From sle-security-updates at lists.suse.com Mon Dec 2 12:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Dec 2013 20:04:11 +0100 (CET) Subject: SUSE-SU-2013:1807-1: important: Security update for mozilla-nspr, mozilla-nss Message-ID: <20131202190411.0493A32189@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1807-1 Rating: important References: #850148 Cross-References: CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes two new package versions. Description: Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes: * Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. * Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. * Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. * Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes: * Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) * Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) * Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606) Security Issue references: * CVE-2013-1741 * CVE-2013-5605 * CVE-2013-5606 * CVE-2013-5607 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-nss-201311-8573 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-nss-201311-8572 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-nss-201311-8573 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-nss-201311-8573 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nss-201311-8572 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nss-201311-8572 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-nss-201311-8574 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-nss-201311-8573 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-nss-201311-8572 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-devel-4.10.2-0.3.1 mozilla-nss-devel-3.15.3-0.8.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-devel-4.10.2-0.3.1 mozilla-nss-devel-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.8.1 libsoftokn3-3.15.3-0.8.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.8.1 mozilla-nss-tools-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.8.1 libsoftokn3-32bit-3.15.3-0.8.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.8.1 libsoftokn3-3.15.3-0.8.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.8.1 mozilla-nss-tools-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.8.1 libsoftokn3-32bit-3.15.3-0.8.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-x86-3.15.3-0.8.1 libsoftokn3-x86-3.15.3-0.8.1 mozilla-nspr-x86-4.10.2-0.3.1 mozilla-nss-x86-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.3.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.3.1 mozilla-nss-tools-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.3.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.3.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.3.1 mozilla-nss-tools-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.3.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-x86-3.15.3-0.3.1 mozilla-nspr-x86-4.10.2-0.3.1 mozilla-nss-x86-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.3.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.3.1 mozilla-nss-tools-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.3.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-4.10.2-0.5.1 mozilla-nspr-devel-4.10.2-0.5.1 mozilla-nss-3.15.3-0.5.1 mozilla-nss-devel-3.15.3-0.5.1 mozilla-nss-tools-3.15.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-32bit-4.10.2-0.5.1 mozilla-nss-32bit-3.15.3-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-4.10.2-0.5.1 mozilla-nspr-devel-4.10.2-0.5.1 mozilla-nss-3.15.3-0.5.1 mozilla-nss-devel-3.15.3-0.5.1 mozilla-nss-tools-3.15.3-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-32bit-4.10.2-0.5.1 mozilla-nss-32bit-3.15.3-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.8.1 libsoftokn3-3.15.3-0.8.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.8.1 mozilla-nss-tools-3.15.3-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.8.1 libsoftokn3-32bit-3.15.3-0.8.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.8.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.3.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.3.1 mozilla-nss-tools-3.15.3-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.3.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-1741.html http://support.novell.com/security/cve/CVE-2013-5605.html http://support.novell.com/security/cve/CVE-2013-5606.html http://support.novell.com/security/cve/CVE-2013-5607.html https://bugzilla.novell.com/850148 http://download.novell.com/patch/finder/?keywords=06e5fb9c1bb44bc958d26f52b71b7269 http://download.novell.com/patch/finder/?keywords=3847822af2a8723bbe4fbc4f642205f8 http://download.novell.com/patch/finder/?keywords=50ea7d515940ba15ce107c64c80c22dd http://download.novell.com/patch/finder/?keywords=758c70c36ded607941fc576dea5ff0ea http://download.novell.com/patch/finder/?keywords=be957c00b1a9648f69c250c606572601 From sle-security-updates at lists.suse.com Mon Dec 2 13:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Dec 2013 21:04:11 +0100 (CET) Subject: SUSE-SU-2013:1808-1: moderate: Security update for OpenJDK 1.6 Message-ID: <20131202200411.7B1E232189@maintenance.suse.de> SUSE Security Update: Security update for OpenJDK 1.6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1808-1 Rating: moderate References: #852367 Cross-References: CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which includes many fixes for bugs and security issues: * S8006900, CVE-2013-3829: Add new date/time capability * S8008589: Better MBean permission validation * S8011071, CVE-2013-5780: Better crypto provider handling * S8011081, CVE-2013-5772: Improve jhat * S8011157, CVE-2013-5814: Improve CORBA portablility * S8012071, CVE-2013-5790: Better Building of Beans * S8012147: Improve tool support * S8012277: CVE-2013-5849: Improve AWT DataFlavor * S8012425, CVE-2013-5802: Transform TransformerFactory * S8013503, CVE-2013-5851: Improve stream factories * S8013506: Better Pack200 data handling * S8013510, CVE-2013-5809: Augment image writing code * S8013514: Improve stability of cmap class * S8013739, CVE-2013-5817: Better LDAP resource management * S8013744, CVE-2013-5783: Better tabling for AWT * S8014085: Better serialization support in JMX classes * S8014093, CVE-2013-5782: Improve parsing of images * S8014102, CVE-2013-5778: Improve image conversion * S8014341, CVE-2013-5803: Better service from Kerberos servers * S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations * S8014530, CVE-2013-5825: Better digital signature processing * S8014534: Better profiling support * S8014987, CVE-2013-5842: Augment serialization handling * S8015614: Update build settings * S8015731: Subject java.security.auth.subject to improvements * S8015743, CVE-2013-5774: Address internet addresses * S8016256: Make finalization final * S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names * S8016675, CVE-2013-5797: Make Javadoc pages more robust * S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately * S8017287, CVE-2013-5829: Better resource disposal * S8017291, CVE-2013-5830: Cast Proxies Aside * S8017298, CVE-2013-4002: Better XML support * S8017300, CVE-2013-5784: Improve Interface Implementation * S8017505, CVE-2013-5820: Better Client Service * S8019292: Better Attribute Value Exceptions * S8019617: Better view of objects * S8020293: JVM crash * S8021290, CVE-2013-5823: Better signature validation * S8022940: Enhance CORBA translations * S8023683: Enhance class file parsing Security issue references: * CVE-2013-3829 * CVE-2013-5780 * CVE-2013-5772 * CVE-2013-5814 * CVE-2013-5790 * CVE-2013-5849 * CVE-2013-5802 * CVE-2013-5851 * CVE-2013-5809 * CVE-2013-5817 * CVE-2013-5783 * CVE-2013-5782 * CVE-2013-5778 * CVE-2013-5803 * CVE-2013-5840 * CVE-2013-5825 * CVE-2013-5842 * CVE-2013-5774 * CVE-2013-5804 * CVE-2013-5797 * CVE-2013-5850 * CVE-2013-5829 * CVE-2013-5830 * CVE-2013-4002 * CVE-2013-5784 * CVE-2013-5820 * CVE-2013-5823 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-java-1_6_0-openjdk-8598 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.7-0.2.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.7-0.2.