From sle-security-updates at lists.suse.com Mon Aug 6 10:08:32 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Aug 2012 18:08:32 +0200 (CEST) Subject: SUSE-SU-2012:0958-1: important: Security update for auditlog-keeper Message-ID: <20120806160832.E4C1032249@maintenance.suse.de> SUSE Security Update: Security update for auditlog-keeper ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0958-1 Rating: important References: #771335 Cross-References: CVE-2012-0421 Affected Products: SUSE Manager 1.2 for SLE 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: auditlog-keeper was updated to fix the following issue: * /etc/auditlog-keeper.conf was world-readable and contains various passwords. (CVE-2012-0421) Security Issue reference: * CVE-2012-0421 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-auditlog-keeper-6603 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.2 for SLE 11 SP1 (noarch) [New Version: 0.2.1]: auditlog-keeper-0.2.1-0.4.6.1 References: http://support.novell.com/security/cve/CVE-2012-0421.html https://bugzilla.novell.com/771335 http://download.novell.com/patch/finder/?keywords=286a6089e03a2dc757e711cf4b2a6585 From sle-security-updates at lists.suse.com Tue Aug 7 11:08:34 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2012 19:08:34 +0200 (CEST) Subject: SUSE-SU-2012:0963-1: moderate: Security update for Gimp Message-ID: <20120807170834.C5DE532245@maintenance.suse.de> SUSE Security Update: Security update for Gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0963-1 Rating: moderate References: #763595 #769565 Cross-References: CVE-2012-2763 CVE-2012-3236 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of Gimp fixed a remotely exploitable buffer overflow in Script-Fu's server component as well as a NULL pointer dereference flaw in the fit format handler. Security Issue references: * CVE-2012-2763 * CVE-2012-3236 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-gimp-6542 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-gimp-6542 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-gimp-6542 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-gimp-6542 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): gimp-2.6.2-3.34.35.1 gimp-devel-2.6.2-3.34.35.1 gimp-lang-2.6.2-3.34.35.1 gimp-plugins-python-2.6.2-3.34.35.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): gimp-2.6.2-3.34.35.1 gimp-devel-2.6.2-3.34.35.1 gimp-lang-2.6.2-3.34.35.1 gimp-plugins-python-2.6.2-3.34.35.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gimp-2.6.2-3.34.35.1 gimp-lang-2.6.2-3.34.35.1 gimp-plugins-python-2.6.2-3.34.35.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): gimp-2.6.2-3.34.35.1 gimp-lang-2.6.2-3.34.35.1 gimp-plugins-python-2.6.2-3.34.35.1 References: http://support.novell.com/security/cve/CVE-2012-2763.html http://support.novell.com/security/cve/CVE-2012-3236.html https://bugzilla.novell.com/763595 https://bugzilla.novell.com/769565 http://download.novell.com/patch/finder/?keywords=275c435b2a85cf3f4e1f1722c12d990c From sle-security-updates at lists.suse.com Tue Aug 7 12:08:26 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Aug 2012 20:08:26 +0200 (CEST) Subject: SUSE-SU-2012:0966-1: moderate: Security update for Gimp Message-ID: <20120807180826.7FB6132240@maintenance.suse.de> SUSE Security Update: Security update for Gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0966-1 Rating: moderate References: #769565 Cross-References: CVE-2012-3236 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of Gimp fixed a NULL pointer dereference flaw in the fit format handler. Security Issue reference: * CVE-2012-3236 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): gimp-2.2.10-22.42.1 gimp-devel-2.2.10-22.42.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): gimp-2.2.10-22.42.1 gimp-devel-2.2.10-22.42.1 References: http://support.novell.com/security/cve/CVE-2012-3236.html https://bugzilla.novell.com/769565 http://download.novell.com/patch/finder/?keywords=715b3dd4ca6fcd9560aab8f12c861f37 From sle-security-updates at lists.suse.com Thu Aug 9 12:08:28 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Aug 2012 20:08:28 +0200 (CEST) Subject: SUSE-SU-2012:0979-1: important: Security update for icedtea-web Message-ID: <20120809180828.A533C321F6@maintenance.suse.de> SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0979-1 Rating: important References: #773458 Cross-References: CVE-2012-3422 CVE-2012-3423 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: The icedtea-web Java browser plugin was updated to 1.2.1 to fix security issues and bugs. * CVE-2012-3422: Potential read from a uninitialized memory location has been fixed. * CVE-2012-3423: Incorrect handling of not-0 terminated strings has been fixed. Security Issue references: * CVE-2012-3422 * CVE-2012-3423 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-icedtea-web-6626 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-icedtea-web-6621 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.2.1]: icedtea-web-1.2.1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.2.1]: icedtea-web-1.2.1-0.2.1 References: http://support.novell.com/security/cve/CVE-2012-3422.html http://support.novell.com/security/cve/CVE-2012-3423.html https://bugzilla.novell.com/773458 http://download.novell.com/patch/finder/?keywords=5f0430d04113f5d3e980b6c974b1d344 http://download.novell.com/patch/finder/?keywords=d6a8bcd6fbc566e30623b17ca8a559b5 From sle-security-updates at lists.suse.com Mon Aug 13 11:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Aug 2012 19:08:36 +0200 (CEST) Subject: SUSE-SU-2012:0983-1: important: Security update for puppet Message-ID: <20120813170836.2912532234@maintenance.suse.de> SUSE Security Update: Security update for puppet ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0983-1 Rating: important References: #770828 #770829 #770833 Cross-References: CVE-2012-3864 CVE-2012-3865 CVE-2012-3867 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: The following bugs have been fixed in puppet: * bnc#770828, CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master * bnc#770829, CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients * bnc#770833, CVE-2012-3867: puppet: insufficient input validation for agent certificate names Security Issue references: * CVE-2012-3867 * CVE-2012-3864 * CVE-2012-3865 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-puppet-6561 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-puppet-6561 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-puppet-6561 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-puppet-6561 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-puppet-6561 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.17]: puppet-2.6.17-0.3.1 puppet-server-2.6.17-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.17]: puppet-2.6.17-0.3.1 puppet-server-2.6.17-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.17]: puppet-2.6.17-0.3.1 puppet-server-2.6.17-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.6.17]: puppet-2.6.17-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 2.6.17]: puppet-2.6.17-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-3864.html http://support.novell.com/security/cve/CVE-2012-3865.html http://support.novell.com/security/cve/CVE-2012-3867.html https://bugzilla.novell.com/770828 https://bugzilla.novell.com/770829 https://bugzilla.novell.com/770833 http://download.novell.com/patch/finder/?keywords=546d90cdf89ec25e98329eee8f67dd01 From sle-security-updates at lists.suse.com Mon Aug 13 11:08:38 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Aug 2012 19:08:38 +0200 (CEST) Subject: SUSE-SU-2012:0984-1: important: Security update for MySQL Message-ID: <20120813170838.C760032234@maintenance.suse.de> SUSE Security Update: Security update for MySQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0984-1 Rating: important References: #765092 #769062 Cross-References: CVE-2012-2122 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: MySQL has been upgraded to version 5.0.96 to fix several vulnerabilities. Security Issue reference: * CVE-2012-2122 * CVE-2012-0075 * CVE-2012-0114 * CVE-2012-0490 * CVE-2012-0484 * CVE-2012-0102 * CVE-2012-0101 * CVE-2012-0087 * CVE-2009-5026 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libmysqlclient-devel-6613 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libmysqlclient-devel-6613 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libmysqlclient-devel-6613 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libmysqlclient-devel-6613 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libmysqlclient-devel-6613 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libmysqlclient-devel-6613 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libmysqlclient-devel-6613 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient-devel-5.0.96-0.4.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient_r15-32bit-5.0.96-0.4.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ia64) [New Version: 5.0.96]: libmysqlclient_r15-x86-5.0.96-0.4.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient-devel-5.0.96-0.4.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient_r15-32bit-5.0.96-0.4.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ia64) [New Version: 5.0.96]: libmysqlclient_r15-x86-5.0.96-0.4.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.4.1 libmysqlclient_r15-5.0.96-0.4.1 mysql-5.0.96-0.4.1 mysql-Max-5.0.96-0.4.1 mysql-client-5.0.96-0.4.1 mysql-tools-5.0.96-0.4.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.4.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 5.0.96]: libmysqlclient15-x86-5.0.96-0.4.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.4.1 libmysqlclient_r15-5.0.96-0.4.1 mysql-5.0.96-0.4.1 mysql-Max-5.0.96-0.4.1 mysql-client-5.0.96-0.4.1 mysql-tools-5.0.96-0.4.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.4.1 libmysqlclient_r15-5.0.96-0.4.1 mysql-5.0.96-0.4.1 mysql-Max-5.0.96-0.4.1 mysql-client-5.0.96-0.4.1 mysql-tools-5.0.96-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 5.0.96]: libmysqlclient15-x86-5.0.96-0.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.4.1 libmysqlclient_r15-5.0.96-0.4.1 mysql-5.0.96-0.4.1 mysql-client-5.0.96-0.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.4.1 libmysqlclient_r15-32bit-5.0.96-0.4.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.4.1 libmysqlclient_r15-5.0.96-0.4.1 mysql-5.0.96-0.4.1 mysql-client-5.0.96-0.4.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.4.1 libmysqlclient_r15-32bit-5.0.96-0.4.1 References: http://support.novell.com/security/cve/CVE-2012-2122.html https://bugzilla.novell.com/765092 https://bugzilla.novell.com/769062 http://download.novell.com/patch/finder/?keywords=35c5a59a35da626d86071585ee93fde8 From sle-security-updates at lists.suse.com Mon Aug 13 12:08:38 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Aug 2012 20:08:38 +0200 (CEST) Subject: SUSE-SU-2012:0985-1: moderate: Security update for apache2-mod_python Message-ID: <20120813180838.9EDD73224A@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_python ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0985-1 Rating: moderate References: #757549 Cross-References: CVE-2012-1150 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Apache2 mod_python has been changed to enable randomized hashes to help fixing denial of service problems by injecting prepared values into Python hash functions. (CVE-2012-1150) As some Python scripts might need a known hashing order, the old behaviour can be restored using a newly introduced module option called PythonRandomizeHashes The option is default on, but can be disabled if necessary for compatibility with above scripts. Security Issue reference: * CVE-2012-1150 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-apache2-mod_python-6247 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-apache2-mod_python-6247 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-apache2-mod_python-6247 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-apache2-mod_python-6247 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-apache2-mod_python-6247 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): apache2-mod_python-3.3.1-147.24.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64): apache2-mod_python-3.3.1-147.24.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_python-3.3.1-147.24.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): apache2-mod_python-3.3.1-147.24.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): apache2-mod_python-3.3.1-147.24.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_python-3.1.3-60.19.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_python-3.1.3-60.19.1 References: http://support.novell.com/security/cve/CVE-2012-1150.html https://bugzilla.novell.com/757549 http://download.novell.com/patch/finder/?keywords=28bb91c1b76181613b0798dd122cc5ac http://download.novell.com/patch/finder/?keywords=8949716005409529da7f83d076b78ef7 From sle-security-updates at lists.suse.com Mon Aug 13 13:08:37 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Aug 2012 21:08:37 +0200 (CEST) Subject: SUSE-SU-2012:0987-1: moderate: Security update for arpwatch Message-ID: <20120813190837.A498132249@maintenance.suse.de> SUSE Security Update: Security update for arpwatch ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0987-1 Rating: moderate References: #764521 Cross-References: CVE-2012-2653 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: arpwatch was improperly dropping its privileges. This has been fixed. Security Issue reference: * CVE-2012-2653 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-arpwatch-6570 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-arpwatch-6570 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-arpwatch-6570 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-arpwatch-6570 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-arpwatch-6570 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): arpwatch-ethercodes-build-2.1a15-131.23.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): arpwatch-ethercodes-build-2.1a15-131.23.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): arpwatch-2.1a15-131.23.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): arpwatch-2.1a15-131.23.2.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): arpwatch-2.1a15-131.23.2.1 References: http://support.novell.com/security/cve/CVE-2012-2653.html https://bugzilla.novell.com/764521 http://download.novell.com/patch/finder/?keywords=a181e98d3d045bfca8ffda670ddb0d79 From sle-security-updates at lists.suse.com Mon Aug 13 14:08:34 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Aug 2012 22:08:34 +0200 (CEST) Subject: SUSE-SU-2012:0988-1: moderate: Security update for bash Message-ID: <20120813200834.0E59332248@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0988-1 Rating: moderate References: #770795 Cross-References: CVE-2012-3410 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Parsing the /dev/fd prefix could have lead to a stack-based buffer overflow which could have been exploited by attackers to bypass security restrictions. This has been fixed. Security Issue reference: * CVE-2012-3410 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-bash-6541 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-bash-6541 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-bash-6541 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-bash-6541 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-bash-6541 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-bash-6541 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-bash-6541 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): readline-devel-5.2-147.