4.6 ocfs2-kmp-bigmem-1.6_3.0.101_108.35-0.28.5.6 ocfs2-kmp-ppc64-1.6_3.0.101_108.35-0.28.5.6 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586): cluster-network-kmp-pae-1.4_3.0.101_108.35-2.32.4.6 drbd-kmp-pae-8.4.4_3.0.101_108.35-0.27.4.6 gfs2-kmp-pae-2_3.0.101_108.35-0.24.4.6 ocfs2-kmp-pae-1.6_3.0.101_108.35-0.28.5.6 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): drbd-debuginfo-8.4.4-0.27.4.2 drbd-debugsource-8.4.4-0.27.4.2 kernel-default-debuginfo-3.0.101-108.35.1 kernel-default-debugsource-3.0.101-108.35.1 kernel-trace-debuginfo-3.0.101-108.35.1 kernel-trace-debugsource-3.0.101-108.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.35.1 kernel-trace-devel-debuginfo-3.0.101-108.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.35.1 kernel-ec2-debugsource-3.0.101-108.35.1 kernel-xen-debuginfo-3.0.101-108.35.1 kernel-xen-debugsource-3.0.101-108.35.1 kernel-xen-devel-debuginfo-3.0.101-108.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.35.1 kernel-bigmem-debugsource-3.0.101-108.35.1 kernel-ppc64-debuginfo-3.0.101-108.35.1 kernel-ppc64-debugsource-3.0.101-108.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.35.1 kernel-pae-debugsource-3.0.101-108.35.1 kernel-pae-devel-debuginfo-3.0.101-108.35.1 References: https://www.suse.com/security/cve/CVE-2015-1142857.html https://www.suse.com/security/cve/CVE-2017-13215.html https://www.suse.com/security/cve/CVE-2017-17741.html https://www.suse.com/security/cve/CVE-2017-18017.html https://www.suse.com/security/cve/CVE-2017-18079.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-5332.html https://www.suse.com/security/cve/CVE-2018-5333.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1045538 https://bugzilla.suse.com/1048585 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1054305 https://bugzilla.suse.com/1059174 https://bugzilla.suse.com/1060279 https://bugzilla.suse.com/1060682 https://bugzilla.suse.com/1063544 https://bugzilla.suse.com/1064861 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068984 https://bugzilla.suse.com/1069508 https://bugzilla.suse.com/1070623 https://bugzilla.suse.com/1070781 https://bugzilla.suse.com/1073311 https://bugzilla.suse.com/1074488 https://bugzilla.suse.com/1074621 https://bugzilla.suse.com/1074880 https://bugzilla.suse.com/1075088 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075410 https://bugzilla.suse.com/1075617 https://bugzilla.suse.com/1075621 https://bugzilla.suse.com/1075908 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1076154 https://bugzilla.suse.com/1076278 https://bugzilla.suse.com/1076437 https://bugzilla.suse.com/1076849 https://bugzilla.suse.com/1077191 https://bugzilla.suse.com/1077355 https://bugzilla.suse.com/1077406 https://bugzilla.suse.com/1077487 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1077922 https://bugzilla.suse.com/1078875 https://bugzilla.suse.com/1079917 https://bugzilla.suse.com/1080133 https://bugzilla.suse.com/1080359 https://bugzilla.suse.com/1080363 https://bugzilla.suse.com/1080372 https://bugzilla.suse.com/1080579 https://bugzilla.suse.com/1080685 https://bugzilla.suse.com/1080774 https://bugzilla.suse.com/1081500 https://bugzilla.suse.com/936530 https://bugzilla.suse.com/962257 From sle-updates at lists.suse.com Tue Feb 27 13:16:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Feb 2018 21:16:22 +0100 (CET) Subject: SUSE-RU-2018:0556-1: important: Recommended update for the Linux Kernel Message-ID: <20180227201622.0D501FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0556-1 Rating: important References: #1081436 #1081437 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to fix a regression in the microcode loader that could lead to system crashes. [bsc#1081436, bsc#1081437] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-368=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-368=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-368=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-368=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2018-368=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-368=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-368=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-368=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.114-92.67.1 kernel-default-debugsource-4.4.114-92.67.1 kernel-default-extra-4.4.114-92.67.1 kernel-default-extra-debuginfo-4.4.114-92.67.