From sle-security-updates at lists.suse.com Tue Jun 4 15:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Jun 2013 23:04:10 +0200 (CEST) Subject: SUSE-SU-2013:0856-1: important: Security update for Linux kernel Message-ID: <20130604210410.0FE2E32248@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0856-1 Rating: important References: #760753 #789831 #790236 #810628 #812317 #813735 #815745 #817666 #818337 #819403 Cross-References: CVE-2012-4444 CVE-2013-1928 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 10 SP4 kernel has been updated to fix various bugs and security issues. Security issues fixed: * CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. * CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. Also the following bugs have been fixed: * hugetlb: Fix regression introduced by the original patch (bnc#790236, bnc#819403). * NFSv3/v2: Fix data corruption with NFS short reads (bnc#818337). * Fix package descriptions in specfiles (bnc#817666). * TTY: fix atime/mtime regression (bnc#815745). * virtio_net: ensure big packets are 64k (bnc#760753). * virtio_net: refill rx buffers when oom occurs (bnc#760753). * qeth: fix qeth_wait_for_threads() deadlock for OSN devices (bnc#812317, LTC#90910). * nfsd: remove unnecessary NULL checks from nfsd_cross_mnt (bnc#810628). * knfsd: Fixed problem with NFS exporting directories which are mounted on (bnc#810628). Security Issue references: * CVE-2012-4444 * CVE-2013-1928 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): kernel-default-2.6.16.60-0.103.1 kernel-source-2.6.16.60-0.103.1 kernel-syms-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586 x86_64): kernel-smp-2.6.16.60-0.103.1 kernel-xen-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.103.1 kernel-kdumppae-2.6.16.60-0.103.1 kernel-vmi-2.6.16.60-0.103.1 kernel-vmipae-2.6.16.60-0.103.1 kernel-xenpae-2.6.16.60-0.103.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): kernel-iseries64-2.6.16.60-0.103.1 kernel-ppc64-2.6.16.60-0.103.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): kernel-default-2.6.16.60-0.103.1 kernel-smp-2.6.16.60-0.103.1 kernel-source-2.6.16.60-0.103.1 kernel-syms-2.6.16.60-0.103.1 kernel-xen-2.6.16.60-0.103.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): kernel-bigsmp-2.6.16.60-0.103.1 kernel-xenpae-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586 ia64 x86_64): kernel-debug-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586 ppc x86_64): kernel-kdump-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586 x86_64): kernel-xen-2.6.16.60-0.103.1 - SLE SDK 10 SP4 (i586): kernel-xenpae-2.6.16.60-0.103.1 References: http://support.novell.com/security/cve/CVE-2012-4444.html http://support.novell.com/security/cve/CVE-2013-1928.html https://bugzilla.novell.com/760753 https://bugzilla.novell.com/789831 https://bugzilla.novell.com/790236 https://bugzilla.novell.com/810628 https://bugzilla.novell.com/812317 https://bugzilla.novell.com/813735 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/817666 https://bugzilla.novell.com/818337 https://bugzilla.novell.com/819403 http://download.novell.com/patch/finder/?keywords=42590e04eddb51fa31379710deb16611 http://download.novell.com/patch/finder/?keywords=4f3691ec5a62d5e0a58b289de36e7ba5 http://download.novell.com/patch/finder/?keywords=60a0921c1bb3961c00333f60f45fee0b http://download.novell.com/patch/finder/?keywords=806641e6eb093ae891357f0c47c7e76f http://download.novell.com/patch/finder/?keywords=b108e81194a14724506e0d40a5303d13 From sle-security-updates at lists.suse.com Tue Jun 4 16:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Jun 2013 00:04:14 +0200 (CEST) Subject: SUSE-SU-2013:0857-1: Security update for xorg-x11-server Message-ID: <20130604220414.D0BA332247@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0857-1 Rating: low References: #814653 Cross-References: CVE-2013-1940 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: In some cases, input events are sent to X servers not currently the VT owner, allowing a user to capture passwords. This update fixes this issue. CVE-2013-1940 has been assigned to this issue. Security Issue reference: * CVE-2013-1940 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc x86_64): xorg-x11-server-6.9.0-50.82.