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): readline-devel-32bit-5.2-147.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): libreadline5-5.2-147.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): readline-devel-5.2-147.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): readline-devel-32bit-5.2-147.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64): libreadline5-5.2-147.12.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): bash-3.2-147.12.1 bash-doc-3.2-147.12.1 libreadline5-5.2-147.12.1 readline-doc-5.2-147.12.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libreadline5-32bit-5.2-147.12.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): bash-x86-3.2-147.12.1 libreadline5-x86-5.2-147.12.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): bash-3.2-147.12.1 bash-doc-3.2-147.12.1 libreadline5-5.2-147.12.1 readline-doc-5.2-147.12.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libreadline5-32bit-5.2-147.12.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): bash-3.2-147.12.1 bash-doc-3.2-147.12.1 libreadline5-5.2-147.12.1 readline-doc-5.2-147.12.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libreadline5-32bit-5.2-147.12.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): bash-x86-3.2-147.12.1 libreadline5-x86-5.2-147.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc ppc64 s390x x86_64): bash-3.1-24.30.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): readline-5.1-24.30.1 readline-devel-5.1-24.30.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): readline-32bit-5.1-24.30.1 readline-devel-32bit-5.1-24.30.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): bash-x86-3.1-24.30.1 readline-x86-5.1-24.30.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): readline-64bit-5.1-24.30.1 readline-devel-64bit-5.1-24.30.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): bash-3.2-147.12.1 bash-doc-3.2-147.12.1 libreadline5-5.2-147.12.1 readline-doc-5.2-147.12.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libreadline5-32bit-5.2-147.12.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): bash-3.2-147.12.1 bash-doc-3.2-147.12.1 libreadline5-5.2-147.12.1 readline-doc-5.2-147.12.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libreadline5-32bit-5.2-147.12.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): bash-3.1-24.30.1 readline-5.1-24.30.1 readline-devel-5.1-24.30.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): readline-32bit-5.1-24.30.1 readline-devel-32bit-5.1-24.30.1 References: http://support.novell.com/security/cve/CVE-2012-3410.html https://bugzilla.novell.com/770795 http://download.novell.com/patch/finder/?keywords=9f2f628509b07725b6cc9d5d8f9ede1a http://download.novell.com/patch/finder/?keywords=c3e9a373f5df9b9efa73a076b434ff96 From sle-security-updates at lists.suse.com Tue Aug 14 11:08:40 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Aug 2012 19:08:40 +0200 (CEST) Subject: SUSE-SU-2012:0989-1: moderate: Security update for libpng Message-ID: <20120814170840.9BC7C32231@maintenance.suse.de> SUSE Security Update: Security update for libpng ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0989-1 Rating: moderate References: #772760 Cross-References: CVE-2012-3425 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: An integer overflow has been fixed in libpng. Security Issue reference: * CVE-2012-3425 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libpng-devel-6596 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libpng-devel-6596 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libpng-devel-6596 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libpng-devel-6596 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libpng-devel-6596 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libpng-devel-6596 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libpng-devel-6596 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.31.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.31.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.31.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libpng12-0-x86-1.2.31-5.31.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libpng12-0-1.2.31-5.31.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libpng12-0-32bit-1.2.31-5.31.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.31.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.31.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libpng12-0-x86-1.2.31-5.31.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libpng-1.2.8-19.37.24 libpng-devel-1.2.8-19.37.24 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libpng-32bit-1.2.8-19.37.24 libpng-devel-32bit-1.2.8-19.37.24 - SUSE Linux Enterprise Server 10 SP4 (ia64): libpng-x86-1.2.8-19.37.24 - SUSE Linux Enterprise Server 10 SP4 (ppc): libpng-64bit-1.2.8-19.37.24 libpng-devel-64bit-1.2.8-19.37.24 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libpng-devel-1.2.31-5.31.1 libpng12-0-1.2.31-5.31.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libpng12-0-32bit-1.2.31-5.31.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): libpng-devel-1.2.31-5.31.1 libpng12-0-1.2.31-5.31.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libpng12-0-32bit-1.2.31-5.31.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libpng-1.2.8-19.37.24 libpng-devel-1.2.8-19.37.24 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libpng-32bit-1.2.8-19.37.24 libpng-devel-32bit-1.2.8-19.37.24 References: http://support.novell.com/security/cve/CVE-2012-3425.html https://bugzilla.novell.com/772760 http://download.novell.com/patch/finder/?keywords=d28a28a6c5a99b45c2846df8de89474e http://download.novell.com/patch/finder/?keywords=ee829997acb6ea8605d61043117319b5 From sle-security-updates at lists.suse.com Thu Aug 16 11:08:40 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Aug 2012 19:08:40 +0200 (CEST) Subject: SUSE-SU-2012:0997-1: moderate: Security update for libjpeg Message-ID: <20120816170840.626E532248@maintenance.suse.de> SUSE Security Update: Security update for libjpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0997-1 Rating: moderate References: #771791 Cross-References: CVE-2012-2806 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update to libjpeg fixes a heap overflow in the JPEG decompression functions. (CVE-2012-2806 ) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-jpeg-6586 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-jpeg-6586 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-jpeg-6586 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-jpeg-6586 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-jpeg-6586 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-jpeg-6586 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-jpeg-6586 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libjpeg-devel-6.2.0-879.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libjpeg-devel-32bit-6.2.0-879.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libjpeg-devel-6.2.0-879.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libjpeg-devel-32bit-6.2.0-879.12.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): jpeg-6b-879.12.1 libjpeg-6.2.0-879.12.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libjpeg-32bit-6.2.0-879.12.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libjpeg-x86-6.2.0-879.12.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): jpeg-6b-879.12.1 libjpeg-6.2.0-879.12.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libjpeg-32bit-6.2.0-879.12.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): jpeg-6b-879.12.1 libjpeg-6.2.0-879.12.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libjpeg-32bit-6.2.0-879.12.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libjpeg-x86-6.2.0-879.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): jpeg-6b-752.8.45 libjpeg-6.2.0-752.8.45 libjpeg-devel-6.2.0-18.8.45 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libjpeg-32bit-6.2.0-752.8.45 libjpeg-devel-32bit-6.2.0-18.8.45 - SUSE Linux Enterprise Server 10 SP4 (ia64): libjpeg-x86-6.2.0-752.8.45 - SUSE Linux Enterprise Server 10 SP4 (ppc): libjpeg-64bit-6.2.0-752.8.45 libjpeg-devel-64bit-6.2.0-18.8.45 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): jpeg-6b-879.12.1 libjpeg-6.2.0-879.12.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libjpeg-32bit-6.2.0-879.12.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): jpeg-6b-879.12.1 libjpeg-6.2.0-879.12.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libjpeg-32bit-6.2.0-879.12.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): jpeg-6b-752.8.45 libjpeg-6.2.0-752.8.45 libjpeg-devel-6.2.0-18.8.45 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libjpeg-32bit-6.2.0-752.8.45 libjpeg-devel-32bit-6.2.0-18.8.45 References: http://support.novell.com/security/cve/CVE-2012-2806.html https://bugzilla.novell.com/771791 http://download.novell.com/patch/finder/?keywords=30382ed87257d139959fb1fad29dd127 http://download.novell.com/patch/finder/?keywords=93ef07584e8267eac2fbd3642ae99254 From sle-security-updates at lists.suse.com Fri Aug 17 08:08:26 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2012 16:08:26 +0200 (CEST) Subject: SUSE-SU-2012:1001-1: important: Security update for flash-player Message-ID: <20120817140826.E7A063224B@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1001-1 Rating: important References: #775986 Cross-References: CVE-2012-1535 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update of flash-player fixes a security issue that could allow attackers to execute arbitrary code remotely. (CVE-2012-1535 ) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-flash-player-6678 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-flash-player-6678 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.238]: flash-player-11.2.202.238-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 11.2.202.238]: flash-player-11.2.202.238-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-1535.html https://bugzilla.novell.com/775986 http://download.novell.com/patch/finder/?keywords=69ad427c45a606a21500c688ffe72299 From sle-security-updates at lists.suse.com Fri Aug 17 12:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2012 20:08:36 +0200 (CEST) Subject: SUSE-SU-2012:1002-1: moderate: Security update for dhcp Message-ID: <20120817180836.BA68032249@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1002-1 Rating: moderate References: #762108 #767661 #770236 #772924 Cross-References: CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. It includes one version update. Description: This update provides dhcp 4.2.4-p1, which fixes the dhcpv6 server crashing while accessing the lease on heap and provides the following additional fixes: * Security fixes: o Previously the server code was relaxed to allow packets with zero length client ids to be processed. Under some situations use of zero length client ids can cause the server to go into an infinite loop. As such ids are not valid according to RFC 2132 section 9.14 the server no longer accepts them. Client ids with a length of 1 are also invalid but the server still accepts them in order to minimize disruption. The restriction will likely be tightened in the future to disallow ids with a length of 1. (ISC-Bugs #29851, CVE-2012-3571 ) o When attempting to convert a DUID from a client id option into a hardware address handle unexpected client ids properly. (ISC-Bugs #29852, CVE-2012-3570 ) o A pair of memory leaks were found and fixed. (ISC-Bugs #30024, CVE-2012-3954 ) * Further upstream fixes: o Moved lease file check to a separate action so it is not used in restart -- it can fail when the daemon rewrites the lease causing a restart failure then. o Request dhcp6.sntp-servers in /etc/dhclient6.conf and forward to netconfig for processing. o Rotate the lease file when running in v6 mode. (ISC-Bugs #24887) o Fixed the code that checks if an address the server is planning to hand out is in a reserved range. This would appear as the server being out of addresses in pools with particular ranges. (ISC-Bugs #26498) o In the DDNS code handle error conditions more gracefully and add more logging code. The major change is to handle unexpected cancel events from the DNS client code. (ISC-Bugs #26287) o Tidy up the receive calls and eliminate the need for found_pkt. (ISC-Bugs #25066) o Add support for Infiniband over sockets to the server and relay code. o Modify the code that determines if an outstanding DDNS request should be cancelled. This patch results in cancelling the outstanding request less often. It fixes the problem caused by a client doing a release where the TXT and PTR records weren't removed from the DNS. (ISC-BUGS #27858) o Remove outdated note in the description of the bootp keyword about the option not satisfying the requirement of failover peers for denying dynamic bootp clients. (ISC-bugs #28574) o Multiple items to clean up IPv6 address processing. When processing an IA that we've seen check to see if the addresses are usable (not in use by somebody else) before handing it out. When reading in leases from the file discard expired addresses. When picking an address for a client include the IA ID in addition to the client ID to generally pick different addresses for different IAs. (ISC-Bugs #23138, #27945, #25586, #27684) o Remove unnecessary checks in the lease query code and clean up several compiler issues (some dereferences of NULL and treating an int as a boolean). (ISC-Bugs #26203) o Fix the NA and PD allocation code to handle the case where a client provides a preference and the server doesn't have any addresses or prefixes available. Previoulsy the server ignored the request with this patch it replies with a NoAddrsAvail or NoPrefixAvail response. By default the code performs according to the errata of August 2010 for RFC 3315 section 17.2.2; to enable the previous style see the section on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. o Fix up some issues found by static analysis. A potential memory leak and NULL dereference in omapi. The use of a boolean test instead of a bitwise test in dst. (ISC-Bugs #28941) In addition, the dhcp-server init script now checks the syntax prior restarting the daemon to avoid stopping of the daemon when a start would fail. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-dhcp-6606 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-dhcp-6606 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-dhcp-6606 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-dhcp-6606 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.2.4.P1]: dhcp-devel-4.2.4.P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 4.2.4.P1]: dhcp-4.2.4.P1-0.5.1 dhcp-client-4.2.4.P1-0.5.1 dhcp-relay-4.2.4.P1-0.5.1 dhcp-server-4.2.4.P1-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.2.4.P1]: dhcp-4.2.4.P1-0.5.1 dhcp-client-4.2.4.P1-0.5.1 dhcp-relay-4.2.4.P1-0.5.1 dhcp-server-4.2.4.P1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 4.2.4.P1]: dhcp-4.2.4.P1-0.5.1 dhcp-client-4.2.4.P1-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-3570.html http://support.novell.com/security/cve/CVE-2012-3571.html http://support.novell.com/security/cve/CVE-2012-3954.html https://bugzilla.novell.com/762108 https://bugzilla.novell.com/767661 https://bugzilla.novell.com/770236 https://bugzilla.novell.com/772924 http://download.novell.com/patch/finder/?keywords=be5649bf71f404d2c7566610f48e0de9 From sle-security-updates at lists.suse.com Fri Aug 17 12:08:40 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2012 20:08:40 +0200 (CEST) Subject: SUSE-SU-2012:1003-1: moderate: Security update for dhcp Message-ID: <20120817180840.A473132241@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1003-1 Rating: moderate References: #762108 #772924 Cross-References: CVE-2012-3571 CVE-2012-3954 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of dhcp fixes two security vulnerabilities: * Malformed client identifiers could cause a Denial of Service (excessive CPU consumption), effectively causing further client requests to not be processed anymore. (CVE-2012-3571 ) * Two unspecified memory leaks. (CVE-2012-3954 ) Additionally, the following issues were fixed: * The init script of dhcp-server was fixed to check syntax and fail on force-reload and restart to avoid stopping of running daemon followed by start failure * Added libgcc_s.so to chroot, so the server can report an assert/crash line. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-dhcp-6671 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-dhcp-6671 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-dhcp-6671 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-dhcp-6671 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): dhcp-devel-3.1.3.ESV-0.17.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): dhcp-3.1.3.ESV-0.17.1 dhcp-client-3.1.3.ESV-0.17.1 dhcp-relay-3.1.3.ESV-0.17.1 dhcp-server-3.1.3.ESV-0.17.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): dhcp-3.1.3.ESV-0.17.1 dhcp-client-3.1.3.ESV-0.17.1 dhcp-relay-3.1.3.ESV-0.17.1 dhcp-server-3.1.3.ESV-0.17.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): dhcp-3.1.3.ESV-0.17.1 dhcp-client-3.1.3.ESV-0.17.1 References: http://support.novell.com/security/cve/CVE-2012-3571.html http://support.novell.com/security/cve/CVE-2012-3954.html https://bugzilla.novell.com/762108 https://bugzilla.novell.com/772924 http://download.novell.com/patch/finder/?keywords=d156af3089e2b598ebfd935dab1da3ab From sle-security-updates at lists.suse.com Fri Aug 17 13:08:39 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2012 21:08:39 +0200 (CEST) Subject: SUSE-SU-2012:1005-1: moderate: Security update for dhcp Message-ID: <20120817190839.7947B32241@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1005-1 Rating: moderate References: #772924 Cross-References: CVE-2012-3571 CVE-2012-3954 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of dhcp fixed two security vulnerabilities: * Malformed client identifiers could cause a Denial of Service (excessive CPU consumption), effectively causing further client requests to not be processed anymore. (CVE-2012-3571 ) * Two unspecified memory leaks. (CVE-2012-3954 ) Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): dhcp-3.0.7-7.17.1 dhcp-client-3.0.7-7.17.1 dhcp-devel-3.0.7-7.17.1 dhcp-relay-3.0.7-7.17.1 dhcp-server-3.0.7-7.17.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): dhcp-3.0.7-7.17.1 dhcp-client-3.0.7-7.17.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): dhcp-devel-3.0.7-7.17.1 dhcp-relay-3.0.7-7.17.1 dhcp-server-3.0.7-7.17.1 References: http://support.novell.com/security/cve/CVE-2012-3571.html http://support.novell.com/security/cve/CVE-2012-3954.html https://bugzilla.novell.com/772924 http://download.novell.com/patch/finder/?keywords=da94d5b3d48594aadd850e6fdb67f6f2 From sle-security-updates at lists.suse.com Fri Aug 17 13:08:41 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Aug 2012 21:08:41 +0200 (CEST) Subject: SUSE-SU-2012:1001-2: important: Security update for flash-player Message-ID: <20120817190841.4274632241@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1001-2 Rating: important References: #775986 Cross-References: CVE-2012-1535 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update of flash-player fixes a security issue that could allow attackers to execute arbitrary code remotely. (CVE-2012-1535 ) Package List: - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.238]: flash-player-11.2.202.238-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-1535.html https://bugzilla.novell.com/775986 http://download.novell.com/patch/finder/?keywords=288a9919aa9137400b6d0a7a6164cd2f From sle-security-updates at lists.suse.com Tue Aug 21 11:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2012 19:08:36 +0200 (CEST) Subject: SUSE-SU-2012:1011-1: important: Security update for rubygem-activerecord Message-ID: <20120821170836.29E4632249@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1011-1 Rating: important References: #766792 Cross-References: CVE-2012-2695 Affected Products: WebYaST [Appliance - Tools] SUSE Linux Enterprise Software Development Kit 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update to rubygem-activerecord fixes a SQL injection caused by mishandling nested parameters . ( CVE-2012-2695 ) Indications: Everyone using rubygem-activerecord should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST [Appliance - Tools]: zypper in -t patch slewystsp1-rubygem-activerecord-2_3-6620 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-rubygem-activerecord-2_3-6620 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST [Appliance - Tools] (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-activerecord-2_3-2.3.14-0.7.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-activerecord-2_3-2.3.14-0.7.6.1 References: http://support.novell.com/security/cve/CVE-2012-2695.html https://bugzilla.novell.com/766792 http://download.novell.com/patch/finder/?keywords=f213753c3fb3cf96e214395b714e0ff1 From sle-security-updates at lists.suse.com Tue Aug 21 11:08:38 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2012 19:08:38 +0200 (CEST) Subject: SUSE-SU-2012:1012-1: important: Security update for rubygem-actionpack Message-ID: <20120821170838.5B89232245@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1012-1 Rating: important References: #765097 #766791 Cross-References: CVE-2012-2660 CVE-2012-2661 CVE-2012-2694 CVE-2012-2695 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update to rubygem-actionpack fixes two unsafe query generations with "IS NULL" in the WHERE clause. (CVE-2012-2660 , CVE-2012-2694 ) Indications: Everyone using rubygem-actionpack should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygem-actionpack-2_3-6630 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-2_3-2.3.14-0.10.1 References: http://support.novell.com/security/cve/CVE-2012-2660.html http://support.novell.com/security/cve/CVE-2012-2661.html http://support.novell.com/security/cve/CVE-2012-2694.html http://support.novell.com/security/cve/CVE-2012-2695.html https://bugzilla.novell.com/765097 https://bugzilla.novell.com/766791 http://download.novell.com/patch/finder/?keywords=2f5d4cde838678b72eb3a71ff9624a5c From sle-security-updates at lists.suse.com Tue Aug 21 11:08:40 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2012 19:08:40 +0200 (CEST) Subject: SUSE-SU-2012:1013-1: important: Security update for java-1_4_2-ibm-sap Message-ID: <20120821170840.4BDB13224B@maintenance.suse.de> SUSE Security Update: Security update for java-1_4_2-ibm-sap ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1013-1 Rating: important References: #768611 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: IBM Java 1.4.2 SR13 FP12 has been released which fixes various bugs and security issues. The CVEs being addressed are CVE-2011-3563 , CVE-2012-0499 , CVE-2012-0502 , CVE-2012-0503 , CVE-2012-0505 and CVE-2012-0506 . Further information on this update is available from http://www.ibm.com/developerworks/java/jdk/alerts/ . Indications: Everyone using java-1_4_2-sap should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP2: zypper in -t patch slesapp2-java-1_4_2-ibm-sap-6637 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP2 (x86_64): java-1_4_2-ibm-sap-1.4.2_sr13.12-0.3.1 java-1_4_2-ibm-sap-devel-1.4.2_sr13.12-0.3.1 References: https://bugzilla.novell.com/768611 http://download.novell.com/patch/finder/?keywords=f91fba551e97a31809b6ccaf5acae74f From sle-security-updates at lists.suse.com Tue Aug 21 12:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2012 20:08:27 +0200 (CEST) Subject: SUSE-SU-2012:1014-1: important: Security update for rubygem-activerecord Message-ID: <20120821180827.5CFAB3224B@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1014-1 Rating: important References: #766792 Cross-References: CVE-2012-2660 CVE-2012-2661 CVE-2012-2694 CVE-2012-2695 Affected Products: WebYaST 1.2 SUSE Studio Standard Edition 1.2 SUSE Studio Onsite 1.2 SUSE Studio Extension for System z 1.2 SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: This update to rubygem-activerecord fixes a SQL injection caused by mishandling nested parameters . ( CVE-2012-2695 ) Indications: Everyone using rubygem-activerecord should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.2: zypper in -t patch slewyst12-rubygem-activerecord-2_3-6633 - SUSE Studio Standard Edition 1.2: zypper in -t patch sleslms12-rubygem-activerecord-2_3-6633 - SUSE Studio Onsite 1.2: zypper in -t patch slestso12-rubygem-activerecord-2_3-6633 - SUSE Studio Extension for System z 1.2: zypper in -t patch slestso12-rubygem-activerecord-2_3-6633 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygem-activerecord-2_3-6632 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-activerecord-2_3-2.3.14-0.7.6.1 - SUSE Studio Standard Edition 1.2 (x86_64) [New Version: 2.3.14]: rubygem-activerecord-2_3-2.3.14-0.7.6.1 - SUSE Studio Onsite 1.2 (x86_64) [New Version: 2.3.14]: rubygem-activerecord-2_3-2.3.14-0.7.6.1 - SUSE Studio Extension for System z 1.2 (s390x) [New Version: 2.3.14]: rubygem-activerecord-2_3-2.3.14-0.7.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): rubygem-activerecord-2_3-2.3.14-0.10.1 References: http://support.novell.com/security/cve/CVE-2012-2660.html http://support.novell.com/security/cve/CVE-2012-2661.html http://support.novell.com/security/cve/CVE-2012-2694.html http://support.novell.com/security/cve/CVE-2012-2695.html https://bugzilla.novell.com/766792 http://download.novell.com/patch/finder/?keywords=4db5459b2ac69e20925f9e05cfc5777d http://download.novell.com/patch/finder/?keywords=61bc7e2d0afb2e10760ccbe026e48bd2 From sle-security-updates at lists.suse.com Tue Aug 21 12:08:29 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2012 20:08:29 +0200 (CEST) Subject: SUSE-SU-2012:1015-1: important: Security update for rubygem-actionpack Message-ID: <20120821180829.2320A32249@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1015-1 Rating: important References: #765097 #766791 Cross-References: CVE-2012-2660 CVE-2012-2694 Affected Products: WebYaST [Appliance - Tools] WebYaST 1.2 SUSE Studio Standard Edition 1.2 SUSE Studio Onsite 1.2 SUSE Studio Extension for System z 1.2 SUSE Linux Enterprise Software Development Kit 11 SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update to rubygem-actionpack fixes two unsafe query generations with "IS NULL" in the WHERE clause. (CVE-2012-2660 , CVE-2012-2694 ) Indications: Everyone using rubygem-actionpack should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST [Appliance - Tools]: zypper in -t patch slewystsp1-rubygem-actionpack-2_3-6619 - WebYaST 1.2: zypper in -t patch slewyst12-rubygem-actionpack-2_3-6665 - SUSE Studio Standard Edition 1.2: zypper in -t patch sleslms12-rubygem-actionpack-2_3-6665 - SUSE Studio Onsite 1.2: zypper in -t patch slestso12-rubygem-actionpack-2_3-6665 - SUSE Studio Extension for System z 1.2: zypper in -t patch slestso12-rubygem-actionpack-2_3-6665 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-rubygem-actionpack-2_3-6619 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST [Appliance - Tools] (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - SUSE Studio Standard Edition 1.2 (x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - SUSE Studio Onsite 1.2 (x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - SUSE Studio Extension for System z 1.2 (s390x) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.14]: rubygem-actionpack-2_3-2.3.14-0.7.6.1 References: http://support.novell.com/security/cve/CVE-2012-2660.html http://support.novell.com/security/cve/CVE-2012-2694.html https://bugzilla.novell.com/765097 https://bugzilla.novell.com/766791 http://download.novell.com/patch/finder/?keywords=53095f9d9f8560f19044c15e6eaf7b8a http://download.novell.com/patch/finder/?keywords=625e07d428b32e10138b5c46031ea3fe From sle-security-updates at lists.suse.com Tue Aug 21 12:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Aug 2012 20:08:31 +0200 (CEST) Subject: SUSE-SU-2012:1016-1: moderate: kernel update for SLE11 SP2 Message-ID: <20120821180831.692303224B@maintenance.suse.de> SUSE Security Update: kernel update for SLE11 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1016-1 Rating: moderate References: #705551 #715635 #718910 #720946 #738284 #744314 #744655 #746509 #749291 #752352 #753172 #753353 #754391 #754690 #755546 #755620 #756276 #756585 #757059 #758703 #761775 #762366 #762414 #762991 #763026 #763754 #763968 #764339 #766027 #766445 #766733 #767281 #767469 #767684 #767983 #768052 #768084 #768470 #768632 #769407 #769685 #769784 #769896 #770034 #770238 #770269 #771102 #771242 #771361 #771398 #771428 #771619 #771778 #772407 #772420 #772566 #772831 #772893 #773006 #773251 #773406 #773606 #773878 #774285 Cross-References: CVE-2012-3375 CVE-2012-3400 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves two vulnerabilities and has 62 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.38, fixing various bugs and security issues. Following security issues were fixed: CVE-2012-3400: Several buffer overread and overwrite errors in the UDF logical volume descriptor code were fixed that might have allowed local attackers able to mount UDF volumes to crash the kernel or potentially gain privileges. CVE-2012-3375: A denial of service (crash) in epoll was fixed. The three NTP leapsecond issues were fixed and are contained in Linux Kernel stable 3.0.38. The Libceph/ceph/rbd framework was imported for later Cloud storage usage. Various bug and security fixes were integrated from the Linux stable kernel 3.0.34-3.0.38 upgrade and are not explicitly listed here. Following other non-security issues were fixed: S/390: - dasd: Use correct queue for aborting