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.114-92.67.1 kernel-obs-build-debugsource-4.4.114-92.67.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.114-92.67.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.114-92.67.1 kernel-default-base-4.4.114-92.67.1 kernel-default-base-debuginfo-4.4.114-92.67.1 kernel-default-debuginfo-4.4.114-92.67.1 kernel-default-debugsource-4.4.114-92.67.1 kernel-default-devel-4.4.114-92.67.1 kernel-syms-4.4.114-92.67.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.114-92.67.1 kernel-macros-4.4.114-92.67.1 kernel-source-4.4.114-92.67.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.114-92.67.1 kernel-default-base-4.4.114-92.67.1 kernel-default-base-debuginfo-4.4.114-92.67.1 kernel-default-debuginfo-4.4.114-92.67.1 kernel-default-debugsource-4.4.114-92.67.1 kernel-default-devel-4.4.114-92.67.1 kernel-syms-4.4.114-92.67.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.114-92.67.1 kernel-macros-4.4.114-92.67.1 kernel-source-4.4.114-92.67.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): kernel-default-man-4.4.114-92.67.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_114-92_67-default-1-3.3.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.114-92.67.1 cluster-md-kmp-default-debuginfo-4.4.114-92.67.1 cluster-network-kmp-default-4.4.114-92.67.1 cluster-network-kmp-default-debuginfo-4.4.114-92.67.1 dlm-kmp-default-4.4.114-92.67.1 dlm-kmp-default-debuginfo-4.4.114-92.67.1 gfs2-kmp-default-4.4.114-92.67.1 gfs2-kmp-default-debuginfo-4.4.114-92.67.1 kernel-default-debuginfo-4.4.114-92.67.1 kernel-default-debugsource-4.4.114-92.67.1 ocfs2-kmp-default-4.4.114-92.67.1 ocfs2-kmp-default-debuginfo-4.4.114-92.67.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.114-92.67.1 kernel-default-debuginfo-4.4.114-92.67.1 kernel-default-debugsource-4.4.114-92.67.1 kernel-default-devel-4.4.114-92.67.1 kernel-default-extra-4.4.114-92.67.1 kernel-default-extra-debuginfo-4.4.114-92.67.1 kernel-syms-4.4.114-92.67.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.114-92.67.1 kernel-macros-4.4.114-92.67.1 kernel-source-4.4.114-92.67.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.114-92.67.1 kernel-default-debuginfo-4.4.114-92.67.1 kernel-default-debugsource-4.4.114-92.67.1 References: https://bugzilla.suse.com/1081436 https://bugzilla.suse.com/1081437 From sle-updates at lists.suse.com Tue Feb 27 16:08:07 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Feb 2018 00:08:07 +0100 (CET) Subject: SUSE-RU-2018:0557-1: important: Recommended update for the Linux Kernel Message-ID: <20180227230807.ED80FFD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0557-1 Rating: important References: #1081317 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 12 GA kernel was updated to fix a regression that caused inability to load the KVM kernel module. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-369=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-369=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.122.1 kernel-default-base-3.12.61-52.122.1 kernel-default-base-debuginfo-3.12.61-52.122.1 kernel-default-debuginfo-3.12.61-52.122.1 kernel-default-debugsource-3.12.61-52.122.1 kernel-default-devel-3.12.61-52.122.1 kernel-syms-3.12.61-52.122.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.122.1 kernel-macros-3.12.61-52.122.1 kernel-source-3.12.61-52.122.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.122.1 kernel-xen-base-3.12.61-52.122.1 kernel-xen-base-debuginfo-3.12.61-52.122.1 kernel-xen-debuginfo-3.12.61-52.122.1 kernel-xen-debugsource-3.12.61-52.122.1 kernel-xen-devel-3.12.61-52.122.1 kgraft-patch-3_12_61-52_122-default-1-1.3.1 kgraft-patch-3_12_61-52_122-xen-1-1.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.122.