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): xorg-x11-server-6.9.0-50.82.1 References: http://support.novell.com/security/cve/CVE-2013-1940.html https://bugzilla.novell.com/814653 http://download.novell.com/patch/finder/?keywords=69cb26f8a0705fcf17f6341d54cdb9e1 From sle-security-updates at lists.suse.com Tue Jun 4 16:04:18 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Jun 2013 00:04:18 +0200 (CEST) Subject: SUSE-SU-2013:0858-1: Security update for glibc Message-ID: <20130604220418.B1AE532240@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0858-1 Rating: low References: #691365 #796982 #805899 #810637 #813121 Cross-References: CVE-2013-1914 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This collective update for the GNU C library (glibc) provides the following fixes: * Fix stack overflow in getaddrinfo with many results (bnc#813121, CVE-2013-1914) * Fix locking in _IO_cleanup (bnc#796982) * Fix buffer overflow in glob (bnc#691365) * Fix memory leak in execve (bnc#805899) Security Issue reference: * CVE-2013-1914 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 i686 ia64 ppc s390x x86_64): glibc-2.4-31.109.1 glibc-devel-2.4-31.109.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-html-2.4-31.109.1 glibc-i18ndata-2.4-31.109.1 glibc-info-2.4-31.109.1 glibc-locale-2.4-31.109.1 glibc-profile-2.4-31.109.1 nscd-2.4-31.109.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): glibc-32bit-2.4-31.109.1 glibc-devel-32bit-2.4-31.109.1 glibc-locale-32bit-2.4-31.109.1 glibc-profile-32bit-2.4-31.109.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): glibc-locale-x86-2.4-31.109.1 glibc-profile-x86-2.4-31.109.1 glibc-x86-2.4-31.109.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): glibc-64bit-2.4-31.109.1 glibc-devel-64bit-2.4-31.109.1 glibc-locale-64bit-2.4-31.109.1 glibc-profile-64bit-2.4-31.109.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 i686 x86_64): glibc-2.4-31.109.1 glibc-devel-2.4-31.109.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): glibc-html-2.4-31.109.1 glibc-i18ndata-2.4-31.109.1 glibc-info-2.4-31.109.1 glibc-locale-2.4-31.109.1 nscd-2.4-31.109.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): glibc-32bit-2.4-31.109.1 glibc-devel-32bit-2.4-31.109.1 glibc-locale-32bit-2.4-31.109.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): glibc-dceext-2.4-31.109.1 glibc-html-2.4-31.109.1 glibc-profile-2.4-31.109.1 - SLE SDK 10 SP4 (s390x x86_64): glibc-dceext-32bit-2.4-31.109.1 glibc-profile-32bit-2.4-31.109.1 - SLE SDK 10 SP4 (ia64): glibc-dceext-x86-2.4-31.109.1 glibc-profile-x86-2.4-31.109.1 - SLE SDK 10 SP4 (ppc): glibc-dceext-64bit-2.4-31.109.1 glibc-profile-64bit-2.4-31.109.1 References: http://support.novell.com/security/cve/CVE-2013-1914.html https://bugzilla.novell.com/691365 https://bugzilla.novell.com/796982 https://bugzilla.novell.com/805899 https://bugzilla.novell.com/810637 https://bugzilla.novell.com/813121 http://download.novell.com/patch/finder/?keywords=4ca050db7cee063070fd004b2b257e13 From sle-security-updates at lists.suse.com Tue Jun 4 17:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Jun 2013 01:04:10 +0200 (CEST) Subject: SUSE-SU-2013:0859-1: Security update for Xorg Message-ID: <20130604230410.2671532236@maintenance.suse.de> SUSE Security Update: Security update for Xorg ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0859-1 Rating: low References: #787170 #813178 #813683 #814653 Cross-References: CVE-2013-1940 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update of xorg-x11-server fixes one security issue and two bugs. In some cases, input events are sent to X servers not currently the VT owner, allowing a user to capture passwords. (CVE-2013-1940) Also the following bugs have been fixed: * A memory leak in cursor handling could slowly run the X server out of memory. (bnc#813178) * A memory leak in the X GE extension has been fixed that could have also run the X server out of memory (bnc#813683) * A CAPS lock issue in VNC has been fixed (bnc#787170) Security Issue reference: * CVE-2013-1940 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-Xvnc-7761 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-Xvnc-7761 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-Xvnc-7761 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-Xvnc-7761 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.70.72.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.72.1 xorg-x11-server-7.4-27.70.72.1 xorg-x11-server-extra-7.4-27.70.72.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.70.72.1 xorg-x11-server-7.4-27.70.72.1 xorg-x11-server-extra-7.4-27.70.72.