requests. - dasd: Abort requests from correct queue. - [S390] Do not clobber personality flags on exec (bnc#770034). - dasd: Kick tasklet instead of processing the request_queue directly. - s390/kernel: CPU idle vs CPU hotplug (bnc#772407,LTC#83468). - lgr: Make lgr_page static (bnc#772407,LTC#83520). - s390/kernel: incorrect task size after fork of a 31 bit process (bnc#772407,LTC#83674). - dasd: Abort all requests on the request_queue, too (bnc#768084). - DASD: Add timeout attribute (bnc#771361). - dasd: Fixup typo in debugging message. - patches.suse/dasd-fail-all-requests-after-timeout.patch: Fixup handling of failfast requests (bnc#768084). - s390: allow zcrypt to /dev/random feeding to be resumed (bnc#718910) - s390/hypfs: Missing files and directories (bnc#769407,LTC#82838). - dasd: Fail all requests after timeout (bnc#768084). - s390/kernel: Add z/VM LGR detection (bnc#767281,LTC#RAS1203). BTRFS fixes (3.3-3.5+) - Btrfs: avoid sleeping in verify_parent_transid while atomic - Btrfs: fix btrfs_release_extent_buffer_page with the right usage of num_extent_pages - Btrfs: do not check delalloc when updating disk_i_size - Btrfs: look into the extent during find_all_leafs - Btrfs: do not set for_cow parameter for tree block functions - Btrfs: fix defrag regression - Btrfs: fix missing inherited flag in rename - Btrfs: do not resize a seeding device - Btrfs: cast devid to unsigned long long for printk %llu - Btrfs: add a missing spin_lock - Btrfs: restore restriper state on all mounts - Btrfs: resume balance on rw (re)mounts properly - Btrfs: fix tree log remove space corner case - Btrfs: hold a ref on the inode during writepages - Btrfs: do not return EINVAL instead of ENOMEM from open_ctree() - Btrfs: do not ignore errors from btrfs_cleanup_fs_roots() when mounting - Btrfs: fix error handling in __add_reloc_root() - Btrfs: return error of btrfs_update_inode() to caller - Btrfs: fix typo in cow_file_range_async and async_cow_submit - Btrfs: fix btrfs_is_free_space_inode to recognize btree inode - Btrfs: kill root from btrfs_is_free_space_inode - Btrfs: zero unused bytes in inode item - disable patches.suse/btrfs-8052-fix-wrong-information-of-the-directo ry-in-the-.patch (bnc#757059) XEN: - Refresh Xen patches (bnc#772831, add spinlock.nopoll option). - Update Xen patches to 3.0.35. - xen/thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). - Update Xen config files (CONFIG_XEN_SPINLOCK_ACQUIRE_NESTING=1). MD: - md: Do not truncate size at 4TB for RAID0 and Linear - md/bitmap: Do not write bitmap while earlier writes might be in-fligh (bnc#771398). - md: Fixup blktrace information. - md: Abort pending request for RAID10 (bnc#773251). - md: add raid10 tracepoints (bnc#768084). - md: wakeup thread upon rdev_dec_pending() (bnc#771398). - md: Correctly register error code on failure. - md: Do not take mddev lock when reading rdev attributes from sysfs (bnc#772420). - md: unblock SET_DISK_FAULTY ioctl (bnc#768084). Hyper-V: - net/hyperv: Use wait_event on outstanding sends during device removal. - Tools: hv: verify origin of netlink connector message. - hyperv: Add support for setting MAC from within guests. - Drivers: hv: Change the hex constant to a decimal constant. - hyperv: Add error handling to rndis_filter_device_add(). - hyperv: Add a check for ring_size value. - Drivers: hv: Cleanup the guest ID computation. - hv: add RNDIS_OID_GEN_RNDIS_CONFIG_PARAMETER. Scheduler: - sched: Make sure to not re-read variables after validation (bnc#769685). - sched: Only queue remote wakeups when crossing cache boundaries part2 (bnc#754690). - sched: really revert latency defaults to SP1 values (bnc#754690). - sched: optimize latency defaults (bnc#754690). - sched: Save some hrtick_start_fair cycles (bnc#754690). - sched: use rt.nr_cpus_allowed to recover select_task_rq() cycles (bnc#754690). - sched: Set skip_clock_update in yield_task_fair() (bnc#754690). - sched: Do not call task_group() too many times in set_task_rq() (bnc#754690). - sched: ratelimit nohz (bnc#754690). - sched: Wrap scheduler p->cpus_allowed access (bnc#754690). - sched: Avoid SMT siblings in select_idle_sibling() if possible (bnc#754690). - sched: Clean up domain traversal in select_idle_sibling() (bnc#754690). - sched: Remove rcu_read_lock/unlock() from select_idle_sibling() (bnc#754690). - sched: Fix the sched group node allocation for SD_OVERLAP domains (bnc#754690). - sched: add SD_SHARE_PKG_RESOURCES domain flags proc handler (bnc#754690). - sched: fix select_idle_sibling() induced bouncing (bnc#754690). Other fixes: - rt2800: add chipset revision RT5390R support (bnc#772566). - reiserfs: fix deadlocks with quotas (bnc#774285). - VFS: avoid prepend_path warning about d_obtain_alias aliases (bnc#773006). - ntp: avoid printk under xtime_lock (bnc#767684). - kvm: kvmclock: apply kvmclock offset to guest wall clock time (bnc#766445). - bonding: allow all slave speeds (bnc#771428). - mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables. - mm: hugetlbfs: Correctly detect if page tables have just been shared. - patches.fixes/mm-hugetlb-decrement-mapcount-under-page_table _lock.patch: Delete. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)). - ALSA: hda - Evaluate gpio_led hints at the right moment (bnc#773878). - proc: stats: Use arch_idle_time for idle and iowait times if available (bnc#772893). - tcp: perform DMA to userspace only if there is a task waiting for it (bnc#773606). - rt2x00: fix rt3290 resuming failed (bnc#771778). - patches.suse/SUSE-bootsplash: Refresh. (Fix wrong vfree() (bnc#773406)) - vhost: do not forget to schedule() (bnc#767983). - powerpc, kabi: reintroduce __cputime_msec_factor (bnc#771242). - powerpc: Fix wrong divisor in usecs_to_cputime (bnc#771242). - mm: use cpu_chill() in spin_trylock_page() and cancel on immediately RT. (bnc#768470) - be2net: Fix EEH error reset before a flash dump completes (bnc#755546). - st: Fix adding of tape link from device directory (bnc#771102). - idr: Fix locking of minor idr during failure-case removal and add freeing of minor idr during device removal. - add firmware update for Atheros 0cf3:311f (bnc#761775). - Unset CONFIG_WATCHDOG_NOWAYOUT to prevent reboot of openais on service stop. (bnc#756585) - Update config files: Enable CONFIG_RT2800PCI_RT3290. - ida: simplified functions for id allocation (bnc#749291). - ida: make ida_simple_get/put() IRQ safe (bnc#749291). - virtio-blk: use ida to allocate disk index (bnc#749291). - USB: option: Add USB ID for Novatel Ovation MC551 (bnc#770269). - USB: option: add id for Cellient MEN-200 (bnc#770269). - Fix the position of SUSE logo on text screen (bnc#770238) - enable Atheros 0cf3:311e for firmware upload (bnc#766733). - scsi_dh_alua: Improve error handling (bnc#715635). - scsi: remove an unhandled error code message (bnc#715635). - Add to support Ralink ROMA wifi chip. (bnc#758703) - x86_64, UV: Update NMI handler for UV1000/2000 systems (bnc#746509, bnc#744655). - kdb: Fix merge error in original kdb x86 patch (bnc#746509). - udf: Avoid run away loop when partition table length is corrupted (bnc#769784). - udf: Fortify loading of sparing table (bnc#769784). - udf: Use ret instead of abusing i in udf_load_logicalvol() (bnc#769784). - intel_ips: blacklist HP ProBook laptops (bnc#720946). - drm: edid: Do not add inferred modes with higher resolution (bnc#753172). - init: mm: Reschedule when initialising large numbers of memory sections. (bnc#755620). - x86/apic: Use x2apic physical mode based on FADT setting (bnc#768052). - acpiphp: add dmi info to acpiphp module (bnc#754391). - ntp: fix leap second hrtimer deadlock (bnc#768632). - ntp: avoid printk under xtime_lock (bnc#767684). - nohz: Fix update_ts_time_stat idle accounting (bnc#767469, bnc#705551). - nohz: Make idle/iowait counter update conditional (bnc#767469, bnc#705551). - bug: introduce BUILD_BUG_ON_INVALID() macro - bug: completely remove code generated by disabled. (VM Performance). - mm: call cond_resched in putback_lru_pages (bnc#763968). - Update x84-64 Xen config file (CONFIG_ACPI_PROCESSOR_AGGREGATOR=m). - ia64 is odd man out, CONFIG_SCHED_HRTICK is not set, fix build failure due to missing hrtick_enabled() in that case. - drm: Add poll blacklist for Dell Latitude E5420 (bnc#756276). - supported.conf: mark libceph and rbd as unsupported. - drm/i915: Fix eDP blank screen after S3 resume on HP desktops (bnc#752352). - mm: hugetlb: Decrement mapcount under page table lock (Consistent mapcount decrementing under lock (bnc#762366)). - mm: hugetlb: flush_tlb_range() needs page_table_lock when mmap_sem is not held. (Consistent locking for TLB flush of hugetlb pages (bnc#762366)). - mm/hugetlb.c: undo change to page mapcount in fault handler (Handle potential leaks in hugetlbfs error paths (bnc#762366)). - drm/i915: Not all systems expose a firmware or platform mechanism for changing the backlight intensity on i915, so add native driver support (bnc#752352). - i915: do not setup intel_backlight twice (bnc#752352). - drm/i915: enable vdd when switching off the eDP panel (bnc#752352). - Add missing definition blk_queue_dead(). - Backport patches from mainline to fix SCSI crash under heavy load (bnc#738284): bncs kernel-sle11sp2-i586.patchinfo kernel-sle11sp2-ia64.patchinfo kernel-sle11sp2-ppc64.patchinfo kernel-sle11sp2-s390x.patchinfo kernel-sle11sp2-x86_64.patchinfo kernel-sle11sp2-xtra-i586.patchinfo kernel-sle11sp2-xtra-ia64.patchinfo kernel-sle11sp2-xtra-ppc64.patchinfo kernel-sle11sp2-xtra-s390x.patchinfo kernel-sle11sp2-xtra-x86_64.patchinfo mksle11sp2 RCS sle11sp2-extra.template sle11sp2.template sp2.diff sp2.new.diff patches.fixes/block-add-blk_queue_dead.patch: block: add blk_queue_dead() (bnc#738284). bncs kernel-sle11sp2-i586.patchinfo kernel-sle11sp2-ia64.patchinfo kernel-sle11sp2-ppc64.patchinfo kernel-sle11sp2-s390x.patchinfo kernel-sle11sp2-x86_64.patchinfo kernel-sle11sp2-xtra-i586.patchinfo kernel-sle11sp2-xtra-ia64.patchinfo kernel-sle11sp2-xtra-ppc64.patchinfo kernel-sle11sp2-xtra-s390x.patchinfo kernel-sle11sp2-xtra-x86_64.patchinfo mksle11sp2 RCS sle11sp2-extra.template sle11sp2.template sp2.diff sp2.new.diff patches.fixes/block-add-missing-blk_queue_dead-checks.patch: block: add missing blk_queue_dead() checks (bnc#738284). bncs kernel-sle11sp2-i586.patchinfo kernel-sle11sp2-ia64.patchinfo kernel-sle11sp2-ppc64.patchinfo kernel-sle11sp2-s390x.patchinfo kernel-sle11sp2-x86_64.patchinfo kernel-sle11sp2-xtra-i586.patchinfo kernel-sle11sp2-xtra-ia64.patchinfo kernel-sle11sp2-xtra-ppc64.patchinfo kernel-sle11sp2-xtra-s390x.patchinfo kernel-sle11sp2-xtra-x86_64.patchinfo mksle11sp2 RCS sle11sp2-extra.template sle11sp2.template sp2.diff sp2.new.diff patches.fixes/block-fix-race-on-request.end_io-invocations.p atch: block: Fix race on request.end_io invocations (bnc#738284). bncs kernel-sle11sp2-i586.patchinfo kernel-sle11sp2-ia64.patchinfo kernel-sle11sp2-ppc64.patchinfo kernel-sle11sp2-s390x.patchinfo kernel-sle11sp2-x86_64.patchinfo kernel-sle11sp2-xtra-i586.patchinfo kernel-sle11sp2-xtra-ia64.patchinfo kernel-sle11sp2-xtra-ppc64.patchinfo kernel-sle11sp2-xtra-s390x.patchinfo kernel-sle11sp2-xtra-x86_64.patchinfo mksle11sp2 RCS sle11sp2-extra.template sle11sp2.template sp2.diff sp2.new.diff patches.fixes/scsi-fc-class-fix-scanning-when-devs-are-offli ne.patch: fc class: fix scanning when devs are offline (bnc#738284). bncs kernel-sle11sp2-i586.patchinfo kernel-sle11sp2-ia64.patchinfo kernel-sle11sp2-ppc64.patchinfo kernel-sle11sp2-s390x.patchinfo kernel-sle11sp2-x86_64.patchinfo kernel-sle11sp2-xtra-i586.patchinfo kernel-sle11sp2-xtra-ia64.patchinfo kernel-sle11sp2-xtra-ppc64.patchinfo kernel-sle11sp2-xtra-s390x.patchinfo kernel-sle11sp2-xtra-x86_64.patchinfo mksle11sp2 RCS sle11sp2-extra.template sle11sp2.template sp2.diff sp2.new.diff patches.fixes/scsi-fix-device-removal-NULL-pointer-dereferen ce.patch: scsi: Fix device removal NULL pointer dereference (bnc#738284). bncs kernel-sle11sp2-i586.patchinfo kernel-sle11sp2-ia64.patchinfo kernel-sle11sp2-ppc64.patchinfo kernel-sle11sp2-s390x.patchinfo kernel-sle11sp2-x86_64.patchinfo kernel-sle11sp2-xtra-i586.patchinfo kernel-sle11sp2-xtra-ia64.patchinfo kernel-sle11sp2-xtra-ppc64.patchinfo kernel-sle11sp2-xtra-s390x.patchinfo kernel-sle11sp2-xtra-x86_64.patchinfo mksle11sp2 RCS sle11sp2-extra.template sle11sp2.template sp2.diff sp2.new.diff patches.fixes/scsi-fix-the-new-host-byte-settings.patch: scsi: fix DID_TARGET_FAILURE and DID_NEXUS_FAILURE host byte settings (bnc#738284). bncs kernel-sle11sp2-i586.patchinfo kernel-sle11sp2-ia64.patchinfo kernel-sle11sp2-ppc64.patchinfo kernel-sle11sp2-s390x.patchinfo kernel-sle11sp2-x86_64.patchinfo kernel-sle11sp2-xtra-i586.patchinfo kernel-sle11sp2-xtra-ia64.patchinfo kernel-sle11sp2-xtra-ppc64.patchinfo kernel-sle11sp2-xtra-s390x.patchinfo kernel-sle11sp2-xtra-x86_64.patchinfo mksle11sp2 RCS sle11sp2-extra.template sle11sp2.template sp2.diff sp2.new.diff patches.fixes/scsi-stop-accepting-scsi-requests.patch: scsi: Stop accepting SCSI requests before removing a device (bnc#738284). bncs kernel-sle11sp2-i586.patchinfo kernel-sle11sp2-ia64.patchinfo kernel-sle11sp2-ppc64.patchinfo kernel-sle11sp2-s390x.patchinfo kernel-sle11sp2-x86_64.patchinfo kernel-sle11sp2-xtra-i586.patchinfo kernel-sle11sp2-xtra-ia64.patchinfo kernel-sle11sp2-xtra-ppc64.patchinfo kernel-sle11sp2-xtra-s390x.patchinfo kernel-sle11sp2-xtra-x86_64.patchinfo mksle11sp2 RCS sle11sp2-extra.template sle11sp2.template sp2.diff sp2.new.diff patches.fixes/scsi-Revert-put-stricter-guards-on-queue-dead- chec.patch: Delete preliminary patch. - Provide obsoleted KMPs (bnc#753353), fix ath3k obsoletes. - mm: filemap: Optimise file-backed page faulting by emulating an adaptive sleeping spinlock (bnc#762414) - Add yet another product ID for HP cert machines (bnc#764339) - x86: check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (bnc#763754). - backing-dev: use synchronize_rcu_expedited instead of synchronize_rcu (bnc#766027). - sysfs: count subdirectories (bnc#766027). - kABI fix for sysfs-count-subdirectories (bnc#766027). - block: Introduce blk_set_stacking_limits function (bnc#763026). Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-6641 slessp2-kernel-6648 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-6641 slessp2-kernel-6642 slessp2-kernel-6643 slessp2-kernel-6648 slessp2-kernel-6650 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-6641 sleshasp2-kernel-6642 sleshasp2-kernel-6643 sleshasp2-kernel-6648 sleshasp2-kernel-6650 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-6641 sledsp2-kernel-6648 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.38]: kernel-default-3.0.38-0.5.1 kernel-default-base-3.0.38-0.5.1 kernel-default-devel-3.0.38-0.5.1 kernel-source-3.0.38-0.5.1 kernel-syms-3.0.38-0.5.1 kernel-trace-3.0.38-0.5.1 kernel-trace-base-3.0.38-0.5.1 kernel-trace-devel-3.0.38-0.5.1 kernel-xen-devel-3.0.38-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.38]: kernel-pae-3.0.38-0.5.1 kernel-pae-base-3.0.38-0.5.1 kernel-pae-devel-3.0.38-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.38]: kernel-default-3.0.38-0.5.1 kernel-default-base-3.0.38-0.5.1 kernel-default-devel-3.0.38-0.5.1 kernel-source-3.0.38-0.5.1 kernel-syms-3.0.38-0.5.1 kernel-trace-3.0.38-0.5.1 kernel-trace-base-3.0.38-0.5.1 kernel-trace-devel-3.0.38-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.38]: kernel-ec2-3.0.38-0.5.1 kernel-ec2-base-3.0.38-0.5.1 kernel-ec2-devel-3.0.38-0.5.1 kernel-xen-3.0.38-0.5.1 kernel-xen-base-3.0.38-0.5.1 kernel-xen-devel-3.0.38-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.38]: kernel-default-man-3.0.38-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.38]: kernel-ppc64-3.0.38-0.5.1 kernel-ppc64-base-3.0.38-0.5.1 kernel-ppc64-devel-3.0.38-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.38]: kernel-pae-3.0.38-0.5.1 kernel-pae-base-3.0.38-0.5.1 kernel-pae-devel-3.0.38-0.5.