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.122.1 kernel-ec2-debuginfo-3.12.61-52.122.1 kernel-ec2-debugsource-3.12.61-52.122.1 kernel-ec2-devel-3.12.61-52.122.1 kernel-ec2-extra-3.12.61-52.122.1 kernel-ec2-extra-debuginfo-3.12.61-52.122.1 References: https://bugzilla.suse.com/1081317 From sle-updates at lists.suse.com Tue Feb 27 19:07:19 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Feb 2018 03:07:19 +0100 (CET) Subject: SUSE-RU-2018:0558-1: Recommended update for libica-2_1_0 Message-ID: <20180228020719.871B5FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for libica-2_1_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0558-1 Rating: low References: #978696 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libica-2_1_0 provides the following fixes: - Obsolete libica-2_0_2-32bit and trigger upgrade when libica-2_1_0-32bit is installed. (bsc#978696) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libica-2_1_0-13493=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libica-2_1_0-13493=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (s390x): libica-2_1_0-2.1.0-0.15.3.7 libica-2_1_0-32bit-2.1.0-0.15.3.7 - SUSE Linux Enterprise Debuginfo 11-SP4 (s390x): libica-2_1_0-debuginfo-2.1.0-0.15.3.7 libica-2_1_0-debuginfo-32bit-2.1.0-0.15.3.7 libica-2_1_0-debugsource-2.1.0-0.15.3.7 References: https://bugzilla.suse.com/978696 From sle-updates at lists.suse.com Tue Feb 27 19:07:52 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Feb 2018 03:07:52 +0100 (CET) Subject: SUSE-RU-2018:0559-1: Recommended update for libica2 Message-ID: <20180228020752.8AC7EFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for libica2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0559-1 Rating: low References: #1058562 #978696 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libica2 provides the following fixes: - Moved libica2.so link from devel to regular package. (bsc#978696) - Added Obsoletes for libica-2_0_2 and libica-2_1_0 (bsc#978696) - Fix a problem that was causing AES-GCM/CCM to sometimes compute wrong tag values, wrongly indicating that the data has been modified. (bsc#1058562) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libica2-13492=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libica2-13492=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libica2-13492=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (s390x): libica2-devel-2.4.2-0.15.7.7 - SUSE Linux Enterprise Server 11-SP4 (s390x): libica2-2.4.2-0.15.7.7 libica2-32bit-2.4.2-0.15.7.7 - SUSE Linux Enterprise Debuginfo 11-SP4 (s390x): libica2-debuginfo-2.4.2-0.15.7.7 libica2-debuginfo-32bit-2.4.2-0.15.7.7 libica2-debugsource-2.4.2-0.15.7.7 References: https://bugzilla.suse.com/1058562 https://bugzilla.suse.com/978696 From sle-updates at lists.suse.com Wed Feb 28 10:08:50 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Feb 2018 18:08:50 +0100 (CET) Subject: SUSE-SU-2018:0562-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12) Message-ID: <20180228170850.95C94FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0562-1 Rating: important References: #1064392 Cross-References: CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_119 fixes several issues. The following security issue was fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-373=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_119-default-2-2.1 kgraft-patch-3_12_61-52_119-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1064392 From sle-updates at lists.suse.com Wed Feb 28 10:09:22 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Feb 2018 18:09:22 +0100 (CET) Subject: SUSE-RU-2018:0563-1: important: Recommended update for lrbd Message-ID: <20180228170922.17199FD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for lrbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0563-1 Rating: important References: #1049111 #1082865 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lrbd to version 1.6 which - allows many targets (bsc#1049111) - moves wipe to after read for -f (bnc#1082865) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-372=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): lrbd-1.6-2.8.1 References: https://bugzilla.suse.com/1049111 https://bugzilla.suse.com/1082865 From sle-updates at lists.suse.com Wed Feb 28 10:10:04 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Feb 2018 18:10:04 +0100 (CET) Subject: SUSE-RU-2018:0564-1: Recommended update for grub2 Message-ID: <20180228171004.D46DEFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0564-1 Rating: low References: #1065349 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 provides the following fixes: - Check if the default entry needs to be corrected for updated distributor version and/or use fallback entry if the default kernel entry was removed. (bsc#1065349) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-374=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-374=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-374=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-374=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): grub2-2.02~beta2-115.24.1 grub2-arm64-efi-2.02~beta2-115.24.1 grub2-debuginfo-2.02~beta2-115.24.1 grub2-debugsource-2.02~beta2-115.24.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.24.1 grub2-systemd-sleep-plugin-2.02~beta2-115.24.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.02~beta2-115.24.1 grub2-debuginfo-2.02~beta2-115.24.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.02~beta2-115.24.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): grub2-arm64-efi-2.02~beta2-115.24.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.24.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): grub2-i386-pc-2.02~beta2-115.24.1 grub2-x86_64-efi-2.02~beta2-115.24.1 grub2-x86_64-xen-2.02~beta2-115.24.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.24.1 grub2-systemd-sleep-plugin-2.02~beta2-115.24.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): grub2-s390x-emu-2.02~beta2-115.24.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): grub2-2.02~beta2-115.24.1 grub2-debuginfo-2.02~beta2-115.24.1 grub2-debugsource-2.02~beta2-115.24.1 grub2-i386-pc-2.02~beta2-115.24.1 grub2-x86_64-efi-2.02~beta2-115.24.1 grub2-x86_64-xen-2.02~beta2-115.24.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.24.1 grub2-systemd-sleep-plugin-2.02~beta2-115.24.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): grub2-2.02~beta2-115.24.1 grub2-debuginfo-2.02~beta2-115.24.1 grub2-debugsource-2.02~beta2-115.24.1 grub2-i386-pc-2.02~beta2-115.24.1 grub2-x86_64-efi-2.02~beta2-115.24.1 References: https://bugzilla.suse.com/1065349 From sle-updates at lists.suse.com Wed Feb 28 13:07:37 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Feb 2018 21:07:37 +0100 (CET) Subject: SUSE-SU-2018:0565-1: important: Security update for glibc Message-ID: <20180228200737.F172DFD35@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0565-1 Rating: important References: #1037930 #1051791 #1074293 #1079036 #978209 Cross-References: CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for glibc fixes the following issues: Security issues: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area in realpath (bsc#1074293) Also a non security issue was fixed: - Do not fail if one of the two responses to AF_UNSPEC fails (bsc#978209) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-13494=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-13494=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-glibc-13494=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-13494=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-13494=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-13494=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.110.6.2 glibc-info-2.11.3-17.110.6.2 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.110.6.2 glibc-devel-2.11.3-17.110.6.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.110.6.2 glibc-i18ndata-2.11.3-17.110.6.2 glibc-info-2.11.3-17.110.6.2 glibc-locale-2.11.3-17.110.6.2 glibc-profile-2.11.3-17.110.6.2 nscd-2.11.3-17.110.6.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.110.6.2 glibc-devel-32bit-2.11.3-17.110.6.2 glibc-locale-32bit-2.11.3-17.110.6.2 glibc-profile-32bit-2.11.3-17.110.6.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.110.6.2 glibc-profile-x86-2.11.3-17.110.6.2 glibc-x86-2.11.3-17.110.6.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.110.6.2 glibc-devel-2.11.3-17.110.6.