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.72.1 xorg-x11-server-7.4-27.70.72.1 xorg-x11-server-extra-7.4-27.70.72.1 References: http://support.novell.com/security/cve/CVE-2013-1940.html https://bugzilla.novell.com/787170 https://bugzilla.novell.com/813178 https://bugzilla.novell.com/813683 https://bugzilla.novell.com/814653 http://download.novell.com/patch/finder/?keywords=ee7d716a9cc2dd9dfba74c7d65aba753 From sle-security-updates at lists.suse.com Mon Jun 10 07:04:09 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Jun 2013 15:04:09 +0200 (CEST) Subject: SUSE-SU-2013:0871-1: important: Security update for IBM Java 1.7.0 Message-ID: <20130610130409.361A932295@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.7.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0871-1 Rating: important References: #592934 #819285 #819288 Cross-References: CVE-2013-0401 CVE-2013-1491 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1563 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 CVE-2013-2418 CVE-2013-2419 CVE-2013-2420 CVE-2013-2422 CVE-2013-2424 CVE-2013-2429 CVE-2013-2430 CVE-2013-2432 CVE-2013-2433 CVE-2013-2435 CVE-2013-2440 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Java 11 SP2 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: IBM Java 1.7.0 has been updated to SR4-FP2 which fixes several bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2013-2422 * CVE-2013-1491 * CVE-2013-2435 * CVE-2013-2420 * CVE-2013-2432 * CVE-2013-1569 * CVE-2013-2384 * CVE-2013-2383 * CVE-2013-1557 * CVE-2013-1537 * CVE-2013-2440 * CVE-2013-2429 * CVE-2013-2430 * CVE-2013-1563 * CVE-2013-2394 * CVE-2013-0401 * CVE-2013-2424 * CVE-2013-2419 * CVE-2013-2417 * CVE-2013-2418 * CVE-2013-1540 * CVE-2013-2433 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_7_0-ibm-7794 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_7_0-ibm-7794 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_7_0-ibm-7794 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_7_0-ibm-7794 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_7_0-ibm-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-alsa-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-devel-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr4.2-0.6.1 - SUSE Linux Enterprise Java 11 SP2 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr4.2-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr4.2-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-0401.html http://support.novell.com/security/cve/CVE-2013-1491.html http://support.novell.com/security/cve/CVE-2013-1537.html http://support.novell.com/security/cve/CVE-2013-1540.html http://support.novell.com/security/cve/CVE-2013-1557.html http://support.novell.com/security/cve/CVE-2013-1563.html http://support.novell.com/security/cve/CVE-2013-1569.html http://support.novell.com/security/cve/CVE-2013-2383.html http://support.novell.com/security/cve/CVE-2013-2384.html http://support.novell.com/security/cve/CVE-2013-2394.html http://support.novell.com/security/cve/CVE-2013-2417.html http://support.novell.com/security/cve/CVE-2013-2418.html http://support.novell.com/security/cve/CVE-2013-2419.html http://support.novell.com/security/cve/CVE-2013-2420.html http://support.novell.com/security/cve/CVE-2013-2422.html http://support.novell.com/security/cve/CVE-2013-2424.html http://support.novell.com/security/cve/CVE-2013-2429.html http://support.novell.com/security/cve/CVE-2013-2430.html http://support.novell.com/security/cve/CVE-2013-2432.html http://support.novell.com/security/cve/CVE-2013-2433.html http://support.novell.com/security/cve/CVE-2013-2435.html http://support.novell.com/security/cve/CVE-2013-2440.html https://bugzilla.novell.com/592934 https://bugzilla.novell.com/819285 https://bugzilla.novell.com/819288 http://download.novell.com/patch/finder/?keywords=d3017524ccf7b5f89497ba09ca013416 From sle-security-updates at lists.suse.com Mon Jun 10 07:04:13 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Jun 2013 15:04:13 +0200 (CEST) Subject: SUSE-SU-2013:0835-2: important: Security update for Java 1.5.0 Message-ID: <20130610130413.51A4232298@maintenance.suse.de> SUSE Security Update: Security update for Java 1.5.