From sle-security-updates at lists.suse.com Tue Dec 4 13:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Dec 2012 21:08:36 +0100 (CET) Subject: SUSE-SU-2012:1605-1: moderate: Security update for libwebkit Message-ID: <20121204200836.762A33234B@maintenance.suse.de> SUSE Security Update: Security update for libwebkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1605-1 Rating: moderate References: #688701 #688702 Cross-References: CVE-2011-1344 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Two issues in libwebkit have been fixed: * CVE-2011-1290: Webkit CSS Text Element Count remote code execution was fixed. * CVE-2011-1344: WebKit WBR Tag Removal remote code execution was fixed. Security Issue reference: * CVE-2011-1344 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libwebkit-7114 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libwebkit-7114 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libwebkit-1_0-2-1.2.7-0.15.2 libwebkit-devel-1.2.7-0.15.2 libwebkit-lang-1.2.7-0.15.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libwebkit-1_0-2-1.2.7-0.15.2 libwebkit-lang-1.2.7-0.15.2 References: http://support.novell.com/security/cve/CVE-2011-1344.html https://bugzilla.novell.com/688701 https://bugzilla.novell.com/688702 http://download.novell.com/patch/finder/?keywords=65e2ca40c4e75aa0c6a03eced96f17f4 From sle-security-updates at lists.suse.com Tue Dec 4 14:08:37 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Dec 2012 22:08:37 +0100 (CET) Subject: SUSE-SU-2012:1606-1: important: Security update for Xen Message-ID: <20121204210837.137683234D@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1606-1 Rating: important References: #789950 #789951 Cross-References: CVE-2012-5513 CVE-2012-5515 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following security issues in xen: * CVE-2012-5513: XENMEM_exchange may overwrite hypervisor memory (XSA-29) * CVE-2012-5515: Several memory hypercall operations allow invalid extent order values (XSA-31) Also the following bugs have been fixed and upstream patches have been applied: 26134-x86-shadow-invlpg-check.patch Security Issue references: * CVE-2012-5513 * CVE-2012-5515 Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): xen-3.2.3_17040_44-0.7.1 xen-devel-3.2.3_17040_44-0.7.1 xen-doc-html-3.2.3_17040_44-0.7.1 xen-doc-pdf-3.2.3_17040_44-0.7.1 xen-doc-ps-3.2.3_17040_44-0.7.1 xen-kmp-debug-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-default-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-kdump-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-smp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-libs-3.2.3_17040_44-0.7.1 xen-tools-3.2.3_17040_44-0.7.1 xen-tools-domU-3.2.3_17040_44-0.7.1 xen-tools-ioemu-3.2.3_17040_44-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_44-0.7.1 - SUSE Linux Enterprise Server 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-kdumppae-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-vmi-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-vmipae-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): xen-3.2.3_17040_44-0.7.1 xen-devel-3.2.3_17040_44-0.7.1 xen-doc-html-3.2.3_17040_44-0.7.1 xen-doc-pdf-3.2.3_17040_44-0.7.1 xen-doc-ps-3.2.3_17040_44-0.7.1 xen-kmp-default-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-smp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-libs-3.2.3_17040_44-0.7.1 xen-tools-3.2.3_17040_44-0.7.1 xen-tools-domU-3.2.3_17040_44-0.7.1 xen-tools-ioemu-3.2.3_17040_44-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_44-0.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): xen-kmp-bigsmp-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 - SLE SDK 10 SP4 (i586 x86_64): xen-3.2.3_17040_44-0.7.1 xen-devel-3.2.3_17040_44-0.7.1 xen-kmp-debug-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-kmp-kdump-3.2.3_17040_44_2.6.16.60_0.99.13-0.7.1 xen-libs-3.2.3_17040_44-0.7.1 xen-tools-3.2.3_17040_44-0.7.1 xen-tools-ioemu-3.2.3_17040_44-0.7.1 - SLE SDK 10 SP4 (x86_64): xen-libs-32bit-3.2.3_17040_44-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-5513.html http://support.novell.com/security/cve/CVE-2012-5515.html https://bugzilla.novell.com/789950 https://bugzilla.novell.com/789951 http://download.novell.com/patch/finder/?keywords=193b206adfdaf6da1ce1c5ced79e9f29 From sle-security-updates at lists.suse.com Thu Dec 6 09:08:44 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Dec 2012 17:08:44 +0100 (CET) Subject: SUSE-SU-2012:1615-1: important: Security update for Xen Message-ID: <20121206160844.38D1B32347@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1615-1 Rating: important References: #777628 #789940 #789944 #789945 #789948 #789950 #789951 #789988 #792476 Cross-References: CVE-2012-5510 CVE-2012-5511 CVE-2012-5512 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update fixes the following security issues in xen: * CVE-2012-5510: Grant table version switch list corruption vulnerability (XSA-26) * CVE-2012-5511: Several HVM operations do not validate the range of their inputs (XSA-27) * CVE-2012-5512: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak (XSA-28) * CVE-2012-5513: XENMEM_exchange may overwrite hypervisor memory (XSA-29) * CVE-2012-5514: Missing unlock in guest_physmap_mark_populate_on_demand() (XSA-30) * CVE-2012-5515: Several memory hypercall operations allow invalid extent order values (XSA-31) Also the following bugs have been fixed and upstream patches have been applied: * FATAL PAGE FAULT in hypervisor (arch_do_domctl) * 25931-x86-domctl-iomem-mapping-checks.patch * 26132-tmem-save-NULL-check.patch * 26134-x86-shadow-invlpg-check.patch * 26148-vcpu-timer-overflow.patch (Replaces CVE-2012-4535-xsa20.patch) * 26149-x86-p2m-physmap-error-path.patch (Replaces CVE-2012-4537-xsa22.patch) * 26150-x86-shadow-unhook-toplevel-check.patch (Replaces CVE-2012-4538-xsa23.patch) * 26151-gnttab-compat-get-status-frames.patch (Replaces CVE-2012-4539-xsa24.patch) * bnc#792476 - efi files missing in latest XEN update Security Issue references: * CVE-2012-5512 * CVE-2012-5513 * CVE-2012-5514 * CVE-2012-5511 * CVE-2012-5510 * CVE-2012-5515 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-7133 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-7133 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-7133 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-7133 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): xen-devel-4.1.3_06-0.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.3_06-0.7.1 xen-doc-html-4.1.3_06-0.7.1 xen-doc-pdf-4.1.3_06-0.7.1 xen-kmp-default-4.1.3_06_3.0.51_0.7.9-0.7.1 xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1 xen-libs-32bit-4.1.3_06-0.7.1 xen-libs-4.1.3_06-0.7.1 xen-tools-4.1.3_06-0.7.1 xen-tools-domU-4.1.3_06-0.