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): gfs2-kmp-default-2_3.0.38_0.5-0.7.37 gfs2-kmp-trace-2_3.0.38_0.5-0.7.37 ocfs2-kmp-default-1.6_3.0.38_0.5-0.7.37 ocfs2-kmp-trace-1.6_3.0.38_0.5-0.7.37 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 s390x): cluster-network-kmp-default-1.4_3.0.38_0.5-2.14.2 cluster-network-kmp-trace-1.4_3.0.38_0.5-2.14.2 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64 x86_64): cluster-network-kmp-default-1.4_3.0.38_0.5-2.16.1 cluster-network-kmp-trace-1.4_3.0.38_0.5-2.16.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): gfs2-kmp-xen-2_3.0.38_0.5-0.7.37 ocfs2-kmp-xen-1.6_3.0.38_0.5-0.7.37 - SUSE Linux Enterprise High Availability Extension 11 SP2 (x86_64): cluster-network-kmp-xen-1.4_3.0.38_0.5-2.16.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.38_0.5-2.16.1 gfs2-kmp-ppc64-2_3.0.38_0.5-0.7.37 ocfs2-kmp-ppc64-1.6_3.0.38_0.5-0.7.37 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.38_0.5-2.14.2 cluster-network-kmp-xen-1.4_3.0.38_0.5-2.14.2 gfs2-kmp-pae-2_3.0.38_0.5-0.7.37 ocfs2-kmp-pae-1.6_3.0.38_0.5-0.7.37 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.38]: kernel-default-3.0.38-0.5.1 kernel-default-base-3.0.38-0.5.1 kernel-default-devel-3.0.38-0.5.1 kernel-default-extra-3.0.38-0.5.1 kernel-source-3.0.38-0.5.1 kernel-syms-3.0.38-0.5.1 kernel-trace-3.0.38-0.5.1 kernel-trace-base-3.0.38-0.5.1 kernel-trace-devel-3.0.38-0.5.1 kernel-trace-extra-3.0.38-0.5.1 kernel-xen-3.0.38-0.5.1 kernel-xen-base-3.0.38-0.5.1 kernel-xen-devel-3.0.38-0.5.1 kernel-xen-extra-3.0.38-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.38]: kernel-pae-3.0.38-0.5.1 kernel-pae-base-3.0.38-0.5.1 kernel-pae-devel-3.0.38-0.5.1 kernel-pae-extra-3.0.38-0.5.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.38_0.5-0.14.18 ext4-writeable-kmp-trace-0_3.0.38_0.5-0.14.18 kernel-default-extra-3.0.38-0.5.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.38_0.5-0.14.18 kernel-xen-extra-3.0.38-0.5.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.38_0.5-0.14.18 kernel-ppc64-extra-3.0.38-0.5.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.38_0.5-0.14.18 kernel-pae-extra-3.0.38-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-3375.html http://support.novell.com/security/cve/CVE-2012-3400.html https://bugzilla.novell.com/705551 https://bugzilla.novell.com/715635 https://bugzilla.novell.com/718910 https://bugzilla.novell.com/720946 https://bugzilla.novell.com/738284 https://bugzilla.novell.com/744314 https://bugzilla.novell.com/744655 https://bugzilla.novell.com/746509 https://bugzilla.novell.com/749291 https://bugzilla.novell.com/752352 https://bugzilla.novell.com/753172 https://bugzilla.novell.com/753353 https://bugzilla.novell.com/754391 https://bugzilla.novell.com/754690 https://bugzilla.novell.com/755546 https://bugzilla.novell.com/755620 https://bugzilla.novell.com/756276 https://bugzilla.novell.com/756585 https://bugzilla.novell.com/757059 https://bugzilla.novell.com/758703 https://bugzilla.novell.com/761775 https://bugzilla.novell.com/762366 https://bugzilla.novell.com/762414 https://bugzilla.novell.com/762991 https://bugzilla.novell.com/763026 https://bugzilla.novell.com/763754 https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764339 https://bugzilla.novell.com/766027 https://bugzilla.novell.com/766445 https://bugzilla.novell.com/766733 https://bugzilla.novell.com/767281 https://bugzilla.novell.com/767469 https://bugzilla.novell.com/767684 https://bugzilla.novell.com/767983 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/768084 https://bugzilla.novell.com/768470 https://bugzilla.novell.com/768632 https://bugzilla.novell.com/769407 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/769784 https://bugzilla.novell.com/769896 https://bugzilla.novell.com/770034 https://bugzilla.novell.com/770238 https://bugzilla.novell.com/770269 https://bugzilla.novell.com/771102 https://bugzilla.novell.com/771242 https://bugzilla.novell.com/771361 https://bugzilla.novell.com/771398 https://bugzilla.novell.com/771428 https://bugzilla.novell.com/771619 https://bugzilla.novell.com/771778 https://bugzilla.novell.com/772407 https://bugzilla.novell.com/772420 https://bugzilla.novell.com/772566 https://bugzilla.novell.com/772831 https://bugzilla.novell.com/772893 https://bugzilla.novell.com/773006 https://bugzilla.novell.com/773251 https://bugzilla.novell.com/773406 https://bugzilla.novell.com/773606 https://bugzilla.novell.com/773878 https://bugzilla.novell.com/774285 http://download.novell.com/patch/finder/?keywords=054eeda84fdfd467b6042cd0666936fd http://download.novell.com/patch/finder/?keywords=2562f1c04f34ffe16e03bb259c3fa59a http://download.novell.com/patch/finder/?keywords=2e3d7b7adbbcb9354016e7500008d6eb http://download.novell.com/patch/finder/?keywords=3ce131c8ad30c9e67989bec045d25f70 http://download.novell.com/patch/finder/?keywords=43c40bbec3b6fa96e53f65b5bd05bf22 http://download.novell.com/patch/finder/?keywords=49f71b35667d16346304bfe7962c6acf http://download.novell.com/patch/finder/?keywords=7cf89a4bc5bc5fe5716772ac7b65fe44 http://download.novell.com/patch/finder/?keywords=8ff740aad979794678ee74633038b97d http://download.novell.com/patch/finder/?keywords=9562bd6b9a1b5af7a6b07b9b3d121e2f http://download.novell.com/patch/finder/?keywords=aa508382c1b93d4d802d37d9ad3ac5b6 From sle-security-updates at lists.suse.com Wed Aug 22 09:08:38 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Aug 2012 17:08:38 +0200 (CEST) Subject: SUSE-SU-2012:1020-1: important: Security update for oracle-update Message-ID: <20120822150838.5400C32241@maintenance.suse.de> SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1020-1 Rating: important References: #757762 #771994 Cross-References: CVE-2012-0525 CVE-2012-0526 CVE-2012-0527 CVE-2012-0534 CVE-2012-0552 CVE-2012-1737 CVE-2012-1745 CVE-2012-3134 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 SUSE Manager 1.2 for SLE 11 SP1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update fixes two large sets of security issues in the Oracle Server. * http://www.oracle.com/technetwork/topics/security/cpujul2012 -392727.html (CVE-2012-1737, CVE-2012-1745, CVE-2012-3134) * http://www.oracle.com/technetwork/topics/security/cpuapr2012 -366314.html (CVE-2012-0552, CVE-2012-0534, CVE-2012-0527, CVE-2012-0526, CVE-2012-0525) Security Issue references: * CVE-2012-0552 * CVE-2012-0534 * CVE-2012-1737 * CVE-2012-1745 * CVE-2012-3134 * CVE-2012-0527 * CVE-2012-0526 * CVE-2012-0525 Indications: Everyone using the Oracle DB on SUSE Manager should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-oracle-update-6685 - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-oracle-update-6684 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): oracle-update-1.7-0.13.1 - SUSE Manager 1.2 for SLE 11 SP1 (x86_64): oracle-update-1.7-0.4.10.1 References: http://support.novell.com/security/cve/CVE-2012-0525.html http://support.novell.com/security/cve/CVE-2012-0526.html http://support.novell.com/security/cve/CVE-2012-0527.html http://support.novell.com/security/cve/CVE-2012-0534.html http://support.novell.com/security/cve/CVE-2012-0552.html http://support.novell.com/security/cve/CVE-2012-1737.html http://support.novell.com/security/cve/CVE-2012-1745.html http://support.novell.com/security/cve/CVE-2012-3134.html https://bugzilla.novell.com/757762 https://bugzilla.novell.com/771994 http://download.novell.com/patch/finder/?keywords=205067d3ac29a7b3a4b0a8d7f70ba5e9 http://download.novell.com/patch/finder/?keywords=c66e6782ca5a697b1ab08f6ec77a4b1c From sle-security-updates at lists.suse.com Wed Aug 22 12:08:33 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Aug 2012 20:08:33 +0200 (CEST) Subject: SUSE-SU-2012:1021-1: Security update for PostgreSQL Message-ID: <20120822180833.5923B32241@maintenance.suse.de> SUSE Security Update: Security update for PostgreSQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1021-1 Rating: low References: #760511 #765069 #766799 #767505 #770193 #773771 #774616 #774617 #775399 #775402 #776523 #776524 Cross-References: CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 8 fixes is now available. It includes one version update. Description: This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are: * Prevent access to external files/URLs via XML entity references. xml_parse() would attempt to fetch external files or URLs as needed to resolve DTD and entity references in an XML value, thus allowing unprivileged database users to attempt to fetch data with the privileges of the database server (CVE-2012-3489, bnc#776524). * Prevent access to external files/URLs via "contrib/xml2"'s xslt_process(). libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. Disable that through proper use of libxslt's security options. (CVE-2012-3488, bnc#776523). Also, remove xslt_process()'s ability to fetch documents and stylesheets from external files/URLs. * Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function. If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. (CVE-2012-2143) * Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler. Applying such attributes to a call handler could crash the server. (CVE-2012-2655) * Allow numeric timezone offsets in timestamp input to be up to 16 hours away from UTC. Some historical time zones have offsets larger than 15 hours, the previous limit. This could result in dumped data values being rejected during reload. * Fix timestamp conversion to cope when the given time is exactly the last DST transition time for the current timezone. This oversight has been there a long time, but was not noticed previously because most DST-using zones are presumed to have an indefinite sequence of future DST transitions. * Fix text to name and char to name casts to perform string truncation correctly in multibyte encodings. * Fix memory copying bug in to_tsquery(). * Fix slow session startup when pg_attribute is very large. If pg_attribute exceeds one-fourth of shared_buffers, cache rebuilding code that is sometimes needed during session start would trigger the synchronized-scan logic, causing it to take many times longer than normal. The problem was particularly acute if many new sessions were starting at once. * Ensure sequential scans check for query cancel reasonably often. A scan encountering many consecutive pages that contain no live tuples would not respond to interrupts meanwhile. * Show whole-row variables safely when printing views or rules. Corner cases involving ambiguous names (that is, the name could be either a table or column name of the query) were printed in an ambiguous way, risking that the view or rule would be interpreted differently after dump and reload. Avoid the ambiguous case by attaching a no-op cast. * Ensure autovacuum worker processes perform stack depth checking properly. Previously, infinite recursion in a function invoked by auto-ANALYZE could crash worker processes. * Fix logging collector to not lose log coherency under high load. The collector previously could fail to reassemble large messages if it got too busy. * Fix logging collector to ensure it will restart file rotation after receiving SIGHUP. * Fix PL/pgSQL's GET DIAGNOSTICS command when the target is the function's first variable. * Fix several performance problems in pg_dump when the database contains many objects. pg_dump could get very slow if the database contained many schemas, or if many objects are in dependency loops, or if there are many owned sequences. * Fix contrib/dblink's dblink_exec() to not leak temporary database connections upon error. Security Issue references: * CVE-2012-2143 * CVE-2012-2655 * CVE-2012-3489 * CVE-2012-3488 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-postgresql-6697 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-postgresql-6697 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-postgresql-6697 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-postgresql-6697 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-postgresql-6697 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 8.3.20]: postgresql-8.3.20-0.4.1 postgresql-contrib-8.3.20-0.4.1 postgresql-docs-8.3.20-0.4.1 postgresql-server-8.3.20-0.4.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): postgresql-init-9.1-0.6.10.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 8.3.20]: postgresql-8.3.20-0.4.1 postgresql-contrib-8.3.20-0.4.1 postgresql-docs-8.3.20-0.4.1 postgresql-server-8.3.20-0.4.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (noarch): postgresql-init-9.1-0.6.10.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 8.3.20]: postgresql-8.3.20-0.4.1 postgresql-contrib-8.3.20-0.4.1 postgresql-docs-8.3.20-0.4.1 postgresql-server-8.3.20-0.4.1 - SUSE Linux Enterprise Server 11 SP1 (noarch): postgresql-init-9.1-0.6.10.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 8.3.20]: postgresql-8.3.20-0.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): postgresql-init-9.1-0.6.10.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 8.3.20]: postgresql-8.3.20-0.4.1 - SUSE Linux Enterprise Desktop 11 SP1 (noarch): postgresql-init-9.1-0.6.10.1 References: http://support.novell.com/security/cve/CVE-2012-2143.html http://support.novell.com/security/cve/CVE-2012-2655.html http://support.novell.com/security/cve/CVE-2012-3488.html http://support.novell.com/security/cve/CVE-2012-3489.html https://bugzilla.novell.com/760511 https://bugzilla.novell.com/765069 https://bugzilla.novell.com/766799 https://bugzilla.novell.com/767505 https://bugzilla.novell.com/770193 https://bugzilla.novell.com/773771 https://bugzilla.novell.com/774616 https://bugzilla.novell.com/774617 https://bugzilla.novell.com/775399 https://bugzilla.novell.com/775402 https://bugzilla.novell.com/776523 https://bugzilla.novell.com/776524 http://download.novell.com/patch/finder/?keywords=a40b143814a37b566fd7889125c16b7d From sle-security-updates at lists.suse.com Thu Aug 23 08:08:22 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Aug 2012 16:08:22 +0200 (CEST) Subject: SUSE-SU-2012:1027-1: important: Security update for gimp Message-ID: <20120823140822.EA40F3223E@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1027-1 Rating: important References: #775429 Cross-References: CVE-2012-3403 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or even to potentially execute arbitrary code (CVE-2012-3402). Security Issue reference: * CVE-2012-3403 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): gimp-2.2.10-22.44.1 gimp-devel-2.2.10-22.44.