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0835-2 Rating: important References: #592934 #819288 Cross-References: CVE-2013-0401 CVE-2013-1491 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1563 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 CVE-2013-2418 CVE-2013-2419 CVE-2013-2420 CVE-2013-2422 CVE-2013-2424 CVE-2013-2429 CVE-2013-2430 CVE-2013-2432 CVE-2013-2433 CVE-2013-2435 CVE-2013-2440 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: IBM Java 1.5.0 has been updated to SR13-FP2 which fixes several bugs and security issues. For more details see: http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issues: * CVE-2013-2422 * CVE-2013-1491 * CVE-2013-2435 * CVE-2013-2420 * CVE-2013-2432 * CVE-2013-1569 * CVE-2013-2384 * CVE-2013-2383 * CVE-2013-1557 * CVE-2013-1537 * CVE-2013-2440 * CVE-2013-2429 * CVE-2013-2430 * CVE-2013-1563 * CVE-2013-2394 * CVE-2013-0401 * CVE-2013-2424 * CVE-2013-2419 * CVE-2013-2417 * CVE-2013-2418 * CVE-2013-1540 * CVE-2013-2433 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_5_0-ibm-jdbc-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): java-1_5_0-ibm-64bit-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (ppc): java-1_5_0-ibm-jdbc-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): java-1_5_0-ibm-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-demo-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-src-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.2-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.2-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.2-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0401.html http://support.novell.com/security/cve/CVE-2013-1491.html http://support.novell.com/security/cve/CVE-2013-1537.html http://support.novell.com/security/cve/CVE-2013-1540.html http://support.novell.com/security/cve/CVE-2013-1557.html http://support.novell.com/security/cve/CVE-2013-1563.html http://support.novell.com/security/cve/CVE-2013-1569.html http://support.novell.com/security/cve/CVE-2013-2383.html http://support.novell.com/security/cve/CVE-2013-2384.html http://support.novell.com/security/cve/CVE-2013-2394.html http://support.novell.com/security/cve/CVE-2013-2417.html http://support.novell.com/security/cve/CVE-2013-2418.html http://support.novell.com/security/cve/CVE-2013-2419.html http://support.novell.com/security/cve/CVE-2013-2420.html http://support.novell.com/security/cve/CVE-2013-2422.html http://support.novell.com/security/cve/CVE-2013-2424.html http://support.novell.com/security/cve/CVE-2013-2429.html http://support.novell.com/security/cve/CVE-2013-2430.html http://support.novell.com/security/cve/CVE-2013-2432.html http://support.novell.com/security/cve/CVE-2013-2433.html http://support.novell.com/security/cve/CVE-2013-2435.html http://support.novell.com/security/cve/CVE-2013-2440.html https://bugzilla.novell.com/592934 https://bugzilla.novell.com/819288 http://download.novell.com/patch/finder/?keywords=a36ba08c692a30308a29e6242e31eea2 From sle-security-updates at lists.suse.com Mon Jun 10 10:09:20 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 10 Jun 2013 18:09:20 +0200 (CEST) Subject: SUSE-SU-2013:0934-1: important: Security update for Java 1.4.2 Message-ID: <20130610160920.487D732296@maintenance.suse.de> SUSE Security Update: Security update for Java 1.4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0934-1 Rating: important References: #494536 #592934 #819288 Cross-References: CVE-2013-1491 CVE-2013-1537 CVE-2013-1557 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2429 CVE-2013-2430 CVE-2013-2432 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Java 11 SP2 SUSE Linux Enterprise Java 10 SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: IBM Java 1.4.2 has been updated to SR13-FP17 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issue references: * CVE-2013-1491 * CVE-2013-2420 * CVE-2013-2432 * CVE-2013-1569 * CVE-2013-2384 * CVE-2013-2383 * CVE-2013-1557 * CVE-2013-1537 * CVE-2013-2429 * CVE-2013-2430 * CVE-2013-2394 * CVE-2013-2419 * CVE-2013-2417 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-java-1_4_2-ibm-7793 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-java-1_4_2-ibm-7793 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-java-1_4_2-ibm-7793 - SUSE Linux Enterprise Java 11 SP2: zypper in -t patch slejsp2-java-1_4_2-ibm-7793 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-devel-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Java 11 SP2 (i586 ppc64 s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Java 11 SP2 (i586): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.2.1 java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.2.