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.3_06-0.7.1 xen-doc-html-4.1.3_06-0.7.1 xen-doc-pdf-4.1.3_06-0.7.1 xen-kmp-default-4.1.3_06_3.0.51_0.7.9-0.7.1 xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1 xen-libs-32bit-4.1.3_06-0.7.1 xen-libs-4.1.3_06-0.7.1 xen-tools-4.1.3_06-0.7.1 xen-tools-domU-4.1.3_06-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-5510.html http://support.novell.com/security/cve/CVE-2012-5511.html http://support.novell.com/security/cve/CVE-2012-5512.html http://support.novell.com/security/cve/CVE-2012-5513.html http://support.novell.com/security/cve/CVE-2012-5514.html http://support.novell.com/security/cve/CVE-2012-5515.html https://bugzilla.novell.com/777628 https://bugzilla.novell.com/789940 https://bugzilla.novell.com/789944 https://bugzilla.novell.com/789945 https://bugzilla.novell.com/789948 https://bugzilla.novell.com/789950 https://bugzilla.novell.com/789951 https://bugzilla.novell.com/789988 https://bugzilla.novell.com/792476 http://download.novell.com/patch/finder/?keywords=d862e18d5680d7561000adc9e50779c8 From sle-security-updates at lists.suse.com Wed Dec 12 09:08:50 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Dec 2012 17:08:50 +0100 (CET) Subject: SUSE-SU-2012:1636-1: important: Security update for libxml2 Message-ID: <20121212160850.295AC3216D@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1636-1 Rating: important References: #793334 Cross-References: CVE-2012-5134 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap-based buffer underflow in the entity decoding of libxml2 could have caused a Denial of Service or potentially allowed the execution of arbitrary code. This has been fixed. Security Issue reference: * CVE-2012-5134 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libxml2-7140 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libxml2-7140 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libxml2-7140 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libxml2-7140 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.21.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libxml2-2.7.6-0.21.1 libxml2-doc-2.7.6-0.21.1 libxml2-python-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libxml2-32bit-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.21.1 libxml2-doc-2.7.6-0.21.1 libxml2-python-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.21.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libxml2-x86-2.7.6-0.21.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libxml2-2.6.23-15.35.1 libxml2-devel-2.6.23-15.35.1 libxml2-python-2.6.23-15.35.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libxml2-32bit-2.6.23-15.35.1 libxml2-devel-32bit-2.6.23-15.35.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): libxml2-x86-2.6.23-15.35.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): libxml2-64bit-2.6.23-15.35.1 libxml2-devel-64bit-2.6.23-15.35.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libxml2-2.7.6-0.21.1 libxml2-python-2.7.6-0.21.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libxml2-32bit-2.7.6-0.21.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libxml2-2.6.23-15.35.1 libxml2-devel-2.6.23-15.35.1 libxml2-python-2.6.23-15.35.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libxml2-32bit-2.6.23-15.35.1 libxml2-devel-32bit-2.6.23-15.35.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): libxml2-test-2.6.23-15.35.1 References: http://support.novell.com/security/cve/CVE-2012-5134.html https://bugzilla.novell.com/793334 http://download.novell.com/patch/finder/?keywords=109525a062f4923fd62bd1c1a3772bd8 http://download.novell.com/patch/finder/?keywords=b31152ce7358e67eddba6c88cfe97cac From sle-security-updates at lists.suse.com Fri Dec 14 11:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 14 Dec 2012 19:08:36 +0100 (CET) Subject: SUSE-SU-2012:1645-1: critical: Security update for flash-player Message-ID: <20121214180836.2B3D132167@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1645-1 Rating: critical References: #794062 Cross-References: CVE-2012-5676 CVE-2012-5677 CVE-2012-5678 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: This version upgrade of flash-player fixes multiple unspecified code execution vulnerabilities. Security Issue references: * CVE-2012-5676 * CVE-2012-5677 * CVE-2012-5678 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7150 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.258]: flash-player-11.2.202.258-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.258]: flash-player-11.2.202.258-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-5676.html http://support.novell.com/security/cve/CVE-2012-5677.html http://support.novell.com/security/cve/CVE-2012-5678.html https://bugzilla.novell.com/794062 http://download.novell.com/patch/finder/?keywords=0900ec4427a20de14e991485ca9de9f5 http://download.novell.com/patch/finder/?keywords=b7ac6ecdf7451e0c0240a0c459360503 From sle-security-updates at lists.suse.com Mon Dec 17 08:08:21 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Dec 2012 16:08:21 +0100 (CET) Subject: SUSE-SU-2012:1652-1: important: Security update for bogofilter Message-ID: <20121217150821.F1E3E32177@maintenance.suse.de> SUSE Security Update: Security update for bogofilter ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1652-1 Rating: important References: #792939 Cross-References: CVE-2012-5468 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A heap corruption in bogofilter's base64 decoding function, caused by incomplete multibyte characters, could have resulted in a Denial of Service (App. crash) or potentially allowed the execution of arbitrary code. This has been fixed. Security Issue reference: * CVE-2012-5468 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bogofilter-7135 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): bogofilter-1.1.1-174.27.1 References: http://support.novell.com/security/cve/CVE-2012-5468.html https://bugzilla.novell.com/792939 http://download.novell.com/patch/finder/?keywords=68d7ea43f53e4df074e77ba0e35dc785 From sle-security-updates at lists.suse.com Tue Dec 18 12:08:48 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Dec 2012 20:08:48 +0100 (CET) Subject: SUSE-SU-2012:1666-1: moderate: Security update for glibc Message-ID: <20121218190848.9D67132176@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1666-1 Rating: moderate References: #750741 #767266 #770891 #775690 #777233 #783060 Cross-References: CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This collective update for the GNU