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): gimp-2.2.10-22.44.1 gimp-devel-2.2.10-22.44.1 References: http://support.novell.com/security/cve/CVE-2012-3403.html https://bugzilla.novell.com/775429 http://download.novell.com/patch/finder/?keywords=5d18ef4dd81fda3effcb7cb85c6ef536 From sle-security-updates at lists.suse.com Thu Aug 23 08:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Aug 2012 16:08:27 +0200 (CEST) Subject: SUSE-SU-2012:1029-1: important: Security update for gimp Message-ID: <20120823140827.835573224C@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1029-1 Rating: important References: #775433 Cross-References: CVE-2012-3403 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or even to potentially execute arbitrary code (CVE-2012-3403). Security Issue reference: * CVE-2012-3403 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-gimp-6683 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-gimp-6683 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-gimp-6683 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-gimp-6683 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): gimp-2.6.2-3.34.37.1 gimp-devel-2.6.2-3.34.37.1 gimp-lang-2.6.2-3.34.37.1 gimp-plugins-python-2.6.2-3.34.37.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): gimp-2.6.2-3.34.37.1 gimp-devel-2.6.2-3.34.37.1 gimp-lang-2.6.2-3.34.37.1 gimp-plugins-python-2.6.2-3.34.37.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gimp-2.6.2-3.34.37.1 gimp-lang-2.6.2-3.34.37.1 gimp-plugins-python-2.6.2-3.34.37.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): gimp-2.6.2-3.34.37.1 gimp-lang-2.6.2-3.34.37.1 gimp-plugins-python-2.6.2-3.34.37.1 References: http://support.novell.com/security/cve/CVE-2012-3403.html https://bugzilla.novell.com/775433 http://download.novell.com/patch/finder/?keywords=ca4c519bd6348192da66901f8d815893 From sle-security-updates at lists.suse.com Fri Aug 24 01:08:26 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Aug 2012 09:08:26 +0200 (CEST) Subject: SUSE-SU-2012:1033-1: important: Security update for PHP5 Message-ID: <20120824070826.91E413224C@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1033-1 Rating: important References: #769785 #772580 #772582 Cross-References: CVE-2012-2688 CVE-2012-3365 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: Three security bugs have been fixed in PHP5. * CVE-2012-2688: php5: potential overflow in _php_stream_scandir * CVE-2012-3365: open_basedir bypass via SQLite extension * CVE-2012-3450: An out of band read sql denial of service has been fixed (bnc#769785) Security Issue reference: * CVE-2012-2688 * CVE-2012-3365 * CVE-2012-3450 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php53-6634 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php53-6634 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php53-6634 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.8-0.35.1 php53-imap-5.3.8-0.35.1 php53-posix-5.3.8-0.35.1 php53-readline-5.3.8-0.35.1 php53-sockets-5.3.8-0.35.1 php53-sqlite-5.3.8-0.35.1 php53-tidy-5.3.8-0.35.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php53-5.3.8-0.35.1 php53-5.3.8-0.35.1 php53-bcmath-5.3.8-0.35.1 php53-bz2-5.3.8-0.35.1 php53-calendar-5.3.8-0.35.1 php53-ctype-5.3.8-0.35.1 php53-curl-5.3.8-0.35.1 php53-dba-5.3.8-0.35.1 php53-dom-5.3.8-0.35.1 php53-exif-5.3.8-0.35.1 php53-fastcgi-5.3.8-0.35.1 php53-fileinfo-5.3.8-0.35.1 php53-ftp-5.3.8-0.35.1 php53-gd-5.3.8-0.35.1 php53-gettext-5.3.8-0.35.1 php53-gmp-5.3.8-0.35.1 php53-iconv-5.3.8-0.35.1 php53-intl-5.3.8-0.35.1 php53-json-5.3.8-0.35.1 php53-ldap-5.3.8-0.35.1 php53-mbstring-5.3.8-0.35.1 php53-mcrypt-5.3.8-0.35.1 php53-mysql-5.3.8-0.35.1 php53-odbc-5.3.8-0.35.1 php53-openssl-5.3.8-0.35.1 php53-pcntl-5.3.8-0.35.1 php53-pdo-5.3.8-0.35.1 php53-pear-5.3.8-0.35.1 php53-pgsql-5.3.8-0.35.1 php53-pspell-5.3.8-0.35.1 php53-shmop-5.3.8-0.35.1 php53-snmp-5.3.8-0.35.1 php53-soap-5.3.8-0.35.1 php53-suhosin-5.3.8-0.35.1 php53-sysvmsg-5.3.8-0.35.1 php53-sysvsem-5.3.8-0.35.1 php53-sysvshm-5.3.8-0.35.1 php53-tokenizer-5.3.8-0.35.1 php53-wddx-5.3.8-0.35.1 php53-xmlreader-5.3.8-0.35.1 php53-xmlrpc-5.3.8-0.35.1 php53-xmlwriter-5.3.8-0.35.1 php53-xsl-5.3.8-0.35.1 php53-zip-5.3.8-0.35.1 php53-zlib-5.3.8-0.35.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.8-0.35.1 php53-5.3.8-0.35.1 php53-bcmath-5.3.8-0.35.1 php53-bz2-5.3.8-0.35.1 php53-calendar-5.3.8-0.35.1 php53-ctype-5.3.8-0.35.1 php53-curl-5.3.8-0.35.1 php53-dba-5.3.8-0.35.1 php53-dom-5.3.8-0.35.1 php53-exif-5.3.8-0.35.1 php53-fastcgi-5.3.8-0.35.1 php53-fileinfo-5.3.8-0.35.1 php53-ftp-5.3.8-0.35.1 php53-gd-5.3.8-0.35.1 php53-gettext-5.3.8-0.35.1 php53-gmp-5.3.8-0.35.1 php53-iconv-5.3.8-0.35.1 php53-intl-5.3.8-0.35.1 php53-json-5.3.8-0.35.1 php53-ldap-5.3.8-0.35.1 php53-mbstring-5.3.8-0.35.1 php53-mcrypt-5.3.8-0.35.1 php53-mysql-5.3.8-0.35.1 php53-odbc-5.3.8-0.35.1 php53-openssl-5.3.8-0.35.1 php53-pcntl-5.3.8-0.35.1 php53-pdo-5.3.8-0.35.1 php53-pear-5.3.8-0.35.1 php53-pgsql-5.3.8-0.35.1 php53-pspell-5.3.8-0.35.1 php53-shmop-5.3.8-0.35.1 php53-snmp-5.3.8-0.35.1 php53-soap-5.3.8-0.35.1 php53-suhosin-5.3.8-0.35.1 php53-sysvmsg-5.3.8-0.35.1 php53-sysvsem-5.3.8-0.35.1 php53-sysvshm-5.3.8-0.35.1 php53-tokenizer-5.3.8-0.35.1 php53-wddx-5.3.8-0.35.1 php53-xmlreader-5.3.8-0.35.1 php53-xmlrpc-5.3.8-0.35.1 php53-xmlwriter-5.3.8-0.35.1 php53-xsl-5.3.8-0.35.1 php53-zip-5.3.8-0.35.1 php53-zlib-5.3.8-0.35.1 References: http://support.novell.com/security/cve/CVE-2012-2688.html http://support.novell.com/security/cve/CVE-2012-3365.html https://bugzilla.novell.com/769785 https://bugzilla.novell.com/772580 https://bugzilla.novell.com/772582 http://download.novell.com/patch/finder/?keywords=420b5b682c991063fad653127ae5b257 From sle-security-updates at lists.suse.com Fri Aug 24 06:08:27 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Aug 2012 14:08:27 +0200 (CEST) Subject: SUSE-SU-2012:1034-1: important: Security update for php5 Message-ID: <20120824120827.D614D3224A@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1034-1 Rating: important References: #772580 #772582 Cross-References: CVE-2012-2688 CVE-2012-3365 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update fixes two security issues of PHP5: * Potential overflow in _php_stream_scandir. (CVE-2012-2688 ) * open_basedir bypass via SQLite extension. (CVE-2012-3365 ) Indications: Everyone using PHP5 should update.. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-apache2-mod_php5-6627 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-apache2-mod_php5-6627 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-apache2-mod_php5-6627 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-apache2-mod_php5-6627 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-apache2-mod_php5-6627 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: php5-devel-5.2.14-0.7.30.42.1 php5-imap-5.2.14-0.7.30.42.1 php5-ncurses-5.2.14-0.7.30.42.1 php5-posix-5.2.14-0.7.30.42.1 php5-readline-5.2.14-0.7.30.42.1 php5-sockets-5.2.14-0.7.30.42.1 php5-sqlite-5.2.14-0.7.30.42.1 php5-tidy-5.2.14-0.7.30.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.42.1 php5-5.2.14-0.7.30.42.1 php5-bcmath-5.2.14-0.7.30.42.1 php5-bz2-5.2.14-0.7.30.42.1 php5-calendar-5.2.14-0.7.30.42.1 php5-ctype-5.2.14-0.7.30.42.1 php5-curl-5.2.14-0.7.30.42.1 php5-dba-5.2.14-0.7.30.42.1 php5-dbase-5.2.14-0.7.30.42.1 php5-dom-5.2.14-0.7.30.42.1 php5-exif-5.2.14-0.7.30.42.1 php5-fastcgi-5.2.14-0.7.30.42.1 php5-ftp-5.2.14-0.7.30.42.1 php5-gd-5.2.14-0.7.30.42.1 php5-gettext-5.2.14-0.7.30.42.1 php5-gmp-5.2.14-0.7.30.42.1 php5-hash-5.2.14-0.7.30.42.1 php5-iconv-5.2.14-0.7.30.42.1 php5-json-5.2.14-0.7.30.42.1 php5-ldap-5.2.14-0.7.30.42.1 php5-mbstring-5.2.14-0.7.30.42.1 php5-mcrypt-5.2.14-0.7.30.42.1 php5-mysql-5.2.14-0.7.30.42.1 php5-odbc-5.2.14-0.7.30.42.1 php5-openssl-5.2.14-0.7.30.42.1 php5-pcntl-5.2.14-0.7.30.42.1 php5-pdo-5.2.14-0.7.30.42.1 php5-pear-5.2.14-0.7.30.42.1 php5-pgsql-5.2.14-0.7.30.42.1 php5-pspell-5.2.14-0.7.30.42.1 php5-shmop-5.2.14-0.7.30.42.1 php5-snmp-5.2.14-0.7.30.42.1 php5-soap-5.2.14-0.7.30.42.1 php5-suhosin-5.2.14-0.7.30.42.1 php5-sysvmsg-5.2.14-0.7.30.42.1 php5-sysvsem-5.2.14-0.7.30.42.1 php5-sysvshm-5.2.14-0.7.30.42.1 php5-tokenizer-5.2.14-0.7.30.42.1 php5-wddx-5.2.14-0.7.30.42.1 php5-xmlreader-5.2.14-0.7.30.42.1 php5-xmlrpc-5.2.14-0.7.30.42.1 php5-xmlwriter-5.2.14-0.7.30.42.1 php5-xsl-5.2.14-0.7.30.42.1 php5-zip-5.2.14-0.7.30.42.1 php5-zlib-5.2.14-0.7.30.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: php5-devel-5.2.14-0.7.30.42.1 php5-imap-5.2.14-0.7.30.42.1 php5-ncurses-5.2.14-0.7.30.42.1 php5-posix-5.2.14-0.7.30.42.1 php5-readline-5.2.14-0.7.30.42.1 php5-sockets-5.2.14-0.7.30.42.1 php5-sqlite-5.2.14-0.7.30.42.1 php5-tidy-5.2.14-0.7.30.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.42.1 php5-5.2.14-0.7.30.42.1 php5-bcmath-5.2.14-0.7.30.42.1 php5-bz2-5.2.14-0.7.30.42.1 php5-calendar-5.2.14-0.7.30.42.1 php5-ctype-5.2.14-0.7.30.42.1 php5-curl-5.2.14-0.7.30.42.1 php5-dba-5.2.14-0.7.30.42.1 php5-dbase-5.2.14-0.7.30.42.1 php5-dom-5.2.14-0.7.30.42.1 php5-exif-5.2.14-0.7.30.42.1 php5-fastcgi-5.2.14-0.7.30.42.1 php5-ftp-5.2.14-0.7.30.42.1 php5-gd-5.2.14-0.7.30.42.1 php5-gettext-5.2.14-0.7.30.42.1 php5-gmp-5.2.14-0.7.30.42.1 php5-hash-5.2.14-0.7.30.42.1 php5-iconv-5.2.14-0.7.30.42.1 php5-json-5.2.14-0.7.30.42.1 php5-ldap-5.2.14-0.7.30.42.1 php5-mbstring-5.2.14-0.7.30.42.1 php5-mcrypt-5.2.14-0.7.30.42.1 php5-mysql-5.2.14-0.7.30.42.1 php5-odbc-5.2.14-0.7.30.42.1 php5-openssl-5.2.14-0.7.30.42.1 php5-pcntl-5.2.14-0.7.30.42.1 php5-pdo-5.2.14-0.7.30.42.1 php5-pear-5.2.14-0.7.30.42.1 php5-pgsql-5.2.14-0.7.30.42.1 php5-pspell-5.2.14-0.7.30.42.1 php5-shmop-5.2.14-0.7.30.42.1 php5-snmp-5.2.14-0.7.30.42.1 php5-soap-5.2.14-0.7.30.42.1 php5-suhosin-5.2.14-0.7.30.42.1 php5-sysvmsg-5.2.14-0.7.30.42.1 php5-sysvsem-5.2.14-0.7.30.42.1 php5-sysvshm-5.2.14-0.7.30.42.1 php5-tokenizer-5.2.14-0.7.30.42.1 php5-wddx-5.2.14-0.7.30.42.1 php5-xmlreader-5.2.14-0.7.30.42.1 php5-xmlrpc-5.2.14-0.7.30.42.1 php5-xmlwriter-5.2.14-0.7.30.42.1 php5-xsl-5.2.14-0.7.30.42.1 php5-zip-5.2.14-0.7.30.42.1 php5-zlib-5.2.14-0.7.30.42.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.42.1 php5-5.2.14-0.7.30.42.1 php5-bcmath-5.2.14-0.7.30.42.1 php5-bz2-5.2.14-0.7.30.42.1 php5-calendar-5.2.14-0.7.30.42.1 php5-ctype-5.2.14-0.7.30.42.1 php5-curl-5.2.14-0.7.30.42.1 php5-dba-5.2.14-0.7.30.42.1 php5-dbase-5.2.14-0.7.30.42.1 php5-dom-5.2.14-0.7.30.42.1 php5-exif-5.2.14-0.7.30.42.1 php5-fastcgi-5.2.14-0.7.30.42.1 php5-ftp-5.2.14-0.7.30.42.1 php5-gd-5.2.14-0.7.30.42.1 php5-gettext-5.2.14-0.7.30.42.1 php5-gmp-5.2.14-0.7.30.42.1 php5-hash-5.2.14-0.7.30.42.1 php5-iconv-5.2.14-0.7.30.42.1 php5-json-5.2.14-0.7.30.42.1 php5-ldap-5.2.14-0.7.30.42.1 php5-mbstring-5.2.14-0.7.30.42.1 php5-mcrypt-5.2.14-0.7.30.42.1 php5-mysql-5.2.14-0.7.30.42.1 php5-odbc-5.2.14-0.7.30.42.1 php5-openssl-5.2.14-0.7.30.42.1 php5-pcntl-5.2.14-0.7.30.42.1 php5-pdo-5.2.14-0.7.30.42.1 php5-pear-5.2.14-0.7.30.42.1 php5-pgsql-5.2.14-0.7.30.42.1 php5-pspell-5.2.14-0.7.30.42.1 php5-shmop-5.2.14-0.7.30.42.1 php5-snmp-5.2.14-0.7.30.42.1 php5-soap-5.2.14-0.7.30.42.1 php5-suhosin-5.2.14-0.7.30.42.1 php5-sysvmsg-5.2.14-0.7.30.42.1 php5-sysvsem-5.2.14-0.7.30.42.1 php5-sysvshm-5.2.14-0.7.30.42.1 php5-tokenizer-5.2.14-0.7.30.42.1 php5-wddx-5.2.14-0.7.30.42.1 php5-xmlreader-5.2.14-0.7.30.42.1 php5-xmlrpc-5.2.14-0.7.30.42.1 php5-xmlwriter-5.2.14-0.7.30.42.1 php5-xsl-5.2.14-0.7.30.42.1 php5-zip-5.2.14-0.7.30.42.1 php5-zlib-5.2.14-0.7.30.42.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.42.1 php5-5.2.14-0.7.30.42.1 php5-bcmath-5.2.14-0.7.30.42.1 php5-bz2-5.2.14-0.7.30.42.1 php5-calendar-5.2.14-0.7.30.42.1 php5-ctype-5.2.14-0.7.30.42.1 php5-curl-5.2.14-0.7.30.42.1 php5-dba-5.2.14-0.7.30.42.1 php5-dbase-5.2.14-0.7.30.42.1 php5-dom-5.2.14-0.7.30.42.1 php5-exif-5.2.14-0.7.30.42.1 php5-fastcgi-5.2.14-0.7.30.42.1 php5-ftp-5.2.14-0.7.30.42.1 php5-gd-5.2.14-0.7.30.42.1 php5-gettext-5.2.14-0.7.30.42.1 php5-gmp-5.2.14-0.7.30.42.1 php5-hash-5.2.14-0.7.30.42.1 php5-iconv-5.2.14-0.7.30.42.1 php5-json-5.2.14-0.7.30.42.1 php5-ldap-5.2.14-0.7.30.42.1 php5-mbstring-5.2.14-0.7.30.42.1 php5-mcrypt-5.2.14-0.7.30.42.1 php5-mysql-5.2.14-0.7.30.42.1 php5-odbc-5.2.14-0.7.30.42.1 php5-openssl-5.2.14-0.7.30.42.1 php5-pcntl-5.2.14-0.7.30.42.1 php5-pdo-5.2.14-0.7.30.42.1 php5-pear-5.2.14-0.7.30.42.1 php5-pgsql-5.2.14-0.7.30.42.1 php5-pspell-5.2.14-0.7.30.42.1 php5-shmop-5.2.14-0.7.30.42.1 php5-snmp-5.2.14-0.7.30.42.1 php5-soap-5.2.14-0.7.30.42.1 php5-suhosin-5.2.14-0.7.30.42.1 php5-sysvmsg-5.2.14-0.7.30.42.1 php5-sysvsem-5.2.14-0.7.30.42.1 php5-sysvshm-5.2.14-0.7.30.42.1 php5-tokenizer-5.2.14-0.7.30.42.1 php5-wddx-5.2.14-0.7.30.42.1 php5-xmlreader-5.2.14-0.7.30.42.1 php5-xmlrpc-5.2.14-0.7.30.42.1 php5-xmlwriter-5.2.14-0.7.30.42.1 php5-xsl-5.2.14-0.7.30.42.1 php5-zip-5.2.14-0.7.30.42.1 php5-zlib-5.2.14-0.7.30.42.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.42.1 php5-5.2.14-0.7.30.42.1 php5-bcmath-5.2.14-0.7.30.42.1 php5-bz2-5.2.14-0.7.30.42.1 php5-calendar-5.2.14-0.7.30.42.1 php5-ctype-5.2.14-0.7.30.42.1 php5-curl-5.2.14-0.7.30.42.1 php5-dba-5.2.14-0.7.30.42.1 php5-dbase-5.2.14-0.7.30.42.1 php5-dom-5.2.14-0.7.30.42.1 php5-exif-5.2.14-0.7.30.42.1 php5-fastcgi-5.2.14-0.7.30.42.1 php5-ftp-5.2.14-0.7.30.42.1 php5-gd-5.2.14-0.7.30.42.1 php5-gettext-5.2.14-0.7.30.42.1 php5-gmp-5.2.14-0.7.30.42.1 php5-hash-5.2.14-0.7.30.42.1 php5-iconv-5.2.14-0.7.30.42.1 php5-json-5.2.14-0.7.30.42.1 php5-ldap-5.2.14-0.7.30.42.1 php5-mbstring-5.2.14-0.7.30.42.1 php5-mcrypt-5.2.14-0.7.30.42.1 php5-mysql-5.2.14-0.7.30.42.1 php5-odbc-5.2.14-0.7.30.42.1 php5-openssl-5.2.14-0.7.30.42.1 php5-pcntl-5.2.14-0.7.30.42.1 php5-pdo-5.2.14-0.7.30.42.1 php5-pear-5.2.14-0.7.30.42.1 php5-pgsql-5.2.14-0.7.30.42.1 php5-pspell-5.2.14-0.7.30.42.1 php5-shmop-5.2.14-0.7.30.42.1 php5-snmp-5.2.14-0.7.30.42.1 php5-soap-5.2.14-0.7.30.42.1 php5-suhosin-5.2.14-0.7.30.42.1 php5-sysvmsg-5.2.14-0.7.30.42.1 php5-sysvsem-5.2.14-0.7.30.42.1 php5-sysvshm-5.2.14-0.7.30.42.1 php5-tokenizer-5.2.14-0.7.30.42.1 php5-wddx-5.2.14-0.7.30.42.1 php5-xmlreader-5.2.14-0.7.30.42.1 php5-xmlrpc-5.2.14-0.7.30.42.1 php5-xmlwriter-5.2.14-0.7.30.42.1 php5-xsl-5.2.14-0.7.30.42.1 php5-zip-5.2.14-0.7.30.42.1 php5-zlib-5.2.14-0.7.30.42.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.36.1 php5-5.2.14-0.36.1 php5-bcmath-5.2.14-0.36.1 php5-bz2-5.2.14-0.36.1 php5-calendar-5.2.14-0.36.1 php5-ctype-5.2.14-0.36.1 php5-curl-5.2.14-0.36.1 php5-dba-5.2.14-0.36.1 php5-dbase-5.2.14-0.36.1 php5-devel-5.2.14-0.36.1 php5-dom-5.2.14-0.36.1 php5-exif-5.2.14-0.36.1 php5-fastcgi-5.2.14-0.36.1 php5-ftp-5.2.14-0.36.1 php5-gd-5.2.14-0.36.1 php5-gettext-5.2.14-0.36.1 php5-gmp-5.2.14-0.36.1 php5-hash-5.2.14-0.36.1 php5-iconv-5.2.14-0.36.1 php5-imap-5.2.14-0.36.1 php5-json-5.2.14-0.36.1 php5-ldap-5.2.14-0.36.1 php5-mbstring-5.2.14-0.36.1 php5-mcrypt-5.2.14-0.36.1 php5-mhash-5.2.14-0.36.1 php5-mysql-5.2.14-0.36.1 php5-ncurses-5.2.14-0.36.1 php5-odbc-5.2.14-0.36.1 php5-openssl-5.2.14-0.36.1 php5-pcntl-5.2.14-0.36.1 php5-pdo-5.2.14-0.36.1 php5-pear-5.2.14-0.36.1 php5-pgsql-5.2.14-0.36.1 php5-posix-5.2.14-0.36.1 php5-pspell-5.2.14-0.36.1 php5-shmop-5.2.14-0.36.1 php5-snmp-5.2.14-0.36.1 php5-soap-5.2.14-0.36.1 php5-sockets-5.2.14-0.36.1 php5-sqlite-5.2.14-0.36.1 php5-suhosin-5.2.14-0.36.1 php5-sysvmsg-5.2.14-0.36.1 php5-sysvsem-5.2.14-0.36.1 php5-sysvshm-5.2.14-0.36.1 php5-tokenizer-5.2.14-0.36.1 php5-wddx-5.2.14-0.36.1 php5-xmlreader-5.2.14-0.36.1 php5-xmlrpc-5.2.14-0.36.1 php5-xsl-5.2.14-0.36.1 php5-zlib-5.2.14-0.36.