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.7-0.2.1 References: http://support.novell.com/security/cve/CVE-2013-3829.html http://support.novell.com/security/cve/CVE-2013-4002.html http://support.novell.com/security/cve/CVE-2013-5772.html http://support.novell.com/security/cve/CVE-2013-5774.html http://support.novell.com/security/cve/CVE-2013-5778.html http://support.novell.com/security/cve/CVE-2013-5780.html http://support.novell.com/security/cve/CVE-2013-5782.html http://support.novell.com/security/cve/CVE-2013-5783.html http://support.novell.com/security/cve/CVE-2013-5784.html http://support.novell.com/security/cve/CVE-2013-5790.html http://support.novell.com/security/cve/CVE-2013-5797.html http://support.novell.com/security/cve/CVE-2013-5802.html http://support.novell.com/security/cve/CVE-2013-5803.html http://support.novell.com/security/cve/CVE-2013-5804.html http://support.novell.com/security/cve/CVE-2013-5809.html http://support.novell.com/security/cve/CVE-2013-5814.html http://support.novell.com/security/cve/CVE-2013-5817.html http://support.novell.com/security/cve/CVE-2013-5820.html http://support.novell.com/security/cve/CVE-2013-5823.html http://support.novell.com/security/cve/CVE-2013-5825.html http://support.novell.com/security/cve/CVE-2013-5829.html http://support.novell.com/security/cve/CVE-2013-5830.html http://support.novell.com/security/cve/CVE-2013-5840.html http://support.novell.com/security/cve/CVE-2013-5842.html http://support.novell.com/security/cve/CVE-2013-5849.html http://support.novell.com/security/cve/CVE-2013-5850.html http://support.novell.com/security/cve/CVE-2013-5851.html https://bugzilla.novell.com/852367 http://download.novell.com/patch/finder/?keywords=f9bc9e92927bdfde8cd5a58a25ff1f63 From sle-security-updates at lists.suse.com Tue Dec 3 17:04:27 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 4 Dec 2013 01:04:27 +0100 (CET) Subject: SUSE-SU-2013:1813-1: Security update for SLMS Message-ID: <20131204000427.B06F23217B@maintenance.suse.de> SUSE Security Update: Security update for SLMS ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1813-1 Rating: low References: #799218 #839419 #852101 Cross-References: CVE-2013-3710 Affected Products: SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: This update for SLMS provides the following fixes: * Always generate secret key if default one from git is used and ensure files containing keys are readable only by SLMS. (CVE-2013-3710) * Fix valid appliance handling in studio APIv2 which return 404 instead of 400. * Fix grammar in error message. * NetIQ migration L3 fixes: o Fix injecting metadata into repodata o Fixed wrong namespace in injecting metadata o Prevent oversized logs when log xmlling output o Fix crash for download in chunk as it's object doesn't have even empty method o Fix crash if additional package is inconsistently added and not included in appliance anymore. Security Issues: * CVE-2013-3710 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-slms-8586 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 1.3.7]: slms-1.3.7-0.5.1 slms-core-1.3.7-0.5.1 slms-customer-center-1.3.7-0.5.1 slms-devel-doc-1.3.7-0.5.1 slms-external-1.3.7-0.5.1 slms-registration-1.3.7-0.5.1 slms-testsuite-1.3.7-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3710.html https://bugzilla.novell.com/799218 https://bugzilla.novell.com/839419 https://bugzilla.novell.com/852101 http://download.novell.com/patch/finder/?keywords=737458eaeb41721b046145a5f89dac3e From sle-security-updates at lists.suse.com Wed Dec 4 13:04:12 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 4 Dec 2013 21:04:12 +0100 (CET) Subject: SUSE-SU-2013:1824-1: moderate: Security update for Apache2 Message-ID: <20131204200412.273083218D@maintenance.suse.de> SUSE Security Update: Security update for Apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1824-1 Rating: moderate References: #791794 #815621 #829056 #829057 Cross-References: CVE-2013-1862 CVE-2013-1896 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. It includes one version update. Description: Apache2 received an LTSS rollup update which fixes various security issues and bugs. Security issues fixed: * CVE-2013-1896: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. [bnc#829056] * CVE-2013-1862: client data written to the RewriteLog must have terminal escape sequences escaped. [bnc#829057] Bugs fixed: * make sure that input that has already arrived on the socket is not discarded during a non-blocking read (read(2) returns 0 and errno is set to -EAGAIN). [bnc#815621] * make ssl connection not behave as above (this is openssl BIO stuff). [bnc#815621] * close the connection just before an attempted re-negotiation if data has been read with pipelining. This is done by resetting the keepalive status. [bnc#815621] [L3:38943] * reset the renegotiation status of a client<->server connection to RENEG_INIT to prevent falsely assumed status. [bnc#791794] * "OPTIONS *" internal requests are intercepted by a dummy filter that kicks in for the OPTIONS method. Apple iPrint uses "OPTIONS *" to upgrade the connection to TLS/1.0 following rfc2817. For compatibility, check if an Upgrade request header is present and skip the filter if yes. [bnc#791794] Security Issue references: * CVE-2013-1896 * CVE-2013-1862 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-apache2-8429 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-apache2-8429 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 2.2.12]: apache2-2.2.12-1.40.7 apache2-doc-2.2.12-1.40.7 apache2-example-pages-2.2.12-1.40.7 apache2-prefork-2.2.12-1.40.7 apache2-utils-2.2.12-1.40.7 apache2-worker-2.2.12-1.40.7 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.2.12]: apache2-2.2.12-1.40.7 apache2-doc-2.2.12-1.40.7 apache2-example-pages-2.2.12-1.40.7 apache2-prefork-2.2.12-1.40.7 apache2-utils-2.2.12-1.40.7 apache2-worker-2.2.12-1.40.7 References: http://support.novell.com/security/cve/CVE-2013-1862.html http://support.novell.com/security/cve/CVE-2013-1896.html https://bugzilla.novell.com/791794 https://bugzilla.novell.com/815621 https://bugzilla.novell.com/829056 https://bugzilla.novell.com/829057 http://download.novell.com/patch/finder/?keywords=1788cfd4ee089aa3e421b7f8f02766fc From sle-security-updates at lists.suse.com Thu Dec 5 10:04:12 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 5 Dec 2013 18:04:12 +0100 (CET) Subject: SUSE-SU-2013:1828-1: critical: Security update for ruby Message-ID: <20131205170412.4AF9D32192@maintenance.suse.de> SUSE Security Update: Security update for ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1828-1 Rating: critical References: #851803 Cross-References: CVE-2009-0689 CVE-2013-4164 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The following security issue has been fixed: * CVE-2013-4164: heap overflow in float point parsing Security Issue references: * CVE-2013-4164 * CVE-2009-0689 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-ruby-8578 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby-8578 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ruby-8579 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ruby-8578 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ruby-8579 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ruby-8579 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ruby-8578 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ruby-8578 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ruby-8579 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ruby-8578 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-ruby-8578 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.13.1 - SUSE Studio Onsite 1.3 (x86_64): ruby-devel-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-doc-ri-1.8.7.p357-0.9.13.1 ruby-examples-1.8.7.p357-0.9.13.1 ruby-test-suite-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-doc-ri-1.8.7.p357-0.9.13.1 ruby-examples-1.8.7.p357-0.9.13.1 ruby-test-suite-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ruby-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ruby-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ruby-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ruby-1.8.7.p357-0.9.13.1 - SUSE Lifecycle Management Server 1.3 (x86_64): ruby-devel-1.8.7.p357-0.9.13.1 References: http://support.novell.com/security/cve/CVE-2009-0689.html http://support.novell.com/security/cve/CVE-2013-4164.html https://bugzilla.novell.com/851803 http://download.novell.com/patch/finder/?keywords=55e519fd3f439fd9aafa49788216f9f7 http://download.novell.com/patch/finder/?keywords=7cc8b87908b21ff43fefbb8322d8f53d From sle-security-updates at lists.suse.com Fri Dec 6 23:04:15 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 7 Dec 2013 07:04:15 +0100 (CET) Subject: SUSE-SU-2013:1832-1: moderate: Security update for Linux kernel Message-ID: <20131207060415.1E4F632195@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1832-1 Rating: moderate References: #537165 #609220 #615418 #649868 #656153 #681180 #681181 #681185 #683101 #693513 #699354 #699355 #699709 #700879 #701550 #702014 #702037 #703153 #703156 #706375 #707288 #709213 #709369 #713430 #717421 #718028 #721267 #721351 #721830 #722400 #724692 #725878 #726064 #726600 #727597 #730118 #730749 #731673 #731770 #732613 #733407 #734056 #735612 #740131 #742881 #745760 #747576 #749168 #752556 #760902 #762825 #765102 #765320 #770980 #773831 #776888 #786013 #789831 #795075 #797175 #802642 #804154 #808827 #809889 #809891 #809892 #809893 #809894 #809898 #809899 #809900 #809901 #809903 #811354 #811752 #813735 #815745 #816668 #823260 #823267 #824295 #826102 #826551 #827749 #827750 #828119 #836856 #850241 Cross-References: CVE-2009-4020 CVE-2009-4067 CVE-2010-4249 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-2203 CVE-2011-2213 CVE-2011-2484 CVE-2011-2492 CVE-2011-2494 CVE-2011-2525 CVE-2011-2534 CVE-2011-2699 CVE-2011-2928 CVE-2011-3209 CVE-2011-3363 CVE-2011-4077 CVE-2011-4110 CVE-2011-4132 CVE-2011-4324 CVE-2011-4330 CVE-2012-2136 CVE-2012-3510 CVE-2012-4444 CVE-2012-4530 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6541 CVE-2012-6542 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6547 CVE-2012-6549 CVE-2013-0160 CVE-2013-0268 CVE-2013-0871 CVE-2013-0914 CVE-2013-1827 CVE-2013-1928 CVE-2013-2141 CVE-2013-2147 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves 58 vulnerabilities and has 30 fixes is now available. Description: The SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up update to fix lots of moderate security issues and several bugs. The Following security issues have been fixed: * CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password. * CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. * CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. * CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. * CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. * CVE-2013-0160: The Linux kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. * CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. * CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application. * CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2012-6546: The ATM implementation in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. * CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel memory via a crafted application. * CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel had an incorrect return value in certain circumstances, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. * CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. * CVE-2011-2492: The bluetooth subsystem in the Linux kernel did not properly initialize certain data structures, which allowed local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. * CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. * CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. * CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. * CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel on unspecified architectures lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. * CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. * CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. * CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. * CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key." * CVE-2012-2136: The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. * CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allowed remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. * CVE-2011-2928: The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. * CVE-2011-4077: Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel, when CONFIG_XFS_DEBUG is disabled, allowed local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. * CVE-2011-4324: The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem. * CVE-2011-4330: Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel allowed local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field. * CVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. * CVE-2011-2525: The qdisc_notify function in net/sched/sch_api.c in the Linux kernel did not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. * CVE-2011-2699: The IPv6 implementation in the Linux kernel did not generate Fragment Identification values separately for each destination, which made it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. * CVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. * CVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. * CVE-2011-3209: The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel on the x86 platform allowed local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call. * CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. * CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating 0 character. * CVE-2011-2699: The IPv6 implementation in the Linux kernel did not generate Fragment Identification values separately for each destination, which made it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. * CVE-2011-2203: The hfs_find_init function in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record. * CVE-2009-4067: A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash. * CVE-2011-3363: The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel did not properly handle DFS referrals, which allowed remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. * CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. * CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." * CVE-2010-4249: The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. The following bugs have been fixed: * patches.fixes/allow-executables-larger-than-2GB.patch: Allow executables larger than 2GB (bnc#836856). * cio: prevent kernel panic after unexpected I/O interrupt (bnc#649868,LTC#67975). * cio: Add timeouts for internal IO (bnc#701550,LTC#72691). * kernel: first time swap use results in heavy swapping (bnc#701550,LTC#73132). * qla2xxx: Do not be so verbose on underrun detected * patches.arch/i386-run-tsc-calibration-5-times.patch: Fix the patch, the logic was wrong (bnc#537165, bnc#826551). * xfs: Do not reclaim new inodes in xfs_sync_inodes() (bnc#770980 bnc#811752). * kbuild: Fix gcc -x syntax (bnc#773831). * e1000e: stop cleaning when we reach tx_ring->next_to_use (bnc#762825). * Fix race condition about network device name allocation (bnc#747576). * kdump: bootmem map over crash reserved region (bnc#749168, bnc#722400, bnc#742881). * tcp: fix race condition leading to premature termination of sockets in FIN_WAIT2 state and connection being reset (bnc#745760) * tcp: drop SYN+FIN messages (bnc#765102). * net/linkwatch: Handle jiffies wrap-around (bnc#740131). * patches.fixes/vm-dirty-bytes: Provide /proc/sys/vm/dirty_{background_,}bytes for tuning (bnc#727597). * ipmi: Fix deadlock in start_next_msg() (bnc#730749). * cpu-hotplug: release workqueue_mutex properly on CPU hot-remove (bnc#733407). * libiscsi: handle init task failures (bnc#721351). * NFS/sunrpc: do not use a credential with extra groups (bnc#725878). * x86_64: fix reboot hang when "reboot=b" is passed to the kernel (bnc#721267). * nf_nat: do not add NAT extension for confirmed conntracks (bnc#709213). * xfs: fix memory reclaim recursion deadlock on locked inode buffer (bnc#699355 bnc#699354 bnc#721830). * ipmi: do not grab locks in run-to-completion mode (bnc#717421). * cciss: do not attempt to read from a write-only register (bnc#683101). * qla2xxx: Disable MSI-X initialization (bnc#693513). * Allow balance_dirty_pages to help other filesystems (bnc#709369). * nfs: fix congestion control (bnc#709369). * NFS: Separate metadata and page cache revalidation mechanisms (bnc#709369). * knfsd: nfsd4: fix laundromat shutdown race (bnc#752556). * x87: Do not synchronize TSCs across cores if they already should be synchronized by HW (bnc#615418 bnc#609220). * reiserfs: Fix int overflow while calculating free space (bnc#795075). * af_unix: limit recursion level (bnc#656153). * bcm43xx: netlink deadlock fix (bnc#850241). * jbd: Issue cache flush after checkpointing (bnc#731770). * cfq: Fix infinite loop in cfq_preempt_queue() (bnc#724692). Security Issue references: * CVE-2009-4020 * CVE-2009-4067 * CVE-2010-4249 * CVE-2011-1170 * CVE-2011-1171 * CVE-2011-1172 * CVE-2011-2203 * CVE-2011-2213 * CVE-2011-2484 * CVE-2011-2492 * CVE-2011-2494 * CVE-2011-2525 * CVE-2011-2534 * CVE-2011-2699 * CVE-2011-2928 * CVE-2011-3209 * CVE-2011-3363 * CVE-2011-4077 * CVE-2011-4110 * CVE-2011-4324 * CVE-2011-4330 * CVE-2012-2136 * CVE-2012-3510 * CVE-2012-4444 * CVE-2012-4530 * CVE-2012-6537 * CVE-2012-6539 * CVE-2012-6540 * CVE-2012-6541 * CVE-2012-6542 * CVE-2012-6544 * CVE-2012-6545 * CVE-2012-6546 * CVE-2012-6547 * CVE-2012-6549 * CVE-2013-0160 * CVE-2013-0268 * CVE-2013-0871 * CVE-2013-0914 * CVE-2013-1827 * CVE-2013-2141 * CVE-2013-2147 * CVE-2013-2164 * CVE-2013-2206 * CVE-2013-2232 * CVE-2013-2234 * CVE-2013-2237 * CVE-2013-3222 * CVE-2013-3223 * CVE-2013-3224 * CVE-2013-3228 * CVE-2013-3229 * CVE-2013-3231 * CVE-2013-3232 * CVE-2013-3234 * CVE-2013-3235 * CVE-2011-4132 * CVE-2013-1928 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): kernel-default-2.6.16.60-0.113.1 kernel-source-2.6.16.60-0.113.1 kernel-syms-2.6.16.60-0.113.