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.110.6.2 glibc-i18ndata-2.11.3-17.110.6.2 glibc-info-2.11.3-17.110.6.2 glibc-locale-2.11.3-17.110.6.2 glibc-profile-2.11.3-17.110.6.2 nscd-2.11.3-17.110.6.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.110.6.2 glibc-devel-32bit-2.11.3-17.110.6.2 glibc-locale-32bit-2.11.3-17.110.6.2 glibc-profile-32bit-2.11.3-17.110.6.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.110.6.2 glibc-devel-2.11.3-17.110.6.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.110.6.2 glibc-i18ndata-2.11.3-17.110.6.2 glibc-info-2.11.3-17.110.6.2 glibc-locale-2.11.3-17.110.6.2 glibc-profile-2.11.3-17.110.6.2 nscd-2.11.3-17.110.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.110.6.2 glibc-debugsource-2.11.3-17.110.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.110.6.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.110.6.2 glibc-debugsource-2.11.3-17.110.6.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.6.2 References: https://www.suse.com/security/cve/CVE-2017-12132.html https://www.suse.com/security/cve/CVE-2017-8804.html https://www.suse.com/security/cve/CVE-2018-1000001.html https://www.suse.com/security/cve/CVE-2018-6485.html https://www.suse.com/security/cve/CVE-2018-6551.html https://bugzilla.suse.com/1037930 https://bugzilla.suse.com/1051791 https://bugzilla.suse.com/1074293 https://bugzilla.suse.com/1079036 https://bugzilla.suse.com/978209 From sle-updates at lists.suse.com Wed Feb 28 13:08:51 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Feb 2018 21:08:51 +0100 (CET) Subject: SUSE-RU-2018:0566-1: Recommended update for net-tools Message-ID: <20180228200851.714AFFD2E@maintenance.suse.de> SUSE Recommended Update: Recommended update for net-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0566-1 Rating: low References: #1009905 #1063910 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for net-tools provides the following fix: - netstat: fix handling of large socket numbers (bsc#1063910) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-375=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-375=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-375=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-375=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-375=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-375=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-375=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): net-tools-1.60-765.5.4 net-tools-debuginfo-1.60-765.5.4 net-tools-debugsource-1.60-765.5.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): net-tools-1.60-765.5.4 net-tools-debuginfo-1.60-765.5.4 net-tools-debugsource-1.60-765.5.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): net-tools-1.60-765.5.4 net-tools-debuginfo-1.60-765.5.4 net-tools-debugsource-1.60-765.5.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): net-tools-1.60-765.5.4 net-tools-debuginfo-1.60-765.5.4 net-tools-debugsource-1.60-765.5.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): net-tools-1.60-765.5.4 net-tools-debuginfo-1.60-765.5.4 net-tools-debugsource-1.60-765.5.4 - SUSE CaaS Platform ALL (x86_64): net-tools-1.60-765.5.4 net-tools-debuginfo-1.60-765.5.4 net-tools-debugsource-1.60-765.5.4 - OpenStack Cloud Magnum Orchestration 7 (x86_64): net-tools-1.60-765.5.4 net-tools-debuginfo-1.60-765.5.4 net-tools-debugsource-1.60-765.5.4 References: https://bugzilla.suse.com/1009905 https://bugzilla.suse.com/1063910 From sle-updates at lists.suse.com Wed Feb 28 19:07:31 2018 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Mar 2018 03:07:31 +0100 (CET) Subject: SUSE-RU-2018:0567-1: moderate: Recommended update for Salt Message-ID: <20180301020731.EB72DFD35@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2018:0567-1 Rating: moderate References: #1050003 #1063419 #1065792 #1068446 #1068566 #1071322 #1072218 #1073618 #1074227 #1078001 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Manager Proxy 3.1 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE Enterprise Storage 3 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Fix state files with unicode. (bsc#1074227) - Catch ImportError for kubernetes.client import. (bsc#1078001) - Fix epoch handling for Rhel 6 and 7. - Fix