C library (glibc) provides the following fixes: * Fix strtod integer/buffer overflows (bnc#775690, CVE-2012-3480) * Fix vfprintf handling of many format specifiers (bnc#770891, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) * Fix pthread_cond_timedwait stack unwinding (bnc#750741, bnc#777233) * Improve fix for dynamic library unloading (bnc#783060) * Fix resolver when first query fails, but second one succeeds (bnc#767266). Security Issue references: * CVE-2012-3404 * CVE-2012-3405 * CVE-2012-3406 * CVE-2012-3480 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-glibc-7110 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-glibc-7110 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-glibc-7110 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-glibc-7110 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): glibc-html-2.11.3-17.43.1 glibc-info-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 i686 x86_64): glibc-2.11.3-17.43.1 glibc-devel-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): glibc-html-2.11.3-17.43.1 glibc-i18ndata-2.11.3-17.43.1 glibc-info-2.11.3-17.43.1 glibc-locale-2.11.3-17.43.1 glibc-profile-2.11.3-17.43.1 nscd-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): glibc-32bit-2.11.3-17.43.1 glibc-devel-32bit-2.11.3-17.43.1 glibc-locale-32bit-2.11.3-17.43.1 glibc-profile-32bit-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.43.1 glibc-devel-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.43.1 glibc-i18ndata-2.11.3-17.43.1 glibc-info-2.11.3-17.43.1 glibc-locale-2.11.3-17.43.1 glibc-profile-2.11.3-17.43.1 nscd-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.43.1 glibc-devel-32bit-2.11.3-17.43.1 glibc-locale-32bit-2.11.3-17.43.1 glibc-profile-32bit-2.11.3-17.43.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): glibc-locale-x86-2.11.3-17.43.1 glibc-profile-x86-2.11.3-17.43.1 glibc-x86-2.11.3-17.43.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 i686 x86_64): glibc-2.11.3-17.43.1 glibc-devel-2.11.3-17.43.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): glibc-i18ndata-2.11.3-17.43.1 glibc-locale-2.11.3-17.43.1 nscd-2.11.3-17.43.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): glibc-32bit-2.11.3-17.43.1 glibc-devel-32bit-2.11.3-17.43.1 glibc-locale-32bit-2.11.3-17.43.1 References: http://support.novell.com/security/cve/CVE-2012-3404.html http://support.novell.com/security/cve/CVE-2012-3405.html http://support.novell.com/security/cve/CVE-2012-3406.html http://support.novell.com/security/cve/CVE-2012-3480.html https://bugzilla.novell.com/750741 https://bugzilla.novell.com/767266 https://bugzilla.novell.com/770891 https://bugzilla.novell.com/775690 https://bugzilla.novell.com/777233 https://bugzilla.novell.com/783060 http://download.novell.com/patch/finder/?keywords=9fecd6bf7ccef88c72b5e69256e9ec44 From sle-security-updates at lists.suse.com Tue Dec 18 13:08:32 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Dec 2012 21:08:32 +0100 (CET) Subject: SUSE-SU-2012:1667-1: moderate: Security update for glibc Message-ID: <20121218200832.8403532177@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1667-1 Rating: moderate References: #775690 Cross-References: CVE-2012-3480 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for GNU C library (glibc) fixes multiple integer overflows in strtod and related functions. Security Issue reference: * CVE-2012-3480 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 i686 ia64 ppc s390x x86_64): glibc-2.4-31.107.1 glibc-devel-2.4-31.107.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-html-2.4-31.107.1 glibc-i18ndata-2.4-31.107.1 glibc-info-2.4-31.107.1 glibc-locale-2.4-31.107.1 glibc-profile-2.4-31.107.1 nscd-2.4-31.107.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): glibc-32bit-2.4-31.107.1 glibc-devel-32bit-2.4-31.107.1 glibc-locale-32bit-2.4-31.107.1 glibc-profile-32bit-2.4-31.107.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): glibc-locale-x86-2.4-31.107.1 glibc-profile-x86-2.4-31.107.1 glibc-x86-2.4-31.107.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): glibc-64bit-2.4-31.107.1 glibc-devel-64bit-2.4-31.107.1 glibc-locale-64bit-2.4-31.107.1 glibc-profile-64bit-2.4-31.107.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 i686 x86_64): glibc-2.4-31.107.1 glibc-devel-2.4-31.107.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): glibc-html-2.4-31.107.1 glibc-i18ndata-2.4-31.107.1 glibc-info-2.4-31.107.1 glibc-locale-2.4-31.107.1 nscd-2.4-31.107.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): glibc-32bit-2.4-31.107.1 glibc-devel-32bit-2.4-31.107.1 glibc-locale-32bit-2.4-31.107.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-dceext-2.4-31.107.1 glibc-html-2.4-31.107.1 glibc-profile-2.4-31.107.1 - SLE SDK 10 SP4 (s390x x86_64): glibc-dceext-32bit-2.4-31.107.1 glibc-profile-32bit-2.4-31.107.1 - SLE SDK 10 SP4 (ia64): glibc-dceext-x86-2.4-31.107.1 glibc-profile-x86-2.4-31.107.1 - SLE SDK 10 SP4 (ppc): glibc-dceext-64bit-2.4-31.107.1 glibc-profile-64bit-2.4-31.107.1 References: http://support.novell.com/security/cve/CVE-2012-3480.html https://bugzilla.novell.com/775690 http://download.novell.com/patch/finder/?keywords=2fc8aabbc955d43968edab9c35bd650e From sle-security-updates at lists.suse.com Wed Dec 19 10:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Dec 2012 18:08:36 +0100 (CET) Subject: SUSE-SU-2012:1675-1: moderate: Security update for openstack-keystone Message-ID: <20121219170836.93BEC3217C@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1675-1 Rating: moderate References: #783036 #783200 #791203 Cross-References: CVE-2012-5571 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This bug fixes an EC2-style credentials invalidation issue in openstack-keystone. Only setups enabling EC2-style credentials are affected. CVE-2012-5571 has been assigned to this issue. Security Issue reference: * CVE-2012-5571 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-keystone-7107 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-keystone-2012.1+git.1353613280.c17a999-0.5.1 openstack-keystone-doc-2012.1+git.1353613280.c17a999-0.5.1 python-keystone-2012.1+git.1353613280.c17a999-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-5571.html https://bugzilla.novell.com/783036 https://bugzilla.novell.com/783200 https://bugzilla.novell.com/791203 http://download.novell.com/patch/finder/?keywords=dbf3db6412aaa4632a18755f9b98d548 From sle-security-updates at lists.suse.com Wed Dec 19 17:08:24 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Dec 2012 01:08:24 +0100 (CET) Subject: SUSE-SU-2012:1679-1: moderate: Security update for Linux kernel Message-ID: <20121220000824.A3ABF32172@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1679-1 Rating: moderate References: #705551 #708296 #722560 #723776 #725152 #725355 #730660 #731739 #739728 #741814 #744692 #748896 #752067 #752544 #754898 #760833 #762158 #762214 #762259 #763628 #763654 #763858 #763954 #766410 #766654 #767469 #767610 #769251 #772427 #772454 #772483 #773267 #773383 #773699 #773831 #774500 #774523 #774612 #774859 #774964 #775394 #775577 #776044 #776081 #776127 #776144 #777024 #777283 #778334 #778630 #779294 #779462 #779699 #779750 #779969 #780008 #780012 #780216 #780461 #780876 #781018 #781327 #781484 #781574 #782369 #783965 #784192 #784334 #784576 #785100 #785496 #785554 #785851 #786976 #787168 #787202 #787821 #787848 #788277 #788452 #789010 #789235 #789703 #789836 #789993 #790457 #790498 #790920 #790935 #791498 #791853 Cross-References: CVE-2012-1601 CVE-2012-2372 CVE-2012-3412 CVE-2012-3430 CVE-2012-4461 CVE-2012-4508 CVE-2012-5517 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 84 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.51 which fixes various bugs and security issues. It contains the following feature enhancements: * The cachefiles framework is now supported (FATE#312793, bnc#782369). The userland utilities were published seperately to support this feature. * The ipset netfilter modules are now supported (FATE#313309) The ipset userland utility will be published seperately to support this feature. * The tipc kernel module is now externally supported (FATE#305033). * Hyper-V KVP IP injection was implemented (FATE#314441). A seperate hyper-v package will be published to support this feature. * Intel Lynx Point PCH chipset support was added. (FATE#313409) * Enable various md/raid10 and DASD enhancements. (FATE#311379) These make it possible for RAID10 to cope with DASD devices being slow for various reasons - the affected device will be temporarily removed from the array. Also added support for reshaping of RAID10 arrays. mdadm changes will be published to support this feature. The following security issues have been fixed: * CVE-2012-5517: A race condition on hot adding memory could be used by local attackers to crash the system during hot adding new memory. * CVE-2012-4461: A flaw has been found in the way Linux kernels KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature and using qemu userspace an unprivileged local user could have used this flaw to crash the system. * CVE-2012-1601: The KVM implementation in the Linux kernel allowed host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. * CVE-2012-2372: Attempting an rds connection from the IP address of an IPoIB interface to itself causes a kernel panic due to a BUG_ON() being triggered. Making the test less strict allows rds-ping to work without crashing the machine. A local unprivileged user could use this flaw to crash the sytem. * CVE-2012-4508: Dimitry Monakhov, one of the ext4 developers, has discovered a race involving asynchronous I/O and fallocate which can lead to the exposure of stale data --- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file will get exposed to anyone with read access to the file. * CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. * CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel allowed remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. The following non-security issues have been fixed: BTRFS: * btrfs: fix double mntput() in mount_subvol(). * btrfs: use common work instead of delayed work * btrfs: limit fallocate extent reservation to 256MB * btrfs: fix a double free on pending snapshots in error handling * btrfs: Do not trust the superblock label and simply printk("%s") it * patches.suse/btrfs-update-message-levels.patch: Refresh. * patches.suse/btrfs-enospc-debugging-messages.patch: Minor updates. * patches.suse/btrfs-update-message-levels.patch: Minor updates. * btrfs: continue after abort during snapshot drop (bnc#752067). * btrfs: Return EINVAL when length to trim is less than FSB. * btrfs: fix unnecessary while loop when search the free space, cache. * btrfs: Use btrfs_update_inode_fallback when creating a snapshot. * btrfs: do not bug when we fail to commit the transaction. * btrfs: fill the global reserve when unpinning space. * btrfs: do not allow degraded mount if too many devices are missing. * patches.suse/btrfs-8112-resume-balance-on-rw-re-mounts-prope rly.patch: fix mismerge. * btrfs: do not allocate chunks as agressively. * btrfs: btrfs_drop_extent_cache should never fail. * btrfs: fix full backref problem when inserting shared block reference. * btrfs: wait on async pages when shrinking delalloc. * btrfs: remove bytes argument from do_chunk_alloc. * btrfs: cleanup of error processing in btree_get_extent(). * btrfs: remove unnecessary code in btree_get_extent(). * btrfs: kill obsolete arguments in btrfs_wait_ordered_extents. * btrfs: do not do anything in our ->freeze_fs and ->unfreeze_fs. * btrfs: do not async metadata csumming in certain situations. * btrfs: do not hold the file extent leaf locked when adding extent item. * btrfs: cache extent state when writing out dirty metadata pages. * btrfs: do not lookup csums for prealloc extents. * btrfs: be smarter about dropping things from the tree log. * btrfs: confirmation of value is added before trace_btrfs_get_extent() is called. * btrfs: make filesystem read-only when submitting barrier fails. * btrfs: cleanup pages properly when ENOMEM in compression. * btrfs: do not bug on enomem in readpage. * btrfs: do not warn_on when we cannot alloc a page for an extent buffer. * btrfs: enospc debugging messages. S/390: * smsgiucv: reestablish IUCV path after resume (bnc#786976,LTC#86245). * dasd: move wake_up call (bnc#786976,LTC#86252). * kernel: fix get_user_pages_fast() page table walk (bnc#786976,LTC#86307). * qeth: Fix IPA_CMD_QIPASSIST return code handling (bnc#785851,LTC#86101). * mm: Fix XFS oops due to dirty pages without buffers on s390 (bnc#762259). * zfcp: only access zfcp_scsi_dev for valid scsi_device (bnc#781484,LTC#85285). * dasd: check count address during online setting (bnc#781484,LTC#85346). * hugetlbfs: fix deadlock in unmap_hugepage_range() (bnc#781484,LTC#85449). * kernel: make user-access pagetable walk code huge page aware (bnc#781484,LTC#85455). * hugetlbfs: add missing TLB invalidation (bnc#781484,LTC#85463). * zfcp: fix adapter (re)open recovery while link to SAN is down (bnc#789010,LTC#86283). * qeth: set new mac even if old mac is gone (bnc#789010,LTC#86643). * qdio: fix kernel panic for zfcp 31-bit (bnc#789010,LTC#86623). * crypto: msgType50 (RSA-CRT) Fix (bnc#789010,LTC#86378). DRM: * drm/915: Update references, fixed a missing