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): kernel-debug-2.6.16.60-0.113.1 kernel-kdump-2.6.16.60-0.113.1 kernel-smp-2.6.16.60-0.113.1 kernel-xen-2.6.16.60-0.113.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): kernel-bigsmp-2.6.16.60-0.113.1 kernel-kdumppae-2.6.16.60-0.113.1 kernel-vmi-2.6.16.60-0.113.1 kernel-vmipae-2.6.16.60-0.113.1 kernel-xenpae-2.6.16.60-0.113.1 References: http://support.novell.com/security/cve/CVE-2009-4020.html http://support.novell.com/security/cve/CVE-2009-4067.html http://support.novell.com/security/cve/CVE-2010-4249.html http://support.novell.com/security/cve/CVE-2011-1170.html http://support.novell.com/security/cve/CVE-2011-1171.html http://support.novell.com/security/cve/CVE-2011-1172.html http://support.novell.com/security/cve/CVE-2011-2203.html http://support.novell.com/security/cve/CVE-2011-2213.html http://support.novell.com/security/cve/CVE-2011-2484.html http://support.novell.com/security/cve/CVE-2011-2492.html http://support.novell.com/security/cve/CVE-2011-2494.html http://support.novell.com/security/cve/CVE-2011-2525.html http://support.novell.com/security/cve/CVE-2011-2534.html http://support.novell.com/security/cve/CVE-2011-2699.html http://support.novell.com/security/cve/CVE-2011-2928.html http://support.novell.com/security/cve/CVE-2011-3209.html http://support.novell.com/security/cve/CVE-2011-3363.html http://support.novell.com/security/cve/CVE-2011-4077.html http://support.novell.com/security/cve/CVE-2011-4110.html http://support.novell.com/security/cve/CVE-2011-4132.html http://support.novell.com/security/cve/CVE-2011-4324.html http://support.novell.com/security/cve/CVE-2011-4330.html http://support.novell.com/security/cve/CVE-2012-2136.html http://support.novell.com/security/cve/CVE-2012-3510.html http://support.novell.com/security/cve/CVE-2012-4444.html http://support.novell.com/security/cve/CVE-2012-4530.html http://support.novell.com/security/cve/CVE-2012-6537.html http://support.novell.com/security/cve/CVE-2012-6539.html http://support.novell.com/security/cve/CVE-2012-6540.html http://support.novell.com/security/cve/CVE-2012-6541.html http://support.novell.com/security/cve/CVE-2012-6542.html http://support.novell.com/security/cve/CVE-2012-6544.html http://support.novell.com/security/cve/CVE-2012-6545.html http://support.novell.com/security/cve/CVE-2012-6546.html http://support.novell.com/security/cve/CVE-2012-6547.html http://support.novell.com/security/cve/CVE-2012-6549.html http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-0268.html http://support.novell.com/security/cve/CVE-2013-0871.html http://support.novell.com/security/cve/CVE-2013-0914.html http://support.novell.com/security/cve/CVE-2013-1827.html http://support.novell.com/security/cve/CVE-2013-1928.html http://support.novell.com/security/cve/CVE-2013-2141.html http://support.novell.com/security/cve/CVE-2013-2147.html http://support.novell.com/security/cve/CVE-2013-2164.html http://support.novell.com/security/cve/CVE-2013-2206.html http://support.novell.com/security/cve/CVE-2013-2232.html http://support.novell.com/security/cve/CVE-2013-2234.html http://support.novell.com/security/cve/CVE-2013-2237.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/537165 https://bugzilla.novell.com/609220 https://bugzilla.novell.com/615418 https://bugzilla.novell.com/649868 https://bugzilla.novell.com/656153 https://bugzilla.novell.com/681180 https://bugzilla.novell.com/681181 https://bugzilla.novell.com/681185 https://bugzilla.novell.com/683101 https://bugzilla.novell.com/693513 https://bugzilla.novell.com/699354 https://bugzilla.novell.com/699355 https://bugzilla.novell.com/699709 https://bugzilla.novell.com/700879 https://bugzilla.novell.com/701550 https://bugzilla.novell.com/702014 https://bugzilla.novell.com/702037 https://bugzilla.novell.com/703153 https://bugzilla.novell.com/703156 https://bugzilla.novell.com/706375 https://bugzilla.novell.com/707288 https://bugzilla.novell.com/709213 https://bugzilla.novell.com/709369 https://bugzilla.novell.com/713430 https://bugzilla.novell.com/717421 https://bugzilla.novell.com/718028 https://bugzilla.novell.com/721267 https://bugzilla.novell.com/721351 https://bugzilla.novell.com/721830 https://bugzilla.novell.com/722400 https://bugzilla.novell.com/724692 https://bugzilla.novell.com/725878 https://bugzilla.novell.com/726064 https://bugzilla.novell.com/726600 https://bugzilla.novell.com/727597 https://bugzilla.novell.com/730118 https://bugzilla.novell.com/730749 https://bugzilla.novell.com/731673 https://bugzilla.novell.com/731770 https://bugzilla.novell.com/732613 https://bugzilla.novell.com/733407 https://bugzilla.novell.com/734056 https://bugzilla.novell.com/735612 https://bugzilla.novell.com/740131 https://bugzilla.novell.com/742881 https://bugzilla.novell.com/745760 https://bugzilla.novell.com/747576 https://bugzilla.novell.com/749168 https://bugzilla.novell.com/752556 https://bugzilla.novell.com/760902 https://bugzilla.novell.com/762825 https://bugzilla.novell.com/765102 https://bugzilla.novell.com/765320 https://bugzilla.novell.com/770980 https://bugzilla.novell.com/773831 https://bugzilla.novell.com/776888 https://bugzilla.novell.com/786013 https://bugzilla.novell.com/789831 https://bugzilla.novell.com/795075 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/802642 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/808827 https://bugzilla.novell.com/809889 https://bugzilla.novell.com/809891 https://bugzilla.novell.com/809892 https://bugzilla.novell.com/809893 https://bugzilla.novell.com/809894 https://bugzilla.novell.com/809898 https://bugzilla.novell.com/809899 https://bugzilla.novell.com/809900 https://bugzilla.novell.com/809901 https://bugzilla.novell.com/809903 https://bugzilla.novell.com/811354 https://bugzilla.novell.com/811752 https://bugzilla.novell.com/813735 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/823260 https://bugzilla.novell.com/823267 https://bugzilla.novell.com/824295 https://bugzilla.novell.com/826102 https://bugzilla.novell.com/826551 https://bugzilla.novell.com/827749 https://bugzilla.novell.com/827750 https://bugzilla.novell.com/828119 https://bugzilla.novell.com/836856 https://bugzilla.novell.com/850241 http://download.novell.com/patch/finder/?keywords=2edd49abdf9ae71916d1b5acb9177a75 http://download.novell.com/patch/finder/?keywords=ab3d3594ee8b8099b9bc0f2a2095b6b6 http://download.novell.com/patch/finder/?keywords=ffdbcc106c0e9486ae78943c42345dbd From sle-security-updates at lists.suse.com Tue Dec 10 03:04:12 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Dec 2013 11:04:12 +0100 (CET) Subject: SUSE-SU-2013:1852-1: Security update for glibc Message-ID: <20131210100412.4EB2143DF7@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1852-1 Rating: low References: #691365 #779320 #791928 #801246 #811979 #813121 #819347 #822210 #827811 #828235 #828637 #830268 #834594 #839870 Cross-References: CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 8 fixes is now available. Description: This update for glibc contains the following fixes: * Fix integer overflows in malloc (CVE-2013-4332, bnc#839870) * Fix buffer overflow in glob (bnc#691365) * Fix buffer overflow in strcoll (CVE-2012-4412, bnc#779320) * Update mount flags in (bnc#791928) * Fix buffer overrun in regexp matcher (CVE-2013-0242, bnc#801246) * Fix memory leaks in dlopen (bnc#811979) * Fix stack overflow in getaddrinfo with many results (CVE-2013-1914, bnc#813121) * Don't raise UNDERFLOW in tan/tanf for small but normal argument (bnc#819347) * Properly cross page boundary in SSE4.2 implementation of strcmp (bnc#822210) * Fix robust mutex handling after fork (bnc#827811) * Fix missing character in IBM-943 charset (bnc#828235) * Fix use of alloca in gaih_inet (bnc#828637) * Initialize pointer guard also in static executables (CVE-2013-4788, bnc#830268) * Fix readdir_r with long file names (CVE-2013-4237, bnc#834594). Security Issues: * CVE-2012-4412 * CVE-2013-0242 * CVE-2013-1914 * CVE-2013-4237 * CVE-2013-4332 * CVE-2013-4788 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glibc-8337 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glibc-8337 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glibc-8337 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glibc-8337 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glibc-html-2.11.3-17.56.2 glibc-info-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glibc-2.11.3-17.56.2 glibc-devel-2.11.3-17.56.2 glibc-html-2.11.3-17.56.2 glibc-i18ndata-2.11.3-17.56.2 glibc-info-2.11.3-17.56.2 glibc-locale-2.11.3-17.56.2 glibc-profile-2.11.3-17.56.2 nscd-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): glibc-32bit-2.11.3-17.56.2 glibc-devel-32bit-2.11.3-17.56.2 glibc-locale-32bit-2.11.3-17.56.2 glibc-profile-32bit-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.56.2 glibc-devel-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.56.2 glibc-i18ndata-2.11.3-17.56.2 glibc-info-2.11.3-17.56.2 glibc-locale-2.11.3-17.56.2 glibc-profile-2.11.3-17.56.2 nscd-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.56.2 glibc-devel-32bit-2.11.3-17.56.2 glibc-locale-32bit-2.11.3-17.56.2 glibc-profile-32bit-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): glibc-locale-x86-2.11.3-17.56.2 glibc-profile-x86-2.11.3-17.56.2 glibc-x86-2.11.3-17.56.