zypper module to return UTC dates on 'pkg.list_downloaded'. - Fix return value parsing when calling vm_state. (bsc#1073618) - Fix 'user.present' when 'gid_from_name' is set but group does not exist. - Split only strings, if they are such. (bsc#1072218) - Feat: Add grain for all FQDNs. (bsc#1063419) - Fix "No service execution module loaded" issue. (bsc#1065792) - Removed unnecessary logging on shutdown. (bsc#1050003) - Add grain for retrieving FQDNs. (bsc#1063419) - Older logrotate need su directive. (bsc#1071322) - Fix for wrong version processing during yum pkg install. (bsc#1068566) - Avoid excessive syslogging by watchdog cronjob. - Check pillar: Fix the logic according to the exact described purpose of the function. (bsc#1068446) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-377=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-377=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-377=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-377=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-377=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2018-377=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-377=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2018-377=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-377=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2018-377=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-377=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-377=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): salt-2016.11.4-46.17.1 salt-doc-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 - SUSE Manager Server 3.1 (ppc64le s390x x86_64): salt-2016.11.4-46.17.1 salt-api-2016.11.4-46.17.1 salt-cloud-2016.11.4-46.17.1 salt-doc-2016.11.4-46.17.1 salt-master-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 salt-proxy-2016.11.4-46.17.1 salt-ssh-2016.11.4-46.17.1 salt-syndic-2016.11.4-46.17.1 - SUSE Manager Server 3.1 (noarch): salt-bash-completion-2016.11.4-46.17.1 salt-zsh-completion-2016.11.4-46.17.1 - SUSE Manager Server 3.0 (s390x x86_64): salt-2016.11.4-46.17.1 salt-api-2016.11.4-46.17.1 salt-doc-2016.11.4-46.17.1 salt-master-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 salt-proxy-2016.11.4-46.17.1 salt-ssh-2016.11.4-46.17.1 salt-syndic-2016.11.4-46.17.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2016.11.4-46.17.1 salt-zsh-completion-2016.11.4-46.17.1 - SUSE Manager Proxy 3.1 (ppc64le x86_64): salt-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 - SUSE Manager Proxy 3.0 (x86_64): salt-2016.11.4-46.17.1 salt-api-2016.11.4-46.17.1 salt-doc-2016.11.4-46.17.1 salt-master-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 salt-proxy-2016.11.4-46.17.1 salt-ssh-2016.11.4-46.17.1 salt-syndic-2016.11.4-46.17.1 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2016.11.4-46.17.1 salt-zsh-completion-2016.11.4-46.17.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): salt-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): salt-2016.11.4-46.17.1 salt-api-2016.11.4-46.17.1 salt-cloud-2016.11.4-46.17.1 salt-doc-2016.11.4-46.17.1 salt-master-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 salt-proxy-2016.11.4-46.17.1 salt-ssh-2016.11.4-46.17.1 salt-syndic-2016.11.4-46.17.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2016.11.4-46.17.1 salt-zsh-completion-2016.11.4-46.17.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): salt-2016.11.4-46.17.1 salt-api-2016.11.4-46.17.1 salt-master-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): salt-2016.11.4-46.17.1 salt-master-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): salt-2016.11.4-46.17.1 salt-master-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 - SUSE CaaS Platform ALL (x86_64): salt-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): salt-2016.11.4-46.17.1 salt-minion-2016.11.4-46.17.1 References: https://bugzilla.suse.com/1050003 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1065792 https://bugzilla.suse.com/1068446 https://bugzilla.suse.com/1068566 https://bugzilla.suse.com/1071322 https://bugzilla.suse.com/1072218 https://bugzilla.suse.com/1073618 https://bugzilla.suse.com/1074227 https://bugzilla.suse.com/1078001