patch chunk (bnc#725355). * drm/dp: Document DP spec versions for various DPCD registers (bnc#780461). * drm/dp: Make sink count DP 1.2 aware (bnc#780461). * DRM/i915: Restore sdvo_flags after dtd->mode->dtd Roundrtrip (bnc#775577). * DRM/i915: Do not clone SDVO LVDS with analog (bnc#766410). * DRM/radeon: For single CRTC GPUs move handling of CRTC_CRT_ON to crtc_dpms() (bnc#725152). * DRM/Radeon: Fix TV DAC Load Detection for single CRTC chips (bnc#725152). * DRM/Radeon: Clean up code in TV DAC load detection (bnc#725152). * DRM/Radeon: On DVI-I use Load Detection when EDID is bogus (bnc#725152). * DRM/Radeon: Fix primary DAC Load Detection for RV100 chips (bnc#725152). * DRM/Radeon: Fix Load Detection on legacy primary DAC (bnc#725152). * drm/i915: enable plain RC6 on Sandy Bridge by default (bnc#725355). Hyper-V: * Hyper-V KVP IP injection (fate#31441): * drivers: net: Remove casts to same type. * drivers: hv: remove IRQF_SAMPLE_RANDOM which is now a no-op. * hyperv: Move wait completion msg code into rndis_filter_halt_device(). * hyperv: Add comments for the extended buffer after RNDIS message. * Drivers: hv: Cleanup the guest ID computation. * Drivers: hv: vmbus: Use the standard format string to format GUIDs. * Drivers: hv: Add KVP definitions for IP address injection. * Drivers: hv: kvp: Cleanup error handling in KVP. * Drivers: hv: kvp: Support the new IP injection messages. * Tools: hv: Prepare to expand kvp_get_ip_address() functionality. * Tools: hv: Further refactor kvp_get_ip_address(). * Tools: hv: Gather address family information. * Tools: hv: Gather subnet information. * Tools: hv: Represent the ipv6 mask using CIDR notation. * Tools: hv: Gather ipv[4,6] gateway information. * hv: fail the probing immediately when we are not in hyperv platform. * hv: vmbus_drv: detect hyperv through x86_hyper. * Tools: hv: Get rid of some unused variables. * Tools: hv: Correctly type string variables. * Tools: hv: Add an example script to retrieve DNS entries. * Tools: hv: Gather DNS information. * Drivers: hv: kvp: Copy the address family information. * Tools: hv: Add an example script to retrieve dhcp state. * Tools: hv: Gather DHCP information. * Tools: hv: Add an example script to configure an interface. * Tools: hv: Implement the KVP verb - KVP_OP_SET_IP_INFO. * Tools: hv: Rename the function kvp_get_ip_address(). * Tools: hv: Implement the KVP verb - KVP_OP_GET_IP_INFO. * tools/hv: Fix file handle leak. * tools/hv: Fix exit() error code. * tools/hv: Check for read/write errors. * tools/hv: Parse /etc/os-release. * hyperv: Fix the max_xfer_size in RNDIS initialization. * hyperv: Fix the missing return value in rndis_filter_set_packet_filter(). * hyperv: Fix page buffer handling in rndis_filter_send_request(). * hyperv: Remove extra allocated space for recv_pkt_list elements. * hyperv: Report actual status in receive completion packet. * hyperv: Add buffer for extended info after the RNDIS response message. Other: * net: prevent NULL dereference in check_peer_redir() (bnc#776044 bnc#784576). * patches.fixes/mm-hotplug-correctly-add-zone-to-other-nodes-l ist.patch: Refresh. * igb: fix recent VLAN changes that would leave VLANs disabled after reset (bnc#787168). * md: Change goto target to avoid pointless bug messages in normal error cases. (bnc#787848) * intel_idle: IVB support (fate#313719). * x86 cpufreq: Do not complain on missing cpufreq tables on ProLiants (bnc#787202). * hpilo: remove pci_disable_device (bnc#752544). * ixgbe: Address fact that RSC was not setting GSO size for incoming frames (bnc#776144). * hv: Cleanup error handling in vmbus_open(). * [SCSI] storvsc: Account for in-transit packets in the RESET path. * sg: remove sg_mutex. (bnc#785496) * perf: Do no try to schedule task events if there are none (bnc#781574). * perf: Do not set task_ctx pointer in cpuctx if there are no events in the context (bnc#781574). * mm: swap: Implement generic handlers for swap-related address ops fix. (bnc#778334) * hpwdt: Only BYTE reads/writes to WD Timer port 0x72. * xenbus: fix overflow check in xenbus_dev_write(). * xen/x86: do not corrupt %eip when returning from a signal handler. * Update Xen patches to 3.0.46. * Update Xen patches to 3.0.51. * mm: Check if PTE is already allocated during page fault. * rpm/kernel-binary.spec.in: Revert f266e647f to allow building with icecream again, as patches.rpmify/kbuild-fix-gcc-x-syntax.patch is a real fix now. * ipmi: decrease the IPMI message transaction time in interrupt mode (bnc#763654). * ipmi: simplify locking (bnc#763654). * ipmi: use a tasklet for handling received messages (bnc#763654). * cxgb3: Set vlan_feature on net_device (bnc#776127, LTC#84260). * qlge: Add offload features to vlan interfaces (bnc#776081,LTC#84322). * mlx4_en: Added missing iounmap upon releasing a device (bnc#774964,LTC#82768). * mlx4: allow device removal by fixing dma unmap size (bnc#774964,LTC#82768). * qeth: fix deadlock between recovery and bonding driver (bnc#785100,LTC#85905). * SCSI st: add st_nowait_eof param to module (bnc#775394). * patches.fixes/sched-fix-migration-thread-accounting-woes.pat ch: Update references (bnc#773699, bnc#769251). * memcg: oom: fix totalpages calculation for swappiness==0 (bnc#783965). * fs: cachefiles: add support for large files in filesystem caching (FATE#312793, bnc#782369). * mm/mempolicy.c: use enum value MPOL_REBIND_ONCE in mpol_rebind_policy(). * mm, mempolicy: fix mbind() to do synchronous migration. * revert "mm: mempolicy: Let vma_merge and vma_split handle vma->vm_policy linkages". * mempolicy: fix a race in shared_policy_replace(). * mempolicy: fix refcount leak in mpol_set_shared_policy(). * mempolicy: fix a memory corruption by refcount imbalance in alloc_pages_vma(). * mempolicy: remove mempolicy sharing. Memory policy enhancements for robustness against fuzz attacks and force mbind to use synchronous migration. * Update scsi_dh_alua to mainline version (bnc#708296, bnc#784334): o scsi_dh_alua: Enable STPG for unavailable ports o scsi_dh_alua: Re-enable STPG for unavailable ports o scsi_dh_alua: backoff alua rtpg retry linearly vs. geometrically o scsi_dh_alua: implement implied transition timeout o scsi_dh_alua: retry alua rtpg extended header for illegal request response * Revert removal of ACPI procfs entries (bnc#777283). * x86: Clear HPET configuration registers on startup (bnc#748896). * mlx4: Fixed build warning, update references (bnc#774500,LTC#83966). * xen/frontends: handle backend CLOSED without CLOSING. * xen/pciback: properly clean up after calling pcistub_device_find(). * xen/netfront: add netconsole support (bnc#763858 fate#313830). * netfilter: nf_conntrack_ipv6: fix tracking of ICMPv6 error messages containing fragments (bnc#779750). * ipv6, xfrm: use conntrack-reassembled packet for policy lookup (bnc#780216). * inetpeer: add namespace support for inetpeer (bnc#779969). * inetpeer: add parameter net for inet_getpeer_v4,v6 (bnc#779969). * inetpeer: make unused_peers list per-netns (bnc#779969). * kABI: use net_generic to protect struct netns_ipv{4,6} (bnc#779969). * patches.rpmify/kbuild-fix-gcc-x-syntax.patch: kbuild: Fix gcc -x syntax (bnc#773831). * patches.suse/supported-flag: Re-enabled warning on unsupported module loading. * nbd: clear waiting_queue on shutdown (bnc#778630). * nohz: fix idle ticks in cpu summary line of /proc/stat (follow up fix for bnc#767469, bnc#705551). * fix TAINT_NO_SUPPORT handling on module load. * NFS: Fix Oopses in nfs_lookup_revalidate and nfs4_lookup_revalidate (bnc#780008). * svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping (bnc at 779462). * net: do not disable sg for packets requiring no checksum (bnc#774859). * sfc: prevent extreme TSO parameters from stalling TX queues (bnc#774523 CVE-2012-3412). * X86 MCE: Fix correct ring/severity identification in V86 case (bnc#773267). * scsi_dh_rdac: Add a new netapp vendor/product string (bnc#772483). * scsi_dh_rdac : Consolidate rdac strings together (bnc#772483). * scsi_dh_rdac : minor return fix for rdac (bnc#772483). * dh_rdac: Associate HBA and storage in rdac_controller to support partitions in storage (bnc#772454). * scsi_dh_rdac: Fix error path (bnc#772454). * scsi_dh_rdac: Fix for unbalanced reference count (bnc#772454). * sd: Ensure we correctly disable devices with unknown protection type (bnc#780876). * netfilter: ipset: timeout can be modified for already added elements (bnc#790457). * netfilter: ipset: fix adding ranges to hash types (bnc#790498). * workqueue: exit rescuer_thread() as TASK_RUNNING (bnc#789993). * xhci: Add Lynx Point LP to list of Intel switchable hosts (bnc#791853). * tg3: Introduce separate functions to allocate/free RX/TX rings (bnc#785554). * net-next: Add netif_get_num_default_rss_queues (bnc#785554). * tg3: set maximal number of default RSS queues (bnc#785554). * tg3: Allow number of rx and tx rings to be set independently (bnc#785554). * tg3: Separate coalescing setup for rx and tx (bnc#785554). * tg3: Refactor tg3_open() (bnc#785554). * tg3: Refactor tg3_close() (bnc#785554). * tg3: Add support for ethtool -L|-l to get/set the number of rings (bnc#785554). * tg3: Disable multiple TX rings by default due to hardware flaw (bnc#785554). * x86, microcode, AMD: Add support for family 16h processors (bnc#791498,fate#314145). * scsi_remove_target: fix softlockup regression on hot remove (bnc#789836). * autofs4: allow autofs to work outside the initial PID namespace (bnc#779294). * autofs4: translate pids to the right namespace for the daemon (bnc#779294). * vfs: dont chain pipe/anon/socket on superblock s_inodes list (bnc#789703) * reiserfs: fix problems with chowning setuid file w/ xattrs (bnc#790920). * reiserfs: fix double-lock while chowning setuid file w/ xattrs (bnc#790920). * ALSA: hda - Fix SSYNC register value for non-Intel controllers (fate#313409,bnc#760833). * ALSA: hda: option to enable arbitrary buffer/period sizes (fate#313409,bnc#760833). * ALSA: hda - Fix buffer-alignment regression with Nvidia HDMI (fate#313409,bnc#760833). * ALSA: hda - explicitly set buffer-align flag for Nvidia controllers (fate#313409,bnc#760833). * ALSA: hda - Add Lynx Point HD Audio Controller DeviceIDs (fate#313409,bnc#760833). * ALSA: hda_intel: Add Device IDs for Intel Lynx Point-LP PCH (fate#313409,bnc#760833). * USB: OHCI: workaround for hardware bug: retired TDs not added to the Done Queue (bnc#762158). * watchdog: iTCO_wdt: clean-up PCI device IDs (fate#313409, bnc#760833). * watchdog: iTCO_wdt: add Intel Lynx Point DeviceIDs (fate#313409, bnc#760833). * ahci: AHCI-mode SATA patch for Intel Lynx Point DeviceIDs (fate#313409, bnc#760833). * ata_piix: IDE-mode SATA patch for Intel Lynx Point DeviceIDs (fate#313409, bnc#760833). * i2c-i801: Add device IDs for Intel Lynx Point (fate#313409, bnc#760833). * jbd: Fix lock ordering bug in journal_unmap_buffer() (bnc#790935). * usb: host: xhci: Fix Compliance Mode on SN65LVPE502CP Hardware (bnc#788277). * usb: host: xhci: Fix Null pointer dereferencing with 71c731a for non-x86 systems (bnc#788277). * Do not remove fillup from the buildsystem (bnc#781327) * ibmvfc: Fix double completion on abort timeout (bnc#788452) * ibmvfc: Ignore fabric RSCNs when link is dead (bnc#788452). * fs: only send IPI to invalidate LRU BH when needed (bnc#763628 bnc#744692). * smp: add func to IPI cpus based on parameter func (bnc#763628 bnc#744692). * smp: introduce a generic on_each_cpu_mask() function (bnc#763628 bnc#744692). Security Issue references: * CVE-2012-1601 * CVE-2012-2372 * CVE-2012-3412 * CVE-2012-3430 * CVE-2012-4461 * CVE-2012-5517 * CVE-2012-4508 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-7123 slessp2-kernel-7127 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-7123 slessp2-kernel-7124 slessp2-kernel-7125 slessp2-kernel-7127 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-7123 sleshasp2-kernel-7124 sleshasp2-kernel-7125 sleshasp2-kernel-7127 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-7123 sledsp2-kernel-7127 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.51]: kernel-default-3.0.51-0.7.9.1 kernel-default-base-3.0.51-0.7.9.1 kernel-default-devel-3.0.51-0.7.9.1 kernel-source-3.0.51-0.7.9.1 kernel-syms-3.0.51-0.7.9.1 kernel-trace-3.0.51-0.7.9.1 kernel-trace-base-3.0.51-0.7.9.1 kernel-trace-devel-3.0.51-0.7.9.1 kernel-xen-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.51]: kernel-pae-3.0.51-0.7.9.1 kernel-pae-base-3.0.51-0.7.9.1 kernel-pae-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 x86_64) [New Version: 3.0.51]: kernel-default-3.0.51-0.7.9.1 kernel-default-base-3.0.51-0.7.9.1 kernel-default-devel-3.0.51-0.7.9.1 kernel-source-3.0.51-0.7.9.1 kernel-syms-3.0.51-0.7.9.1 kernel-trace-3.0.51-0.7.9.1 kernel-trace-base-3.0.51-0.7.9.1 kernel-trace-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.51]: kernel-ec2-3.0.51-0.7.9.1 kernel-ec2-base-3.0.51-0.7.9.1 kernel-ec2-devel-3.0.51-0.7.9.1 kernel-xen-3.0.51-0.7.9.1 kernel-xen-base-3.0.51-0.7.9.1 kernel-xen-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.51]: kernel-ppc64-3.0.51-0.7.9.1 kernel-ppc64-base-3.0.51-0.7.9.1 kernel-ppc64-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.51]: kernel-pae-3.0.51-0.7.9.1 kernel-pae-base-3.0.51-0.7.9.1 kernel-pae-devel-3.0.51-0.7.9.