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 i686 x86_64): glibc-2.11.3-17.56.2 glibc-devel-2.11.3-17.56.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.56.2 glibc-locale-2.11.3-17.56.2 nscd-2.11.3-17.56.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): glibc-32bit-2.11.3-17.56.2 glibc-devel-32bit-2.11.3-17.56.2 glibc-locale-32bit-2.11.3-17.56.2 References: http://support.novell.com/security/cve/CVE-2012-4412.html http://support.novell.com/security/cve/CVE-2013-0242.html http://support.novell.com/security/cve/CVE-2013-1914.html http://support.novell.com/security/cve/CVE-2013-4237.html http://support.novell.com/security/cve/CVE-2013-4332.html http://support.novell.com/security/cve/CVE-2013-4788.html https://bugzilla.novell.com/691365 https://bugzilla.novell.com/779320 https://bugzilla.novell.com/791928 https://bugzilla.novell.com/801246 https://bugzilla.novell.com/811979 https://bugzilla.novell.com/813121 https://bugzilla.novell.com/819347 https://bugzilla.novell.com/822210 https://bugzilla.novell.com/827811 https://bugzilla.novell.com/828235 https://bugzilla.novell.com/828637 https://bugzilla.novell.com/830268 https://bugzilla.novell.com/834594 https://bugzilla.novell.com/839870 http://download.novell.com/patch/finder/?keywords=662fdef831f525bc78959155f328aa67 From sle-security-updates at lists.suse.com Tue Dec 10 03:04:21 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Dec 2013 11:04:21 +0100 (CET) Subject: SUSE-SU-2013:1854-1: Security update for glibc Message-ID: <20131210100421.2221543DF7@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1854-1 Rating: low References: #691365 #779320 #791928 #801246 #811979 #813121 #818628 #819347 #822210 #827811 #828235 #828637 #830268 #834594 #839870 Cross-References: CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 9 fixes is now available. Description: This update for glibc contains the following fixes: * Fix integer overflows in malloc (CVE-2013-4332, bnc#839870) * Fix buffer overflow in glob (bnc#691365) * Fix buffer overflow in strcoll (CVE-2012-4412, bnc#779320) * Update mount flags in (bnc#791928) * Fix buffer overrun in regexp matcher (CVE-2013-0242, bnc#801246) * Fix memory leaks in dlopen (bnc#811979) * Fix stack overflow in getaddrinfo with many results (CVE-2013-1914, bnc#813121) * Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec (bnc#818628) * Don't raise UNDERFLOW in tan/tanf for small but normal argument (bnc#819347) * Properly cross page boundary in SSE4.2 implementation of strcmp (bnc#822210) * Fix robust mutex handling after fork (bnc#827811) * Fix missing character in IBM-943 charset (bnc#828235) * Fix use of alloca in gaih_inet (bnc#828637) * Initialize pointer guard also in static executables (CVE-2013-4788, bnc#830268) * Fix readdir_r with long file names (CVE-2013-4237, bnc#834594). Security Issues: * CVE-2012-4412 * CVE-2013-0242 * CVE-2013-1914 * CVE-2013-4237 * CVE-2013-4332 * CVE-2013-4788 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-glibc-8335 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-glibc-8335 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-glibc-8335 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-glibc-8335 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): glibc-html-2.11.3-17.45.49.1 glibc-info-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 i686 x86_64): glibc-2.11.3-17.45.49.1 glibc-devel-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): glibc-html-2.11.3-17.45.49.1 glibc-i18ndata-2.11.3-17.45.49.1 glibc-info-2.11.3-17.45.49.1 glibc-locale-2.11.3-17.45.49.1 glibc-profile-2.11.3-17.45.49.1 nscd-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): glibc-32bit-2.11.3-17.45.49.1 glibc-devel-32bit-2.11.3-17.45.49.1 glibc-locale-32bit-2.11.3-17.45.49.1 glibc-profile-32bit-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.45.49.1 glibc-devel-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.45.49.1 glibc-i18ndata-2.11.3-17.45.49.1 glibc-info-2.11.3-17.45.49.1 glibc-locale-2.11.3-17.45.49.1 glibc-profile-2.11.3-17.45.49.1 nscd-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.45.49.1 glibc-devel-32bit-2.11.3-17.45.49.1 glibc-locale-32bit-2.11.3-17.45.49.1 glibc-profile-32bit-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): glibc-locale-x86-2.11.3-17.45.49.1 glibc-profile-x86-2.11.3-17.45.49.1 glibc-x86-2.11.3-17.45.49.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 i686 x86_64): glibc-2.11.3-17.45.49.1 glibc-devel-2.11.3-17.45.49.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): glibc-i18ndata-2.11.3-17.45.49.1 glibc-locale-2.11.3-17.45.49.1 nscd-2.11.3-17.45.49.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): glibc-32bit-2.11.3-17.45.49.1 glibc-devel-32bit-2.11.3-17.45.49.1 glibc-locale-32bit-2.11.3-17.45.49.1 References: http://support.novell.com/security/cve/CVE-2012-4412.html http://support.novell.com/security/cve/CVE-2013-0242.html http://support.novell.com/security/cve/CVE-2013-1914.html http://support.novell.com/security/cve/CVE-2013-4237.html http://support.novell.com/security/cve/CVE-2013-4332.html http://support.novell.com/security/cve/CVE-2013-4788.html https://bugzilla.novell.com/691365 https://bugzilla.novell.com/779320 https://bugzilla.novell.com/791928 https://bugzilla.novell.com/801246 https://bugzilla.novell.com/811979 https://bugzilla.novell.com/813121 https://bugzilla.novell.com/818628 https://bugzilla.novell.com/819347 https://bugzilla.novell.com/822210 https://bugzilla.novell.com/827811 https://bugzilla.novell.com/828235 https://bugzilla.novell.com/828637 https://bugzilla.novell.com/830268 https://bugzilla.novell.com/834594 https://bugzilla.novell.com/839870 http://download.novell.com/patch/finder/?keywords=b8fd7817886a68f6a48cbaa69b2fcb17 From sle-security-updates at lists.suse.com Thu Dec 12 13:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Dec 2013 21:04:10 +0100 (CET) Subject: SUSE-SU-2013:1866-1: moderate: Security update for strongswan Message-ID: <20131212200410.B3B69321EE@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1866-1 Rating: moderate References: #833278 #840826 #847506 Cross-References: CVE-2013-5018 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This strongswan update fixes security issues and bugs: * CVE-2013-5018: Specially crafted XAuth usernames and EAP identities could cause a crash in strongswan. * CVE-2013-6075: A crafted ID packet can be used by remote attackers to crash the server or potentially gain authentication privileges under certain circumstances. Additionally, a bug in route recursion limits was fixed: * Charon segfaults when left=%any / recursion limit. (bnc#840826) Security Issues: * CVE-2013-5018 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-strongswan-8488 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-strongswan-8488 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-strongswan-8488 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 References: http://support.novell.com/security/cve/CVE-2013-5018.html https://bugzilla.novell.com/833278 https://bugzilla.novell.com/840826 https://bugzilla.novell.com/847506 http://download.novell.com/patch/finder/?keywords=efb2537a9b17212b4bf63d91dcbc15a9 From sle-security-updates at lists.suse.com Thu Dec 12 14:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Dec 2013 22:04:10 +0100 (CET) Subject: SUSE-SU-2013:1867-1: moderate: Security update for Xen Message-ID: <20131212210410.61E6B321EE@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1867-1 Rating: moderate References: #840997 #848657 Cross-References: CVE-2013-4494 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Xen has been updated to fix a security issue and a bug: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. A non-security bug has also been fixed: * It is possible to start a VM twice on the same node (bnc#840997) Security Issue references: * CVE-2013-4494 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201311-8577 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-201311-8577 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201311-8577 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201311-8577 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): xen-devel-4.1.6_04-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xen-kmp-trace-4.1.6_04_3.0.101_0.5-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xen-kmp-default-4.1.6_04_3.0.101_0.5-0.5.1 