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): apache2-mod_php5-5.2.14-0.36.1 php5-5.2.14-0.36.1 php5-bcmath-5.2.14-0.36.1 php5-bz2-5.2.14-0.36.1 php5-calendar-5.2.14-0.36.1 php5-ctype-5.2.14-0.36.1 php5-curl-5.2.14-0.36.1 php5-dba-5.2.14-0.36.1 php5-dbase-5.2.14-0.36.1 php5-devel-5.2.14-0.36.1 php5-dom-5.2.14-0.36.1 php5-exif-5.2.14-0.36.1 php5-fastcgi-5.2.14-0.36.1 php5-ftp-5.2.14-0.36.1 php5-gd-5.2.14-0.36.1 php5-gettext-5.2.14-0.36.1 php5-gmp-5.2.14-0.36.1 php5-hash-5.2.14-0.36.1 php5-iconv-5.2.14-0.36.1 php5-imap-5.2.14-0.36.1 php5-ldap-5.2.14-0.36.1 php5-mbstring-5.2.14-0.36.1 php5-mcrypt-5.2.14-0.36.1 php5-mhash-5.2.14-0.36.1 php5-mysql-5.2.14-0.36.1 php5-ncurses-5.2.14-0.36.1 php5-odbc-5.2.14-0.36.1 php5-openssl-5.2.14-0.36.1 php5-pcntl-5.2.14-0.36.1 php5-pdo-5.2.14-0.36.1 php5-pear-5.2.14-0.36.1 php5-pgsql-5.2.14-0.36.1 php5-posix-5.2.14-0.36.1 php5-pspell-5.2.14-0.36.1 php5-shmop-5.2.14-0.36.1 php5-snmp-5.2.14-0.36.1 php5-soap-5.2.14-0.36.1 php5-sockets-5.2.14-0.36.1 php5-sqlite-5.2.14-0.36.1 php5-suhosin-5.2.14-0.36.1 php5-sysvmsg-5.2.14-0.36.1 php5-sysvsem-5.2.14-0.36.1 php5-sysvshm-5.2.14-0.36.1 php5-tidy-5.2.14-0.36.1 php5-tokenizer-5.2.14-0.36.1 php5-wddx-5.2.14-0.36.1 php5-xmlreader-5.2.14-0.36.1 php5-xmlrpc-5.2.14-0.36.1 php5-xsl-5.2.14-0.36.1 php5-zlib-5.2.14-0.36.1 References: http://support.novell.com/security/cve/CVE-2012-2688.html http://support.novell.com/security/cve/CVE-2012-3365.html https://bugzilla.novell.com/772580 https://bugzilla.novell.com/772582 http://download.novell.com/patch/finder/?keywords=f1cb3933c34c88daac7ac39335eb91e7 http://download.novell.com/patch/finder/?keywords=fc638212971731cdbc6514110c6dec93 From sle-security-updates at lists.suse.com Fri Aug 24 15:08:34 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Aug 2012 23:08:34 +0200 (CEST) Subject: SUSE-SU-2012:1038-1: important: Security update for gimp Message-ID: <20120824210834.ADCD33224E@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1038-1 Rating: important References: #724628 Cross-References: CVE-2012-3481 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or to potentially execute arbitrary code (CVE-2012-3481). Security Issue reference: * CVE-2012-3481 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-gimp-6712 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-gimp-6712 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-gimp-6712 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-gimp-6712 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): gimp-2.6.2-3.34.39.1 gimp-devel-2.6.2-3.34.39.1 gimp-lang-2.6.2-3.34.39.1 gimp-plugins-python-2.6.2-3.34.39.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): gimp-2.6.2-3.34.39.1 gimp-devel-2.6.2-3.34.39.1 gimp-lang-2.6.2-3.34.39.1 gimp-plugins-python-2.6.2-3.34.39.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gimp-2.6.2-3.34.39.1 gimp-lang-2.6.2-3.34.39.1 gimp-plugins-python-2.6.2-3.34.39.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): gimp-2.6.2-3.34.39.1 gimp-lang-2.6.2-3.34.39.1 gimp-plugins-python-2.6.2-3.34.39.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): gimp-2.2.10-22.46.1 gimp-devel-2.2.10-22.46.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): gimp-2.2.10-22.46.1 gimp-devel-2.2.10-22.46.1 References: http://support.novell.com/security/cve/CVE-2012-3481.html https://bugzilla.novell.com/724628 http://download.novell.com/patch/finder/?keywords=12c9a930398cff75c99abf194e212747 http://download.novell.com/patch/finder/?keywords=e035e67d5f659aef60e434860c71dcfa From sle-security-updates at lists.suse.com Mon Aug 27 08:08:21 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Aug 2012 16:08:21 +0200 (CEST) Subject: SUSE-SU-2012:1042-1: Security update for openssh Message-ID: <20120827140821.B17663224C@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1042-1 Rating: low References: #709782 #744643 #756370 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This collective security update of openssh fixed multiple security issues: * memory exhaustion in gssapi due to integer overflow (bnc#756370, CVE-2011-5000) * forced command option information leak (bnc#744643, CVE-2012-0814) Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc ppc64 s390x x86_64): openssh-5.1p1-41.12.8 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): openssh-askpass-5.1p1-41.12.8 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): openssh-5.1p1-41.12.8 openssh-askpass-5.1p1-41.12.8 References: https://bugzilla.novell.com/709782 https://bugzilla.novell.com/744643 https://bugzilla.novell.com/756370 http://download.novell.com/patch/finder/?keywords=1433a415c626f2bfb25c692b714ebf1c From sle-security-updates at lists.suse.com Mon Aug 27 09:08:35 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Aug 2012 17:08:35 +0200 (CEST) Subject: SUSE-SU-2012:1043-1: important: Security update for Xen and libvirt Message-ID: <20120827150835.8ABC432249@maintenance.suse.de> SUSE Security Update: Security update for Xen and libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1043-1 Rating: important References: #746702 #762484 #762963 #764982 #766283 #773393 #773401 #773955 Cross-References: CVE-2012-3432 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. It includes one version update. Description: Xen was updated to fix several security issues: * CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host. * CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed. * CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash). Also the following bug in XEN has been fixed: * bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory This update also included bugfixes for: * vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest * virt-manager - SLE11-SP2 ONLY * bnc#764982 - virt-manager fails to start after upgrade to SLES11 SP2 from SLES10 Security Issue reference: * CVE-2012-3432 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201208-6640 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201208-6640 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201208-6640 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): libvirt-devel-0.9.6-0.21.3 libvirt-devel-32bit-0.9.6-0.21.3 xen-devel-4.1.2_20-0.5.2 - SUSE Linux Enterprise Server 11 SP2 (x86_64) [New Version: 0.5.10]: libvirt-0.9.6-0.21.3 libvirt-client-0.9.6-0.21.3 libvirt-client-32bit-0.9.6-0.21.3 libvirt-doc-0.9.6-0.21.3 libvirt-python-0.9.6-0.21.3 virt-manager-0.9.0-3.19.1 vm-install-0.5.10-0.5.1 xen-4.1.2_20-0.5.2 xen-doc-html-4.1.2_20-0.5.2 xen-doc-pdf-4.1.2_20-0.5.2 xen-kmp-default-4.1.2_20_3.0.38_0.5-0.5.2 xen-kmp-trace-4.1.2_20_3.0.38_0.5-0.5.2 xen-libs-32bit-4.1.2_20-0.5.2 xen-libs-4.1.2_20-0.5.2 xen-tools-4.1.2_20-0.5.2 xen-tools-domU-4.1.2_20-0.5.2 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 0.5.10]: libvirt-0.9.6-0.21.3 libvirt-client-0.9.6-0.21.3 libvirt-client-32bit-0.9.6-0.21.3 libvirt-doc-0.9.6-0.21.3 libvirt-python-0.9.6-0.21.3 virt-manager-0.9.0-3.19.1 vm-install-0.5.10-0.5.1 xen-4.1.2_20-0.5.2 xen-doc-html-4.1.2_20-0.5.2 xen-doc-pdf-4.1.2_20-0.5.2 xen-kmp-default-4.1.2_20_3.0.38_0.5-0.5.2 xen-kmp-trace-4.1.2_20_3.0.38_0.5-0.5.2 xen-libs-32bit-4.1.2_20-0.5.2 xen-libs-4.1.2_20-0.5.2 xen-tools-4.1.2_20-0.5.2 xen-tools-domU-4.1.2_20-0.5.2 References: http://support.novell.com/security/cve/CVE-2012-3432.html https://bugzilla.novell.com/746702 https://bugzilla.novell.com/762484 https://bugzilla.novell.com/762963 https://bugzilla.novell.com/764982 https://bugzilla.novell.com/766283 https://bugzilla.novell.com/773393 https://bugzilla.novell.com/773401 https://bugzilla.novell.com/773955 http://download.novell.com/patch/finder/?keywords=6aa25504d39edb169f3b6d3e111160e9 From sle-security-updates at lists.suse.com Mon Aug 27 09:08:38 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Aug 2012 17:08:38 +0200 (CEST) Subject: SUSE-SU-2012:1044-1: important: Security update for Xen Message-ID: <20120827150838.2D9C43224E@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1044-1 Rating: important References: #744771 #746702 #762484 #762963 #773393 #773401 Cross-References: CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. It includes one version update. Description: Xen was updated to fix several security issues: * CVE-2012-3433: A xen HVM guest destroy p2m teardown host DoS vulnerability was fixed, where malicious guest could lock/crash the host. * CVE-2012-3432: A xen HVM guest user mode MMIO emulation DoS was fixed. * CVE-2012-2625: The xen pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel, leading to denial of service (crash). Also the following bug in XEN was fixed: * bnc#746702 - Xen HVM DomU crash during Windows Server 2008 R2 install, when maxmem > memory This update also included bugfixes for: * vm-install: - bnc#762963 - ReaR: Unable to recover a paravirtualized XEN guest Security Issue references: * CVE-2012-3432 * CVE-2012-3433 * CVE-2012-2625 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-xen-201208-6653 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-xen-201208-6653 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-xen-201208-6653 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-xen-201208-6653 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64): xen-devel-4.0.3_21548_08-0.7.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): xen-kmp-trace-4.0.3_21548_08_2.6.32.59_0.7-0.7.1 - SUSE Linux Enterprise Server 11 SP1 (i586 x86_64) [New Version: 0.4.34]: vm-install-0.4.34-0.3.1 xen-4.0.3_21548_08-0.7.1 xen-doc-html-4.0.3_21548_08-0.7.1 xen-doc-pdf-4.0.3_21548_08-0.7.1 xen-kmp-default-4.0.3_21548_08_2.6.32.59_0.7-0.7.1 xen-kmp-trace-4.0.3_21548_08_2.6.32.59_0.7-0.7.1 xen-libs-4.0.3_21548_08-0.7.1 xen-tools-4.0.3_21548_08-0.7.1 xen-tools-domU-4.0.3_21548_08-0.7.1 - SUSE Linux Enterprise Server 11 SP1 (i586): xen-kmp-pae-4.0.3_21548_08_2.6.32.59_0.7-0.7.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 0.4.34]: vm-install-0.4.34-0.3.1 xen-4.0.3_21548_08-0.7.1 xen-kmp-default-4.0.3_21548_08_2.6.32.59_0.7-0.7.1 xen-libs-4.0.3_21548_08-0.7.1 xen-tools-4.0.3_21548_08-0.7.1 xen-tools-domU-4.0.3_21548_08-0.7.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586): xen-kmp-pae-4.0.3_21548_08_2.6.32.59_0.7-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-2625.html http://support.novell.com/security/cve/CVE-2012-3432.html http://support.novell.com/security/cve/CVE-2012-3433.html https://bugzilla.novell.com/744771 https://bugzilla.novell.com/746702 https://bugzilla.novell.com/762484 https://bugzilla.novell.com/762963 https://bugzilla.novell.com/773393 https://bugzilla.novell.com/773401 http://download.novell.com/patch/finder/?keywords=872c7f98262a167c6598ea04dc6e81c7 From sle-security-updates at lists.suse.com Mon Aug 27 10:08:33 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Aug 2012 18:08:33 +0200 (CEST) Subject: SUSE-SU-2012:1045-1: Security update for openssh Message-ID: <20120827160833.CEB0D32247@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1045-1 Rating: low References: #709782 #744643 #752354 #756370 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This collective security update of openssh fixes multiple security issues: * memory exhaustion in gssapi due to integer overflow (bnc#756370, CVE-2011-5000) * forced command option information leak (bnc#744643, CVE-2012-0814) Additionally, the following bug has been fixed: * bnc#752354 server-side delay upon user exiting a ssh session, due to DNS queries from libaudit Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-openssh-6672 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-openssh-6672 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-openssh-6672 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-openssh-6672 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-openssh-6672 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): openssh-5.1p1-41.55.1 openssh-askpass-5.1p1-41.55.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): openssh-5.1p1-41.55.1 openssh-askpass-5.1p1-41.55.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): openssh-5.1p1-41.55.1 openssh-askpass-5.1p1-41.55.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): openssh-5.1p1-41.55.1 openssh-askpass-5.1p1-41.55.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): openssh-5.1p1-41.55.1 openssh-askpass-5.1p1-41.55.1 References: https://bugzilla.novell.com/709782 https://bugzilla.novell.com/744643 https://bugzilla.novell.com/752354 https://bugzilla.novell.com/756370 http://download.novell.com/patch/finder/?keywords=821184d97a25861059a30ef236c52014 From sle-security-updates at lists.suse.com Mon Aug 27 12:08:29 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Aug 2012 20:08:29 +0200 (CEST) Subject: SUSE-SU-2012:1048-1: moderate: Security update for bind Message-ID: <20120827180829.E087E3224C@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1048-1 Rating: moderate References: #772945 Cross-References: CVE-2012-3817 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The bind nameserver was updated to fix a crash (denial of service) that might have happened during high DNSSEC validation load (CVE-2012-3817). Security Issue references: * CVE-2012-3817 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bind-6605 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bind-6605 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bind-6605 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bind-6605 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P2]: bind-devel-9.6ESVR7P2-0.8.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64) [New Version: 9.6ESVR7P2]: bind-devel-32bit-9.6ESVR7P2-0.8.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.6ESVR7P2]: bind-9.6ESVR7P2-0.8.1 bind-chrootenv-9.6ESVR7P2-0.8.1 bind-doc-9.6ESVR7P2-0.8.1 bind-libs-9.6ESVR7P2-0.8.1 bind-utils-9.6ESVR7P2-0.8.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 9.6ESVR7P2]: bind-libs-32bit-9.6ESVR7P2-0.8.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P2]: bind-9.6ESVR7P2-0.8.1 bind-chrootenv-9.6ESVR7P2-0.8.1 bind-doc-9.6ESVR7P2-0.8.1 bind-libs-9.6ESVR7P2-0.8.1 bind-utils-9.6ESVR7P2-0.8.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 9.6ESVR7P2]: bind-libs-32bit-9.6ESVR7P2-0.8.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 9.6ESVR7P2]: bind-libs-x86-9.6ESVR7P2-0.8.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.6ESVR7P2]: bind-libs-9.6ESVR7P2-0.8.1 bind-utils-9.6ESVR7P2-0.8.