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ia64 ppc s390x x86_64): java-1_4_2-ibm-1.4.2_sr13.17-0.5.1 java-1_4_2-ibm-devel-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586 ppc): java-1_4_2-ibm-jdbc-1.4.2_sr13.17-0.5.1 - SUSE Linux Enterprise Java 10 SP4 (i586): java-1_4_2-ibm-plugin-1.4.2_sr13.17-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1491.html http://support.novell.com/security/cve/CVE-2013-1537.html http://support.novell.com/security/cve/CVE-2013-1557.html http://support.novell.com/security/cve/CVE-2013-1569.html http://support.novell.com/security/cve/CVE-2013-2383.html http://support.novell.com/security/cve/CVE-2013-2384.html http://support.novell.com/security/cve/CVE-2013-2394.html http://support.novell.com/security/cve/CVE-2013-2417.html http://support.novell.com/security/cve/CVE-2013-2419.html http://support.novell.com/security/cve/CVE-2013-2420.html http://support.novell.com/security/cve/CVE-2013-2429.html http://support.novell.com/security/cve/CVE-2013-2430.html http://support.novell.com/security/cve/CVE-2013-2432.html https://bugzilla.novell.com/494536 https://bugzilla.novell.com/592934 https://bugzilla.novell.com/819288 http://download.novell.com/patch/finder/?keywords=8498417876678ff676fabbcad8fe7baa http://download.novell.com/patch/finder/?keywords=f3aefaa5ff17f24bea6179229c3c9ceb From sle-security-updates at lists.suse.com Mon Jun 17 07:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Jun 2013 15:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1022-1: important: kernel update for SLE11 SP2 Message-ID: <20130617130411.36A5E32377@maintenance.suse.de> SUSE Security Update: kernel update for SLE11 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-1 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to Linux kernel 3.0.80, fixing various bugs and security issues. Following security issues were fixed: CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. A kernel information leak via tkill/tgkill was fixed. Following bugs were fixed: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - libfc: do not exch_done() on invalid sequence ptr (bnc#810722). - netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). - hyperv: use 3.4 as LIC version string (bnc#822431). - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). - xen/netback: do not disconnect frontend when seeing oversize packet. - xen/netfront: reduce gso_max_size to account for max TCP header. - xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - xfs: Fix kABI due to change in xfs_buf (bnc#815356). - xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). - xfs: Serialize file-extending direct IO (bnc#818371). - xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). - bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). - s390/ftrace: fix mcount adjustment (bnc#809895). - mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). - patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). - mm: compaction: Restart compaction from near where it left off - mm: compaction: cache if a pageblock was scanned and no pages were isolated - mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity - mm: compaction: Scan PFN caching KABI workaround - mm: page_allocator: Remove first_pass guard - mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). - SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). - SUNRPC: Fix a UDP transport regression (bnc#800907). - SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). - SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). - SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). - md: cannot re-add disks after recovery (bnc#808647). - fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). - fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). - fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). - virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). - usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). - patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). - usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). - xhci: Fix TD size for isochronous URBs (bnc#818514). - ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). - ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). - xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). - xHCI: store rings type. - xhci: Fix hang on back-to-back Set TR Deq Ptr commands. - xHCI: check enqueue pointer advance into dequeue seg. - xHCI: store rings last segment and segment numbers. - xHCI: Allocate 2 segments for transfer ring. - xHCI: count free