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 x86_64): cluster-network-kmp-default-1.4_3.0.51_0.7.9-2.18.12 cluster-network-kmp-trace-1.4_3.0.51_0.7.9-2.18.12 gfs2-kmp-default-2_3.0.51_0.7.9-0.7.47 gfs2-kmp-trace-2_3.0.51_0.7.9-0.7.47 ocfs2-kmp-default-1.6_3.0.51_0.7.9-0.11.11 ocfs2-kmp-trace-1.6_3.0.51_0.7.9-0.11.11 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.51_0.7.9-2.18.12 gfs2-kmp-xen-2_3.0.51_0.7.9-0.7.47 ocfs2-kmp-xen-1.6_3.0.51_0.7.9-0.11.11 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.51_0.7.9-2.18.12 gfs2-kmp-ppc64-2_3.0.51_0.7.9-0.7.47 ocfs2-kmp-ppc64-1.6_3.0.51_0.7.9-0.11.11 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.51_0.7.9-2.18.12 gfs2-kmp-pae-2_3.0.51_0.7.9-0.7.47 ocfs2-kmp-pae-1.6_3.0.51_0.7.9-0.11.11 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.51]: kernel-default-3.0.51-0.7.9.1 kernel-default-base-3.0.51-0.7.9.1 kernel-default-devel-3.0.51-0.7.9.1 kernel-default-extra-3.0.51-0.7.9.1 kernel-source-3.0.51-0.7.9.1 kernel-syms-3.0.51-0.7.9.1 kernel-trace-3.0.51-0.7.9.1 kernel-trace-base-3.0.51-0.7.9.1 kernel-trace-devel-3.0.51-0.7.9.1 kernel-trace-extra-3.0.51-0.7.9.1 kernel-xen-3.0.51-0.7.9.1 kernel-xen-base-3.0.51-0.7.9.1 kernel-xen-devel-3.0.51-0.7.9.1 kernel-xen-extra-3.0.51-0.7.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.51]: kernel-pae-3.0.51-0.7.9.1 kernel-pae-base-3.0.51-0.7.9.1 kernel-pae-devel-3.0.51-0.7.9.1 kernel-pae-extra-3.0.51-0.7.9.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 x86_64): ext4-writeable-kmp-default-0_3.0.51_0.7.9-0.14.28 ext4-writeable-kmp-trace-0_3.0.51_0.7.9-0.14.28 kernel-default-extra-3.0.51-0.7.9.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.51_0.7.9-0.14.28 kernel-xen-extra-3.0.51-0.7.9.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.51_0.7.9-0.14.28 kernel-ppc64-extra-3.0.51-0.7.9.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.51_0.7.9-0.14.28 kernel-pae-extra-3.0.51-0.7.9.1 References: http://support.novell.com/security/cve/CVE-2012-1601.html http://support.novell.com/security/cve/CVE-2012-2372.html http://support.novell.com/security/cve/CVE-2012-3412.html http://support.novell.com/security/cve/CVE-2012-3430.html http://support.novell.com/security/cve/CVE-2012-4461.html http://support.novell.com/security/cve/CVE-2012-4508.html http://support.novell.com/security/cve/CVE-2012-5517.html https://bugzilla.novell.com/705551 https://bugzilla.novell.com/708296 https://bugzilla.novell.com/722560 https://bugzilla.novell.com/723776 https://bugzilla.novell.com/725152 https://bugzilla.novell.com/725355 https://bugzilla.novell.com/730660 https://bugzilla.novell.com/731739 https://bugzilla.novell.com/739728 https://bugzilla.novell.com/741814 https://bugzilla.novell.com/744692 https://bugzilla.novell.com/748896 https://bugzilla.novell.com/752067 https://bugzilla.novell.com/752544 https://bugzilla.novell.com/754898 https://bugzilla.novell.com/760833 https://bugzilla.novell.com/762158 https://bugzilla.novell.com/762214 https://bugzilla.novell.com/762259 https://bugzilla.novell.com/763628 https://bugzilla.novell.com/763654 https://bugzilla.novell.com/763858 https://bugzilla.novell.com/763954 https://bugzilla.novell.com/766410 https://bugzilla.novell.com/766654 https://bugzilla.novell.com/767469 https://bugzilla.novell.com/767610 https://bugzilla.novell.com/769251 https://bugzilla.novell.com/772427 https://bugzilla.novell.com/772454 https://bugzilla.novell.com/772483 https://bugzilla.novell.com/773267 https://bugzilla.novell.com/773383 https://bugzilla.novell.com/773699 https://bugzilla.novell.com/773831 https://bugzilla.novell.com/774500 https://bugzilla.novell.com/774523 https://bugzilla.novell.com/774612 https://bugzilla.novell.com/774859 https://bugzilla.novell.com/774964 https://bugzilla.novell.com/775394 https://bugzilla.novell.com/775577 https://bugzilla.novell.com/776044 https://bugzilla.novell.com/776081 https://bugzilla.novell.com/776127 https://bugzilla.novell.com/776144 https://bugzilla.novell.com/777024 https://bugzilla.novell.com/777283 https://bugzilla.novell.com/778334 https://bugzilla.novell.com/778630 https://bugzilla.novell.com/779294 https://bugzilla.novell.com/779462 https://bugzilla.novell.com/779699 https://bugzilla.novell.com/779750 https://bugzilla.novell.com/779969 https://bugzilla.novell.com/780008 https://bugzilla.novell.com/780012 https://bugzilla.novell.com/780216 https://bugzilla.novell.com/780461 https://bugzilla.novell.com/780876 https://bugzilla.novell.com/781018 https://bugzilla.novell.com/781327 https://bugzilla.novell.com/781484 https://bugzilla.novell.com/781574 https://bugzilla.novell.com/782369 https://bugzilla.novell.com/783965 https://bugzilla.novell.com/784192 https://bugzilla.novell.com/784334 https://bugzilla.novell.com/784576 https://bugzilla.novell.com/785100 https://bugzilla.novell.com/785496 https://bugzilla.novell.com/785554 https://bugzilla.novell.com/785851 https://bugzilla.novell.com/786976 https://bugzilla.novell.com/787168 https://bugzilla.novell.com/787202 https://bugzilla.novell.com/787821 https://bugzilla.novell.com/787848 https://bugzilla.novell.com/788277 https://bugzilla.novell.com/788452 https://bugzilla.novell.com/789010 https://bugzilla.novell.com/789235 https://bugzilla.novell.com/789703 https://bugzilla.novell.com/789836 https://bugzilla.novell.com/789993 https://bugzilla.novell.com/790457 https://bugzilla.novell.com/790498 https://bugzilla.novell.com/790920 https://bugzilla.novell.com/790935 https://bugzilla.novell.com/791498 https://bugzilla.novell.com/791853 http://download.novell.com/patch/finder/?keywords=04916b40a174e136e84bd6bf146087b4 http://download.novell.com/patch/finder/?keywords=18b577ef642d4139c38be698b463eb5f http://download.novell.com/patch/finder/?keywords=4b267bc55902aa5c7ac3045e90addc0a http://download.novell.com/patch/finder/?keywords=60ae57a921e812799992d7e2cdb10be2 http://download.novell.com/patch/finder/?keywords=86bed550f5d8ade87da027c780377d92 http://download.novell.com/patch/finder/?keywords=96d3f57b021d0513268039a847f1bbad http://download.novell.com/patch/finder/?keywords=c1acdbd1c386e0806d555bd2e8270957 http://download.novell.com/patch/finder/?keywords=d68b7b15a93ce00198155abc1df29bc6 From sle-security-updates at lists.suse.com Fri Dec 21 09:08:36 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Dec 2012 17:08:36 +0100 (CET) Subject: SUSE-SU-2012:1683-1: Security update for libproxy Message-ID: <20121221160836.86A8B32183@maintenance.suse.de> SUSE Security Update: Security update for libproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1683-1 Rating: low References: #761626 #784523 Cross-References: CVE-2012-4505 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libproxy fixes a heap-based buffer overflow that could have allowed remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request (CVE-2012-4505). Additionally, it fixes parsing of the $no_proxy environment variable when it contains more than one URL separated by white-spaces. Security Issue reference: * CVE-2012-4505 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libproxy-7092 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libproxy-7092 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libproxy-7092 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libproxy-7092 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libproxy-devel-0.3.1-2.