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 9.6ESVR7P2]: bind-libs-32bit-9.6ESVR7P2-0.8.1 References: http://support.novell.com/security/cve/CVE-2012-3817.html https://bugzilla.novell.com/772945 http://download.novell.com/patch/finder/?keywords=e31cb22c3908ed163e0191b36c51844d From sle-security-updates at lists.suse.com Tue Aug 28 02:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Aug 2012 10:08:31 +0200 (CEST) Subject: SUSE-SU-2012:1048-2: moderate: Security update for bind Message-ID: <20120828080831.43BBE3224A@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1048-2 Rating: moderate References: #772945 Cross-References: CVE-2012-3817 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The bind nameserver was updated to fix a crash (denial of service) during high DNSSEC validation load (CVE-2012-3817) Security Issues: * CVE-2012-3817 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-bind-6604 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-bind-6604 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-bind-6604 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-bind-6604 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P2]: bind-devel-9.6ESVR7P2-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64) [New Version: 9.6ESVR7P2]: bind-devel-32bit-9.6ESVR7P2-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 9.6ESVR7P2]: bind-9.6ESVR7P2-0.3.1 bind-chrootenv-9.6ESVR7P2-0.3.1 bind-doc-9.6ESVR7P2-0.3.1 bind-libs-9.6ESVR7P2-0.3.1 bind-utils-9.6ESVR7P2-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 9.6ESVR7P2]: bind-libs-32bit-9.6ESVR7P2-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.6ESVR7P2]: bind-9.6ESVR7P2-0.3.1 bind-chrootenv-9.6ESVR7P2-0.3.1 bind-doc-9.6ESVR7P2-0.3.1 bind-libs-9.6ESVR7P2-0.3.1 bind-utils-9.6ESVR7P2-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 9.6ESVR7P2]: bind-libs-32bit-9.6ESVR7P2-0.3.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 9.6ESVR7P2]: bind-libs-x86-9.6ESVR7P2-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 9.6ESVR7P2]: bind-libs-9.6ESVR7P2-0.3.1 bind-utils-9.6ESVR7P2-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 9.6ESVR7P2]: bind-libs-32bit-9.6ESVR7P2-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-3817.html https://bugzilla.novell.com/772945 http://download.novell.com/patch/finder/?keywords=aa25ddbd1e6d04a2c38a2c56fcbc02fe From sle-security-updates at lists.suse.com Wed Aug 29 09:08:33 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Aug 2012 17:08:33 +0200 (CEST) Subject: SUSE-SU-2012:1048-3: moderate: Security update for bind Message-ID: <20120829150833.7C9AE32246@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1048-3 Rating: moderate References: #772945 Cross-References: CVE-2012-3817 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The bind nameserver was updated to fix a crash (denial of service) that may have been caused by high DNSSEC validation load (CVE-2012-3817). Security Issue reference: * CVE-2012-3817 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 9.6ESVR7P2]: bind-9.6ESVR7P2-0.7.1 bind-chrootenv-9.6ESVR7P2-0.7.1 bind-devel-9.6ESVR7P2-0.7.1 bind-doc-9.6ESVR7P2-0.7.1 bind-libs-9.6ESVR7P2-0.7.1 bind-utils-9.6ESVR7P2-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 9.6ESVR7P2]: bind-libs-32bit-9.6ESVR7P2-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 9.6ESVR7P2]: bind-libs-x86-9.6ESVR7P2-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 9.6ESVR7P2]: bind-devel-64bit-9.6ESVR7P2-0.7.1 bind-libs-64bit-9.6ESVR7P2-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 9.6ESVR7P2]: bind-libs-9.6ESVR7P2-0.7.1 bind-utils-9.6ESVR7P2-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 9.6ESVR7P2]: bind-libs-32bit-9.6ESVR7P2-0.7.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 9.6ESVR7P2]: bind-9.6ESVR7P2-0.7.1 bind-chrootenv-9.6ESVR7P2-0.7.1 bind-devel-9.6ESVR7P2-0.7.1 bind-doc-9.6ESVR7P2-0.7.1 - SLE SDK 10 SP4 (ppc) [New Version: 9.6ESVR7P2]: bind-devel-64bit-9.6ESVR7P2-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-3817.html https://bugzilla.novell.com/772945 http://download.novell.com/patch/finder/?keywords=336ff0f5a24d826e2d8f3e523f06fe9c From sle-security-updates at lists.suse.com Wed Aug 29 13:08:37 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Aug 2012 21:08:37 +0200 (CEST) Subject: SUSE-SU-2012:1056-1: moderate: Security update for Real Time Linux kernel Message-ID: <20120829190837.96A8B3224B@maintenance.suse.de> SUSE Security Update: Security update for Real Time Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1056-1 Rating: moderate References: #676204 #717994 #726600 #730118 #731673 #740745 #745832 #749118 #749569 #750079 #758058 #758260 #758532 #760902 #763194 #764150 #769896 Cross-References: CVE-2009-4020 CVE-2011-1083 CVE-2011-4077 CVE-2011-4086 CVE-2011-4132 CVE-2011-4330 CVE-2012-0044 CVE-2012-0810 CVE-2012-1090 CVE-2012-1097 CVE-2012-2123 CVE-2012-2133 CVE-2012-2383 CVE-2012-2384 CVE-2012-2390 CVE-2012-3375 Affected Products: SUSE Linux Enterprise Real Time 11 SP1 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has one errata is now available. It includes one version update. Description: The SUSE Linux Enterprise Server 11 SP1 Realtime kernel has been updated to fix various bugs and security issues. The following security issues have been fixed: * CVE-2012-3375: Fixed a denial of service condition in the epoll loop detection. * CVE-2012-2390: Memory leaks in the hugetlbfs map reservation code have been fixed that could be used by local attackers to exhaust machine memory. * CVE-2012-2133: A fix use after free bug in "quota" handling of hugepages has been fixed that could cause a local denial of service. * CVE-2012-2384: A integer overflow in i915_gem_do_execbuffer() has been fixed that might be used by local attackers to crash the kernel or potentially execute code. * CVE-2012-2383: A integer overflow in i915_gem_execbuffer2() has been fixed that might be used by local attackers to crash the kernel or potentially execute code. * CVE-2012-2123: The filesystem cabability handling was not fully correct, allowing local users to bypass fscaps related restrictions to disable e.g. address space randomization. * CVE-2009-4020: Fixed a potential buffer overflow in hfsplus that could have been used to crash the kernel by supplying a bad hfsplus image for mounting. * CVE-2011-4330: Mounting a corrupted hfs filesystem could have lead to a buffer overflow. * CVE-2012-1097: The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. * CVE-2011-1083: Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. * CVE-2012-1090: Fixed a dentry refcount leak when opening a FIFO on lookup in cifs that could have been used to crash the kernel. * CVE-2012-0810: A stack reusage bug has been fixed which could be used by local attackers to crash the kernel in some circumstances. As this only affects x86 32bit, it does not affect x86_64 at all. * CVE-2012-0044: A integer overflow in drm_mode_dirtyfb_ioctl() has been fixed that might be used by local attackers to crash the kernel or execute code. * CVE-2011-4077: A possible memory corruption in xfs_readlink has been fixed that could be used by local users able to mount xfs images to crash the kernel. * CVE-2011-4132: Fixed a oops in jbd/jbd2 that could have been caused by mounting a malicious prepared filesystem. * CVE-2011-4086: Fixed a oops in jbd/jbd2 that could have been caused by specific filesystem access patterns. Also the following non security bugs have been fixed: * sched: Fix proc_sched_set_task() (bnc#717994). * vlan/core: Fix memory leak/corruption on VLAN GRO_DROP (bnc#758058). Security Issue references: * CVE-2009-4020 * CVE-2011-1083 * CVE-2011-4077 * CVE-2011-4086 * CVE-2011-4132 * CVE-2011-4330 * CVE-2012-0044 * CVE-2012-0810 * CVE-2012-1090 * CVE-2012-1097 * CVE-2012-2123 * CVE-2012-2383 * CVE-2012-2384 * CVE-2012-2390 * CVE-2012-3375 * CVE-2012-2133 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP1: zypper in -t patch slertesp1-kernel-6677 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP1 (x86_64) [New Version: 2.6.33.20]: brocade-bna-kmp-rt-2.1.0.0_2.6.33.20_rt31_0.5-0.2.52 cluster-network-kmp-rt-1.4_2.6.33.20_rt31_0.5-2.5.62 cluster-network-kmp-rt_trace-1.4_2.6.33.20_rt31_0.5-2.5.62 drbd-kmp-rt-8.3.11_2.6.33.20_rt31_0.5-0.3.62 drbd-kmp-rt_trace-8.3.11_2.6.33.20_rt31_0.5-0.3.62 iscsitarget-kmp-rt-1.4.19_2.6.33.20_rt31_0.5-0.9.11.38 kernel-rt-2.6.33.20-0.5.1 kernel-rt-base-2.6.33.20-0.5.1 kernel-rt-devel-2.6.33.20-0.5.1 kernel-rt_trace-2.6.33.20-0.5.1 kernel-rt_trace-base-2.6.33.20-0.5.1 kernel-rt_trace-devel-2.6.33.20-0.5.1 kernel-source-rt-2.6.33.20-0.5.1 kernel-syms-rt-2.6.33.20-0.5.1 ocfs2-kmp-rt-1.6_2.6.33.20_rt31_0.5-0.4.2.62 ocfs2-kmp-rt_trace-1.6_2.6.33.20_rt31_0.5-0.4.2.62 ofed-kmp-rt-1.5.2_2.6.33.20_rt31_0.5-0.9.13.49 References: http://support.novell.com/security/cve/CVE-2009-4020.html http://support.novell.com/security/cve/CVE-2011-1083.html http://support.novell.com/security/cve/CVE-2011-4077.html http://support.novell.com/security/cve/CVE-2011-4086.html http://support.novell.com/security/cve/CVE-2011-4132.html http://support.novell.com/security/cve/CVE-2011-4330.html http://support.novell.com/security/cve/CVE-2012-0044.html http://support.novell.com/security/cve/CVE-2012-0810.html http://support.novell.com/security/cve/CVE-2012-1090.html http://support.novell.com/security/cve/CVE-2012-1097.html http://support.novell.com/security/cve/CVE-2012-2123.html http://support.novell.com/security/cve/CVE-2012-2133.html http://support.novell.com/security/cve/CVE-2012-2383.html http://support.novell.com/security/cve/CVE-2012-2384.html http://support.novell.com/security/cve/CVE-2012-2390.html http://support.novell.com/security/cve/CVE-2012-3375.html https://bugzilla.novell.com/676204 https://bugzilla.novell.com/717994 https://bugzilla.novell.com/726600 https://bugzilla.novell.com/730118 https://bugzilla.novell.com/731673 https://bugzilla.novell.com/740745 https://bugzilla.novell.com/745832 https://bugzilla.novell.com/749118 https://bugzilla.novell.com/749569 https://bugzilla.novell.com/750079 https://bugzilla.novell.com/758058 https://bugzilla.novell.com/758260 https://bugzilla.novell.com/758532 https://bugzilla.novell.com/760902 https://bugzilla.novell.com/763194 https://bugzilla.novell.com/764150 https://bugzilla.novell.com/769896 http://download.novell.com/patch/finder/?keywords=6ec388979fe13af4de509d36e09a4dc4 From sle-security-updates at lists.suse.com Thu Aug 30 12:08:33 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Aug 2012 20:08:33 +0200 (CEST) Subject: SUSE-SU-2012:1071-1: moderate: Security update for quota Message-ID: <20120830180834.0096632258@maintenance.suse.de> SUSE Security Update: Security update for quota ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1071-1 Rating: moderate References: #772570 Cross-References: CVE-2012-3417 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The quota package was updated to fix an issue with tcp_wrappers, where hosts.allow/deny files would have not been correctly honored. (CVE-2012-3417) Security Issue reference: * CVE-2012-3417 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-quota-6711 slessp2-quota-6724 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-quota-6711 slessp2-quota-6724 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-quota-6737 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-quota-6737 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-quota-6711 sledsp2-quota-6724 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-quota-6737 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): quota-3.16-50.39.1 quota-nfs-3.16-50.39.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): quota-3.16-50.39.1 quota-nfs-3.16-50.39.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): quota-3.16-50.36.36.2 quota-nfs-3.16-50.36.36.2 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): quota-3.16-50.36.36.2 quota-nfs-3.16-50.36.36.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): quota-3.16-50.39.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): quota-3.16-50.36.36.2 References: http://support.novell.com/security/cve/CVE-2012-3417.html https://bugzilla.novell.com/772570 http://download.novell.com/patch/finder/?keywords=5b1b1ff021c6fa5bf81afe1f443cbf23 http://download.novell.com/patch/finder/?keywords=8f52db0f27a0a6581536a44c063b3337 http://download.novell.com/patch/finder/?keywords=a202f0abb7804584faa3e6a6fc00871e From sle-security-updates at lists.suse.com Fri Aug 31 09:08:30 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Aug 2012 17:08:30 +0200 (CEST) Subject: SUSE-SU-2012:1071-2: moderate: Security update for quota Message-ID: <20120831150830.235DD3225B@maintenance.suse.de> SUSE Security Update: Security update for quota ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1071-2 Rating: moderate References: #772570 Cross-References: CVE-2012-3417 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The quota package was updated to fix an issue with tcp_wrappers, where hosts.allow/deny files would have not been correctly honored. (CVE-2012-3417) Security Issue reference: * CVE-2012-3417 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): quota-3.13-17.18.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): quota-3.13-17.18.1 References: http://support.novell.com/security/cve/CVE-2012-3417.html https://bugzilla.novell.com/772570 http://download.novell.com/patch/finder/?keywords=0a46fef03534da311570e6b60db7e6c2 From sle-security-updates at lists.suse.com Fri Aug 31 17:08:35 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 1 Sep 2012 01:08:35 +0200 (CEST) Subject: SUSE-SU-2012:1077-1: moderate: Security update for nuts Message-ID: <20120831230835.4538732249@maintenance.suse.de> SUSE Security Update: Security update for nuts ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1077-1 Rating: moderate References: #764699 Cross-References: CVE-2012-2944 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update of nuts fixes a denial of service flaw that could have been exploited by remote attackers to cause an application crash of upsd. Security Issue reference: * CVE-2012-2944 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libupsclient1-6379 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libupsclient1-6379 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libupsclient1-6379 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libupsclient1-6379 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libupsclient1-6379 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.2]: nut-cgi-2.6.2-0.2.4.1 nut-devel-2.6.2-0.2.4.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 2.6.2]: libupsclient1-2.6.2-0.2.4.1 nut-2.6.2-0.2.4.1 nut-classic-2.6.2-0.2.4.1 nut-drivers-net-2.6.2-0.2.4.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.2]: nut-cgi-2.6.2-0.2.4.1 nut-devel-2.6.2-0.2.4.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 2.6.2]: libupsclient1-2.6.2-0.2.4.1 nut-2.6.2-0.2.4.1 nut-classic-2.6.2-0.2.4.1 nut-drivers-net-2.6.2-0.2.4.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.2]: libupsclient1-2.6.2-0.2.4.1 nut-2.6.2-0.2.4.1 nut-classic-2.6.2-0.2.4.1 nut-drivers-net-2.6.2-0.2.4.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 2.6.2]: libupsclient1-2.6.2-0.2.4.1 nut-2.6.2-0.2.4.1 nut-classic-2.6.2-0.2.4.1 nut-drivers-net-2.6.2-0.2.4.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.2]: libupsclient1-2.6.2-0.2.4.1 nut-2.6.2-0.2.4.1 nut-classic-2.6.2-0.2.4.1 nut-drivers-net-2.6.2-0.2.4.1 References: http://support.novell.com/security/cve/CVE-2012-2944.html https://bugzilla.novell.com/764699 http://download.novell.com/patch/finder/?keywords=c2b37f2261099e65d55a6c02fb324155