xen-kmp-trace-4.1.6_04_3.0.101_0.5-0.5.1 xen-libs-4.1.6_04-0.5.1 xen-tools-domU-4.1.6_04-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.6_04-0.5.1 xen-doc-html-4.1.6_04-0.5.1 xen-doc-pdf-4.1.6_04-0.5.1 xen-libs-32bit-4.1.6_04-0.5.1 xen-tools-4.1.6_04-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): xen-kmp-pae-4.1.6_04_3.0.101_0.5-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xen-kmp-default-4.1.6_04_3.0.101_0.5-0.5.1 xen-kmp-trace-4.1.6_04_3.0.101_0.5-0.5.1 xen-libs-4.1.6_04-0.5.1 xen-tools-domU-4.1.6_04-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.6_04-0.5.1 xen-doc-html-4.1.6_04-0.5.1 xen-doc-pdf-4.1.6_04-0.5.1 xen-libs-32bit-4.1.6_04-0.5.1 xen-tools-4.1.6_04-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586): xen-kmp-pae-4.1.6_04_3.0.101_0.5-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-4494.html https://bugzilla.novell.com/840997 https://bugzilla.novell.com/848657 http://download.novell.com/patch/finder/?keywords=e2b4f1fdb40f6617a5fe27add20f67f0 From sle-security-updates at lists.suse.com Fri Dec 13 19:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 14 Dec 2013 03:04:14 +0100 (CET) Subject: SUSE-SU-2013:1875-1: moderate: Security update for krb5 Message-ID: <20131214020414.DB35A321EE@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1875-1 Rating: moderate References: #849240 Cross-References: CVE-2013-1418 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following security issue: * If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a null pointer, crashing the KDC. (CVE-2013-1418) Security Issues: * CVE-2013-1418 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-krb5-8534 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-krb5-8533 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-krb5-8534 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-krb5-8534 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-krb5-8533 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-krb5-8533 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-krb5-8534 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-krb5-8533 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): krb5-1.6.3-133.49.58.1 krb5-apps-clients-1.6.3-133.49.58.1 krb5-apps-servers-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 krb5-plugin-kdb-ldap-1.6.3-133.49.58.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.58.1 krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): krb5-doc-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.58.1 krb5-apps-clients-1.6.3-133.49.58.1 krb5-apps-servers-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 krb5-plugin-kdb-ldap-1.6.3-133.49.58.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.58.1 krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): krb5-doc-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): krb5-x86-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): krb5-1.6.3-133.49.58.1 krb5-apps-clients-1.6.3-133.49.58.1 krb5-apps-servers-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 krb5-plugin-kdb-ldap-1.6.3-133.49.58.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.58.1 krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): krb5-doc-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.58.1 krb5-apps-clients-1.6.3-133.49.58.1 krb5-apps-servers-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 krb5-plugin-kdb-ldap-1.6.3-133.49.58.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.58.1 krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): krb5-doc-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): krb5-x86-1.6.3-133.49.58.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): krb5-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): krb5-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): krb5-32bit-1.6.3-133.49.58.1 References: http://support.novell.com/security/cve/CVE-2013-1418.html https://bugzilla.novell.com/849240 http://download.novell.com/patch/finder/?keywords=182a15756c7af7190a0ae54375ed9ac0 http://download.novell.com/patch/finder/?keywords=66507a3dafe1c24d9e9dae86457e9336 From sle-security-updates at lists.suse.com Mon Dec 16 11:04:12 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 16 Dec 2013 19:04:12 +0100 (CET) Subject: SUSE-SU-2013:1894-1: important: Security update for webyast Message-ID: <20131216180412.25C7A32249@maintenance.suse.de> SUSE Security Update: Security update for webyast ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1894-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following security issue has been fixed: * CVE-2013-3709: webyast: local privilege escalation via secret rails tokens execution. This vulnerability was reported by joernchen of Phenoelit. Security Issue reference: * CVE-2013-3709 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-webyast-base-8608 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-webyast-base-8608 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-webyast-base-8608 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (noarch) [New Version: 0.3.43.1]: webyast-base-0.3.43.1-0.5.1 webyast-base-branding-default-0.3.43.1-0.5.1 - SUSE Studio Onsite 1.3 (noarch) [New Version: 0.3.43.1]: webyast-base-0.3.43.1-0.5.1 webyast-base-branding-default-0.3.43.1-0.5.1 - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 0.3.43.1]: webyast-base-0.3.43.1-0.5.1 webyast-base-branding-default-0.3.43.1-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116 http://download.novell.com/patch/finder/?keywords=e33808e1f7a924a2aecffd6c2cfef5e0 From sle-security-updates at lists.suse.com Mon Dec 16 13:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 16 Dec 2013 21:04:10 +0100 (CET) Subject: SUSE-SU-2013:1895-1: important: Security update for nginx Message-ID: <20131216200410.E2E3332251@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1895-1 Rating: important References: #851295 Cross-References: CVE-2013-4547 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: * CVE-2013-4547: nginx: security restriction bypass flaw due to whitespace parsing Security Issue reference: * CVE-2013-4547 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-nginx-1.0-8600 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-nginx-1.0-8600 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-nginx-1.0-8600 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): nginx-1.0-1.0.15-0.8.1 - SUSE Studio Onsite 1.3 (x86_64): nginx-1.0-1.0.15-0.8.1 - SUSE Lifecycle Management Server 1.3 (x86_64): nginx-1.0-1.0.15-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-4547.html https://bugzilla.novell.com/851295 http://download.novell.com/patch/finder/?keywords=d44506fa33f4c8fa0a43e48a7818a359 From sle-security-updates at lists.suse.com Mon Dec 16 16:04:09 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Dec 2013 00:04:09 +0100 (CET) Subject: SUSE-SU-2013:1896-1: important: Security update for flash-player Message-ID: <20131216230410.040BC32251@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1896-1 Rating: important References: #854881 Cross-References: CVE-2013-5331 CVE-2013-5332 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update fixes the following security issues with flash-player: * bnc#854881: flash-plugin: multiple code execution flaws (APSB13-28) o These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2013-5331). o These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-5332). o Ref: http://helpx.adobe.com/security/products/flash-player/apsb13 -28.html Security Issue references: * CVE-2013-5332 * CVE-2013-5331 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8640 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-8639 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.332]: flash-player-11.2.202.332-0.3.1 flash-player-gnome-11.2.202.332-0.3.1 flash-player-kde4-11.2.202.332-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.332]: flash-player-11.2.202.332-0.3.1 flash-player-gnome-11.2.202.332-0.3.1 flash-player-kde4-11.2.202.332-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-5331.html http://support.novell.com/security/cve/CVE-2013-5332.html https://bugzilla.novell.com/854881 http://download.novell.com/patch/finder/?keywords=30b48eee51a4727df3b225e699b6855e http://download.novell.com/patch/finder/?keywords=efb10711c30d7edc97e58e5d7d609260 From sle-security-updates at lists.suse.com Mon Dec 16 16:04:18 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Dec 2013 00:04:18 +0100 (CET) Subject: SUSE-SU-2013:1897-1: critical: Security update for ruby19 Message-ID: <20131216230418.7841332251@maintenance.suse.de> SUSE Security Update: Security update for ruby19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1897-1 Rating: critical References: #851803 Cross-References: CVE-2013-4164 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update fixes a severe security