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libproxy0-0.3.1-2.6.1 libproxy0-config-gnome-0.3.1-2.6.3 libproxy0-config-kde4-0.3.1-2.6.3 libproxy0-networkmanager-0.3.1-2.6.3 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libproxy0-32bit-0.3.1-2.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libproxy0-0.3.1-2.6.1 libproxy0-config-gnome-0.3.1-2.6.3 libproxy0-config-kde4-0.3.1-2.6.3 libproxy0-networkmanager-0.3.1-2.6.3 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libproxy0-32bit-0.3.1-2.6.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libproxy0-x86-0.3.1-2.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libproxy0-0.3.1-2.6.1 libproxy0-config-gnome-0.3.1-2.6.3 libproxy0-config-kde4-0.3.1-2.6.3 libproxy0-networkmanager-0.3.1-2.6.3 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libproxy0-32bit-0.3.1-2.6.1 libproxy0-config-gnome-32bit-0.3.1-2.6.3 libproxy0-networkmanager-32bit-0.3.1-2.6.3 References: http://support.novell.com/security/cve/CVE-2012-4505.html https://bugzilla.novell.com/761626 https://bugzilla.novell.com/784523 http://download.novell.com/patch/finder/?keywords=d0726c9cb57f5519861776d61fc3891c From sle-security-updates at lists.suse.com Fri Dec 28 01:08:34 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Dec 2012 09:08:34 +0100 (CET) Subject: SUSE-SU-2012:1705-1: moderate: Security update for openCryptoki Message-ID: <20121228080834.B136D321AC@maintenance.suse.de> SUSE Security Update: Security update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1705-1 Rating: moderate References: #769412 #779211 Cross-References: CVE-2012-4454 CVE-2012-4455 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: openCryptoki had insecure lock file handling, which might have allowed local users with pkcs11 privileges to look at other local users pkcs11 credentials. Some additional small fixes in pkcsslotd were fixed: * Set pkcsslotd pid to /var/run/pkcsslotd.pid * Removed spurious '-' before no-header option on ps * Sending output of pkcs11_startup to syslog via logger Security Issue references: * CVE-2012-4454 * CVE-2012-4455 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-openCryptoki-7053 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openCryptoki-7053 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openCryptoki-7053 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): openCryptoki-devel-2.4-0.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): openCryptoki-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): openCryptoki-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): openCryptoki-64bit-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): openCryptoki-32bit-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): openCryptoki-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): openCryptoki-64bit-2.4-0.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc s390): openCryptoki-32bit-2.4-0.11.1 References: http://support.novell.com/security/cve/CVE-2012-4454.html http://support.novell.com/security/cve/CVE-2012-4455.html https://bugzilla.novell.com/769412 https://bugzilla.novell.com/779211 http://download.novell.com/patch/finder/?keywords=3d89df77a465676cbc083fecea39d16f From sle-security-updates at lists.suse.com Fri Dec 28 03:08:31 2012 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Dec 2012 11:08:31 +0100 (CET) Subject: SUSE-SU-2012:1708-1: moderate: Security update for ofed Message-ID: <20121228100831.0B803321A8@maintenance.suse.de> SUSE Security Update: Security update for ofed ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1708-1 Rating: moderate References: #676724 #678795 #706175 #721597 #773383 Cross-References: CVE-2012-3430 Affected Products: SUSE Linux Enterprise Server 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update of ofed fixed multiple issues (including security related flaws): * sdp: move histogram allocation from stack to heap (bnc#706175) * cma: Fix crash in request handlers (bnc#678795, CVE-2011-0695) * rds: set correct msg_namelen (bnc#773383, CVE-2012-3430) * cm: Bump reference count on cm_id before invoking (bnc#678795, CVE-2011-0695) * sdp / ipath: Added fixes for 64bit divide on 32bit builds * updated Infiniband sysconfig file to match openibd (bnc#721597) Security Issue reference: * CVE-2012-3430 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc x86_64): ofed-1.5.2-0.12.1 ofed-cxgb3-NIC-kmp-default-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-doc-1.5.2-0.12.1 ofed-kmp-default-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64): ofed-cxgb3-NIC-kmp-debug-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-debug-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): ofed-cxgb3-NIC-kmp-kdump-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-kdump-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): ofed-cxgb3-NIC-kmp-smp-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-smp-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (i586): ofed-cxgb3-NIC-kmp-bigsmp-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-cxgb3-NIC-kmp-kdumppae-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-cxgb3-NIC-kmp-vmi-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-cxgb3-NIC-kmp-vmipae-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-bigsmp-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-kdumppae-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-vmi-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-vmipae-1.5.2_2.6.16.60_0.99.13-0.12.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): ofed-cxgb3-NIC-kmp-ppc64-1.5.2_2.6.16.60_0.99.13-0.12.1 ofed-kmp-ppc64-1.5.2_2.6.16.60_0.99.13-0.12.1 - SLE SDK 10 SP4 (i586 ia64 ppc x86_64): ofed-devel-1.5.2-0.12.1 References: http://support.novell.com/security/cve/CVE-2012-3430.html https://bugzilla.novell.com/676724 https://bugzilla.novell.com/678795 https://bugzilla.novell.com/706175 https://bugzilla.novell.com/721597 https://bugzilla.novell.com/773383 http://download.novell.com/patch/finder/?keywords=e928539d6bca959aca91d810ff33a425