bug in ruby19: * CVE-2013-4164: heap overflow in float point parsing could lead to crashes and code execution Security Issue reference: * CVE-2013-4164 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby19-8620 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.9.3.p392]: ruby19-1.9.3.p392-0.17.1 ruby19-devel-1.9.3.p392-0.17.1 ruby19-devel-extra-1.9.3.p392-0.17.1 References: http://support.novell.com/security/cve/CVE-2013-4164.html https://bugzilla.novell.com/851803 http://download.novell.com/patch/finder/?keywords=3342ac1ab377ae7f16f87852381eeade From sle-security-updates at lists.suse.com Tue Dec 17 08:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Dec 2013 16:04:11 +0100 (CET) Subject: SUSE-SU-2013:1899-1: moderate: Security update for python-pyOpenSSL Message-ID: <20131217150411.E666B3205D@maintenance.suse.de> SUSE Security Update: Security update for python-pyOpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1899-1 Rating: moderate References: #839107 Cross-References: CVE-2013-4314 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: python-pyOpenSSL has been updated to fix a SSL Certificate host name checking bypass vulnerability. (CVE-2013-4314) Security Issue reference: * CVE-2013-4314 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-python-pyOpenSSL-8481 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 0.13.1]: python-pyOpenSSL-0.13.1-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4314.html https://bugzilla.novell.com/839107 http://download.novell.com/patch/finder/?keywords=108b2405de9adc4bcd594084831521d5 From sle-security-updates at lists.suse.com Thu Dec 19 10:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 19 Dec 2013 18:04:11 +0100 (CET) Subject: SUSE-SU-2013:1919-1: important: Security update for Mozilla Firefox Message-ID: <20131219170411.3799D32126@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1919-1 Rating: important References: #854367 #854370 Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. It includes two new package versions. Description: MozillaFirefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed: * CVE-2013-5611 Application Installation doorhanger persists on navigation (MFSA 2013-105) * CVE-2013-5609 Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104) * CVE-2013-5610 Miscellaneous memory safety hazards (rv:26.0) (MFSA 2013-104) * CVE-2013-5612 Character encoding cross-origin XSS attack (MFSA 2013-106) * CVE-2013-5614 Sandbox restrictions not applied to nested object elements (MFSA 2013-107) * CVE-2013-5616 Use-after-free in event listeners (MFSA 2013-108) * CVE-2013-5619 Potential overflow in JavaScript binary search algorithms (MFSA 2013-110) * CVE-2013-6671 Segmentation violation when replacing ordered list elements (MFSA 2013-111) * CVE-2013-6673 Trust settings for built-in roots ignored during EV certificate validation (MFSA 2013-113) * CVE-2013-5613 Use-after-free in synthetic mouse movement (MFSA 2013-114) * CVE-2013-5615 GetElementIC typed array stubs can be generated outside observed typesets (MFSA 2013-115) * CVE-2013-6672 Linux clipboard information disclosure though selection paste (MFSA 2013-112) * CVE-2013-5618 Use-after-free during Table Editing (MFSA 2013-109) Security Issue references: * CVE-2013-5609 * CVE-2013-5610 * CVE-2013-5611 * CVE-2013-5612 * CVE-2013-5613 * CVE-2013-5614 * CVE-2013-5615 * CVE-2013-5616 * CVE-2013-5618 * CVE-2013-5619 * CVE-2013-6671 * CVE-2013-6672 * CVE-2013-6673 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox24-201312-8657 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox24-201312-8657 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox24-201312-8657 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox24-201312-8657 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]: MozillaFirefox-devel-24.2.0esr-0.7.1 mozilla-nss-devel-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.2.0esr and 3.15.3.1]: MozillaFirefox-24.2.0esr-0.7.1 MozillaFirefox-translations-24.2.0esr-0.7.1 libfreebl3-3.15.3.1-0.7.1 libsoftokn3-3.15.3.1-0.7.1 mozilla-nss-3.15.3.1-0.7.1 mozilla-nss-tools-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.7.1 libsoftokn3-32bit-3.15.3.1-0.7.1 mozilla-nss-32bit-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.2.0esr and 3.15.3.1]: MozillaFirefox-24.2.0esr-0.7.1 MozillaFirefox-branding-SLED-24-0.7.4 MozillaFirefox-translations-24.2.0esr-0.7.1 libfreebl3-3.15.3.1-0.7.1 libsoftokn3-3.15.3.1-0.7.1 mozilla-nss-3.15.3.1-0.7.1 mozilla-nss-tools-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.7.1 libsoftokn3-32bit-3.15.3.1-0.7.1 mozilla-nss-32bit-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.3.1]: libfreebl3-x86-3.15.3.1-0.7.1 libsoftokn3-x86-3.15.3.1-0.7.1 mozilla-nss-x86-3.15.3.1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.2.0esr and 3.15.3.1]: MozillaFirefox-24.2.0esr-0.7.1 MozillaFirefox-branding-SLED-24-0.7.4 MozillaFirefox-translations-24.2.0esr-0.7.1 libfreebl3-3.15.3.1-0.7.1 libsoftokn3-3.15.3.1-0.7.1 mozilla-nss-3.15.3.1-0.7.1 mozilla-nss-tools-3.15.3.1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.7.1 libsoftokn3-32bit-3.15.3.1-0.7.1 mozilla-nss-32bit-3.15.3.1-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-5609.html http://support.novell.com/security/cve/CVE-2013-5610.html http://support.novell.com/security/cve/CVE-2013-5611.html http://support.novell.com/security/cve/CVE-2013-5612.html http://support.novell.com/security/cve/CVE-2013-5613.html http://support.novell.com/security/cve/CVE-2013-5614.html http://support.novell.com/security/cve/CVE-2013-5615.html http://support.novell.com/security/cve/CVE-2013-5616.html http://support.novell.com/security/cve/CVE-2013-5618.html http://support.novell.com/security/cve/CVE-2013-5619.html http://support.novell.com/security/cve/CVE-2013-6671.html http://support.novell.com/security/cve/CVE-2013-6672.html http://support.novell.com/security/cve/CVE-2013-6673.html https://bugzilla.novell.com/854367 https://bugzilla.novell.com/854370 http://download.novell.com/patch/finder/?keywords=b65ba217110f17441675bc6fc74570d4 From sle-security-updates at lists.suse.com Thu Dec 19 10:04:38 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 19 Dec 2013 18:04:38 +0100 (CET) Subject: SUSE-SU-2013:1920-1: important: Security update for libfreebl3 Message-ID: <20131219170438.AF25933E64@maintenance.suse.de> SUSE Security Update: Security update for libfreebl3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1920-1 Rating: important References: #854367 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: Mozilla NSS has been updated to the 3.15.3.1 security release. The update blacklists an intermediate CA that was abused to create man in the middle certificates. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-nss-201312-8648 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nss-201312-8648 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nss-201312-8648 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-nss-201312-8648 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]: mozilla-nss-devel-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.15.3.1]: libfreebl3-3.15.3.1-0.4.2.1 mozilla-nss-3.15.3.1-0.4.2.1 mozilla-nss-tools-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.4.2.1 mozilla-nss-32bit-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]: libfreebl3-3.15.3.1-0.4.2.1 mozilla-nss-3.15.3.1-0.4.2.1 mozilla-nss-tools-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.4.2.1 mozilla-nss-32bit-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.15.3.1]: libfreebl3-x86-3.15.3.1-0.4.2.1 mozilla-nss-x86-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.15.3.1]: libfreebl3-3.15.3.1-0.4.2.1 mozilla-nss-3.15.3.1-0.4.2.1 mozilla-nss-tools-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.4.2.1 mozilla-nss-32bit-3.15.3.1-0.4.2.1 References: https://bugzilla.novell.com/854367 http://download.novell.com/patch/finder/?keywords=a417469719590c5d5345b9512a640f6b From sle-security-updates at lists.suse.com Thu Dec 19 14:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 19 Dec 2013 22:04:11 +0100 (CET) Subject: SUSE-SU-2013:1923-1: moderate: Security update for Xen Message-ID: <20131219210411.691213215E@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1923-1 Rating: moderate References: #833483 #840997 #842417 #846849 #848014 #848657 #849665 #849667 #849668 #851386 Cross-References: CVE-2013-1922 CVE-2013-2007 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: The Xen hypervisor and tool-suite have been updated to fix security issues and bugs: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. * CVE-2013-4553: XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks. * CVE-2013-4554: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances. * CVE-2013-6375: XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked. * CVE-2013-4551: XSA-75: A host crash due to guest VMX instruction execution was fixed. Non-security bugs have also been fixed: * bnc#840997: It is possible to start a VM twice on the same node. * bnc#842417: In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar. * bnc#848014: Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing. * bnc#846849: Soft lock-up with PCI pass-through and many VCPUs. * bnc#833483: Boot Failure with Xen kernel in UEFI mode with error "No memory for trampoline". * Increase the maximum supported CPUs in the Hypervisor to 512. Security Issues: * CVE-2013-1922 * CVE-2013-2007 * CVE-2013-4375 * CVE-2013-4416 * CVE-2013-4494 * CVE-2013-4551 * CVE-2013-4553 * CVE-2013-4554 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xen-201311-8588 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xen-201311-8588 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xen-201311-8588 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): xen-devel-4.2.3_08-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): xen-kmp-default-4.2.3_08_3.0.101_0.8-0.7.1 xen-libs-4.2.3_08-0.7.1 xen-tools-domU-4.2.3_08-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): xen-4.2.3_08-0.7.1 xen-doc-html-4.2.3_08-0.7.1 xen-doc-pdf-4.2.3_08-0.7.1 xen-libs-32bit-4.2.3_08-0.7.1 xen-tools-4.2.3_08-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586): xen-kmp-pae-4.2.3_08_3.0.101_0.8-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xen-kmp-default-4.2.3_08_3.0.101_0.8-0.7.1 xen-libs-4.2.3_08-0.7.1 xen-tools-domU-4.2.3_08-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xen-4.2.3_08-0.7.1 xen-doc-html-4.2.3_08-0.7.1 xen-doc-pdf-4.2.3_08-0.7.1 xen-libs-32bit-4.2.3_08-0.7.1 xen-tools-4.2.3_08-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586): xen-kmp-pae-4.2.3_08_3.0.101_0.8-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-1922.html http://support.novell.com/security/cve/CVE-2013-2007.html http://support.novell.com/security/cve/CVE-2013-4375.html http://support.novell.com/security/cve/CVE-2013-4416.html http://support.novell.com/security/cve/CVE-2013-4494.html http://support.novell.com/security/cve/CVE-2013-4551.html http://support.novell.com/security/cve/CVE-2013-4553.html http://support.novell.com/security/cve/CVE-2013-4554.html https://bugzilla.novell.com/833483 https://bugzilla.novell.com/840997 https://bugzilla.novell.com/842417 https://bugzilla.novell.com/846849 https://bugzilla.novell.com/848014 https://bugzilla.novell.com/848657 https://bugzilla.novell.com/849665 https://bugzilla.novell.com/849667 https://bugzilla.novell.com/849668 https://bugzilla.novell.com/851386 http://download.novell.com/patch/finder/?keywords=08d096221c1d89c9a950f559d38dccd0 From sle-security-updates at lists.suse.com Fri Dec 20 09:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Dec 2013 17:04:10 +0100 (CET) Subject: SUSE-SU-2013:1866-2: moderate: Security update for strongswan Message-ID: <20131220160410.B6D7E3215F@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1866-2 Rating: moderate References: #833278 #840826 #847506 Cross-References: CVE-2013-5018 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This strongswan update fixes security issues and bugs: * CVE-2013-5018: Specially crafted XAuth usernames and EAP identities can cause a crash in strongswan. * CVE-2013-6075: A crafted ID packet can be used by remote attackers to crash the server or potentially gain authentication privileges under certain circumstances. Also a bug with route recursion limits was fixed: * Charon SEGFAULT when left=%any / recursion limit. (bnc#840826) Security Issues: * CVE-2013-5018 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-strongswan-8489 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-strongswan-8489 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-strongswan-8489 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 References: http://support.novell.com/security/cve/CVE-2013-5018.html https://bugzilla.novell.com/833278 https://bugzilla.novell.com/840826 https://bugzilla.novell.com/847506 http://download.novell.com/patch/finder/?keywords=f4cb1e26e54ac7b57f6e81a2c156db7d From sle-security-updates at lists.suse.com Fri Dec 20 14:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Dec 2013 22:04:10 +0100 (CET) Subject: SUSE-SU-2013:1926-1: moderate: Security update for apache2-mod_nss Message-ID: <20131220210410.AD3DD32163@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1926-1 Rating: moderate References: #853039 Cross-References: CVE-2013-4566 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issues with apache2-mod_nss: * bnc#853039: client certificate verification problematic (CVE-2013-4566) Security Issue reference: * CVE-2013-4566 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_nss-8611 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_nss-8611 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_nss-8610 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_nss-8610 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_nss-1.0.8-0.4.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_nss-1.0.8-0.4.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.7.1 References: http://support.novell.com/security/cve/CVE-2013-4566.html https://bugzilla.novell.com/853039 http://download.novell.com/patch/finder/?keywords=1f3e93c48200fcc7b35a097c90b110e2 http://download.novell.com/patch/finder/?keywords=85abee98c108f910ec3585a8f134d120 From sle-security-updates at lists.suse.com Mon Dec 23 12:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 23 Dec 2013 20:04:11 +0100 (CET) Subject: SUSE-SU-2013:1866-3: moderate: Security update for strongswan Message-ID: <20131223190411.6D07D320F3@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1866-3 Rating: moderate References: #833278 #840826 #847506 Cross-References: CVE-2013-5018 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This strongswan update fixes security issues and bugs: * CVE-2013-5018: Specially crafted XAuth usernames and EAP identities can cause a crash in strongswan. * CVE-2013-6075: A crafted ID packet can be used by remote attackers to crash the server or potentially gain authentication privileges under certain circumstances. Also a bug with route recursion limits was fixed: * Charon SEGFAULT when left=%any / recursion limit (bnc#840826). Security Issues: * CVE-2013-5018 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): strongswan-4.4.0-6.15.1 strongswan-doc-4.4.0-6.15.1 References: http://support.novell.com/security/cve/CVE-2013-5018.html https://bugzilla.novell.com/833278 https://bugzilla.novell.com/840826 https://bugzilla.novell.com/847506 http://download.novell.com/patch/finder/?keywords=e6c589e7bbb7423af132803861e03b33 From sle-security-updates at lists.suse.com Fri Dec 27 10:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Dec 2013 18:04:10 +0100 (CET) Subject: SUSE-SU-2013:1967-1: important: Security update for acroread Message-ID: <20131227170410.8EBEB3213C@maintenance.suse.de> SUSE Security Update: Security update for acroread ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1967-1 Rating: important References: #843835 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: Adobe has discontinued the support of Adobe Reader for Linux in June 2013. Newer security problems and bugs are no longer fixed. As the Adobe Reader is binary only software and we cannot provide a replacement, SUSE declares the acroread package of Adobe Reader as being out of support and unmaintained. If you do not need Acrobat Reader, we recommend to uninstall the "acroread" package. This update removes the Acrobat Reader PDF plugin to avoid automatic exploitation by clicking on web pages with embedded PDFs. The stand alone "acroread" binary is still available, but again, we do not recommend to use it. Indications: For all Acrobat Reader users. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-acroread-8689 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-acroread-8688 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (noarch): acroread-cmaps-9.4.6-0.4.5.1 acroread-fonts-ja-9.4.6-0.4.5.1 acroread-fonts-ko-9.4.6-0.4.5.1 acroread-fonts-zh_CN-9.4.6-0.4.5.1 acroread-fonts-zh_TW-9.4.6-0.4.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586): acroread-9.5.5-0.5.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): acroread-cmaps-9.4.6-0.4.5.1 acroread-fonts-ja-9.4.6-0.4.5.1 acroread-fonts-ko-9.4.6-0.4.5.1 acroread-fonts-zh_CN-9.4.6-0.4.5.1 acroread-fonts-zh_TW-9.4.6-0.4.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.5]: acroread-9.5.5-0.5.5.1 acroread_ja-9.4.2-0.4.1 References: https://bugzilla.novell.com/843835 http://download.novell.com/patch/finder/?keywords=1ba40421128e83afa47923da7fa45a4e http://download.novell.com/patch/finder/?keywords=622bc5e164e4f99a6b0b90dded3112a4