TRBs on transfer ring. - xHCI: factor out segments allocation and free function. - xHCI: update sg tablesize. - xHCI: set cycle state when allocate rings. - xhci: Reserve one command for USB3 LPM disable. - xHCI: dynamic ring expansion. - xhci: Do not warn on empty ring for suspended devices. - md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). - rpm/mkspec: Stop generating the get_release_number.sh file. - rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. - rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. - rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "" string in specfiles. - mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). - bonding: only use primary address for ARP (bnc#815444). - bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). - mm: speedup in __early_pfn_to_nid (bnc#810624). - TTY: fix atime/mtime regression (bnc#815745). - sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). - sched: harden rq rt usage accounting (bnc#769685, bnc#788590). - rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). - rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). - rcu: Fix detection of abruptly-ending stall (bnc#816586). - rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). - Update Xen patches to 3.0.74. - btrfs: do not re-enter when allocating a chunk. - btrfs: save us a read_lock. - btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. - btrfs: remove unused fs_info from btrfs_decode_error(). - btrfs: handle null fs_info in btrfs_panic(). - btrfs: fix varargs in __btrfs_std_error. - btrfs: fix the race between bio and btrfs_stop_workers. - btrfs: fix NULL pointer after aborting a transaction. - btrfs: fix infinite loop when we abort on mount. - xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). - xfs: fix buffer lookup race on allocation failure (bnc#763968). Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.80_0.5-0.14.57 ext4-writeable-kmp-trace-0_3.0.80_0.5-0.14.57 kernel-default-extra-3.0.80-0.5.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.80_0.5-0.14.57 kernel-xen-extra-3.0.80-0.5.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.80_0.5-0.14.57 kernel-ppc64-extra-3.0.80-0.5.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.80_0.5-0.14.57 kernel-pae-extra-3.0.80-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=1018f7c366e9c225d36d59a46a715654 http://download.novell.com/patch/finder/?keywords=194150572b66acba0bd2fe984ac1bb85 http://download.novell.com/patch/finder/?keywords=4d1b612be3e99697ac75bce374505ffd http://download.novell.com/patch/finder/?keywords=ab0bba015edca85724d852aec52fcc83 http://download.novell.com/patch/finder/?keywords=d0f1f96c578d70a2f51205abe68393b3 From sle-security-updates at lists.suse.com Mon Jun 17 15:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Jun 2013 23:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1036-1: Security update for SUSE Studio Message-ID: <20130617210410.8F58C32374@maintenance.suse.de> SUSE Security Update: Security update for SUSE Studio ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1036-1 Rating: low References: #803064 #803305 #803306 #803309 #804296 #804304 #804305 #804308 #804309 #804310 #804311 #808277 #810320 #813491 #813504 Cross-References: CVE-2012-6134 CVE-2013-0262 CVE-2013-0269 CVE-2013-0276 CVE-2013-1800 CVE-2013-1812 CVE-2013-1854 CVE-2013-1855 CVE-2013-1857 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 6 fixes is now available. It includes one version update. Description: This update provides SUSE Studio version 1.3.1, which includes improvements, security fixes for gems studio packages and a few minor bug fixes. The changes in detail are: * #813491: susestudio 1.3 requires -devel packages * #813504: susestudio build might require internet connection for gems bundling * #810320: security issues in action pack an active record * #810320: rubygem-activerecord*: Symbol DoS vulnerability in Active Record [CVE-2013-1854] * #810320: rubygem-actionpack*: XSS vulnerability in sanitize_css in Action Pack [CVE-2013-1855] * #810320: rubygem-actionpack*: XSS Vulnerability in the sanitize helper of Ruby on Rails [CVE-2013-1857] * #804310: security flaws in crack [CVE-2013-1800] * #804304: ruby-openid security flaw [CVE-2013-1812] * #803309: Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] * #803305: Circumvention of attr_protected [CVE-2013-0276] * #803064: security issue in rack [CVE-2013-0262] * #804308: omniauth-auth2 security flaw [CVE-2012-6134] * #804296: API builds change image_type if given * #808277: When updating onsite 1.3 services are not being restarted * #804309: omniauth-auth2 security flaw * #803306: Circumvention of attr_protected [CVE-2013-0276] * #804311: security flaw in crack * #804305: ruby-openid security flaw * #803064: security issue in rack. Security Issues: * CVE-2013-1854 * CVE-2013-1855 * CVE-2013-1857 * CVE-2013-1800 * CVE-2013-1812 * CVE-2013-0269 * CVE-2013-0276 * CVE-2013-0262 * CVE-2012-6134 * CVE-2013-0276 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-7721 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.1.0]: susestudio-1.3.1.0-0.5.2 susestudio-bundled-packages-1.3.1.0-0.5.2 susestudio-common-1.3.1.0-0.5.2 susestudio-runner-1.3.1.0-0.5.2 susestudio-sid-1.3.1.0-0.5.2 susestudio-ui-server-1.3.1.0-0.5.2 References: http://support.novell.com/security/cve/CVE-2012-6134.html http://support.novell.com/security/cve/CVE-2013-0262.html http://support.novell.com/security/cve/CVE-2013-0269.html http://support.novell.com/security/cve/CVE-2013-0276.html http://support.novell.com/security/cve/CVE-2013-1800.html http://support.novell.com/security/cve/CVE-2013-1812.html http://support.novell.com/security/cve/CVE-2013-1854.html http://support.novell.com/security/cve/CVE-2013-1855.html http://support.novell.com/security/cve/CVE-2013-1857.html https://bugzilla.novell.com/803064 https://bugzilla.novell.com/803305 https://bugzilla.novell.com/803306 https://bugzilla.novell.com/803309 https://bugzilla.novell.com/804296 https://bugzilla.novell.com/804304 https://bugzilla.novell.com/804305 https://bugzilla.novell.com/804308 https://bugzilla.novell.com/804309 https://bugzilla.novell.com/804310 https://bugzilla.novell.com/804311 https://bugzilla.novell.com/808277 https://bugzilla.novell.com/810320 https://bugzilla.novell.com/813491 https://bugzilla.novell.com/813504 http://download.novell.com/patch/finder/?keywords=2b61def21196acb86a98b3cd6b164de8 From sle-security-updates at lists.suse.com Mon Jun 17 15:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 17 Jun 2013 23:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1022-2: important: Security update for Linux kernel Message-ID: <20130617210414.52BAA32378@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-2 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues. The following security issues have been fixed: * CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. * CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. * A kernel information leak via tkill/tgkill was fixed. The following bugs have been fixed: * reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). * libfc: do not exch_done() on invalid sequence ptr (bnc#810722). * netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). * hyperv: use 3.4 as LIC version string (bnc#822431). * virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). * xen/netback: do not disconnect frontend when seeing oversize packet. * xen/netfront: reduce gso_max_size to account for max TCP header. * xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". * xfs: Fix kABI due to change in xfs_buf (bnc#815356). * xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). * xfs: Serialize file-extending direct IO (bnc#818371). * xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). * bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). * s390/ftrace: fix mcount adjustment (bnc#809895). * mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). * patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). * mm: compaction: Restart compaction from near where it left off * mm: compaction: cache if a pageblock was scanned and no pages were isolated * mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity * mm: compaction: Scan PFN caching KABI workaround * mm: page_allocator: Remove first_pass guard * mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) * qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). * SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). * SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). * SUNRPC: Fix a UDP transport regression (bnc#800907). * SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). * SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). * SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). * md: cannot re-add disks after recovery (bnc#808647). * fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). * fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). * virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). * usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). * patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). * usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). * xhci: Fix TD size for isochronous URBs (bnc#818514). * ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). * ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). * xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). * xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). * xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). * xHCI: store rings type. * xhci: Fix hang on back-to-back Set TR Deq Ptr commands. * xHCI: check enqueue pointer advance into dequeue seg. * xHCI: store rings last segment and segment numbers. * xHCI: Allocate 2 segments for transfer ring. * xHCI: count free TRBs on transfer ring. * xHCI: factor out segments allocation and free function. * xHCI: update sg tablesize. * xHCI: set cycle state when allocate rings. * xhci: Reserve one command for USB3 LPM disable. * xHCI: dynamic ring expansion. * xhci: Do not warn on empty ring for suspended devices. * md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). * rpm/mkspec: Stop generating the get_release_number.sh file. * rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. * rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. * rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "" string in specfiles. * mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * bonding: only use primary address for ARP (bnc#815444). * bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). * mm: speedup in __early_pfn_to_nid (bnc#810624). * TTY: fix atime/mtime regression (bnc#815745). * sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). * sched: harden rq rt usage accounting (bnc#769685, bnc#788590). * rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). * rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). * rcu: Fix detection of abruptly-ending stall (bnc#816586). * rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). * Update Xen patches to 3.0.74. * btrfs: do not re-enter when allocating a chunk. * btrfs: save us a read_lock. * btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. * btrfs: remove unused fs_info from btrfs_decode_error(). * btrfs: handle null fs_info in btrfs_panic(). * btrfs: fix varargs in __btrfs_std_error. * btrfs: fix the race between bio and btrfs_stop_workers. * btrfs: fix NULL pointer after aborting a transaction. * btrfs: fix infinite loop when we abort on mount. * xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). * xfs: fix buffer lookup race on allocation failure (bnc#763968). Security Issue references: * CVE-2013-0160 * CVE-2013-3076 * CVE-2013-3222 * CVE-2013-3223 * CVE-2013-3224 * CVE-2013-3225 * CVE-2013-3227 * CVE-2013-3228 * CVE-2013-3229 * CVE-2013-3231 * CVE-2013-3232 * CVE-2013-3234 * CVE-2013-3235 * CVE-2013-1979 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-7811 slessp2-kernel-7814 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-7811 slessp2-kernel-7812 slessp2-kernel-7813 slessp2-kernel-7814 slessp2-kernel-7819 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-7811 sleshasp2-kernel-7812 sleshasp2-kernel-7813 sleshasp2-kernel-7814 sleshasp2-kernel-7819 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-7811 sledsp2-kernel-7814 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.5.1 kernel-default-base-3.0.80-0.5.1 kernel-default-devel-3.0.80-0.5.1 kernel-source-3.0.80-0.5.1 kernel-syms-3.0.80-0.5.1 kernel-trace-3.0.80-0.5.1 kernel-trace-base-3.0.80-0.5.1 kernel-trace-devel-3.0.80-0.5.1 kernel-xen-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.5.1 kernel-pae-base-3.0.80-0.5.1 kernel-pae-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.5.1 kernel-default-base-3.0.80-0.5.1 kernel-default-devel-3.0.80-0.5.1 kernel-source-3.0.80-0.5.1 kernel-syms-3.0.80-0.5.1 kernel-trace-3.0.80-0.5.1 kernel-trace-base-3.0.80-0.5.1 kernel-trace-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.80]: kernel-ec2-3.0.80-0.5.1 kernel-ec2-base-3.0.80-0.5.1 kernel-ec2-devel-3.0.80-0.5.1 kernel-xen-3.0.80-0.5.1 kernel-xen-base-3.0.80-0.5.1 kernel-xen-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-kmp-default-4.1.5_02_3.0.80_0.5-0.5.5 xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.80]: kernel-default-man-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.80]: kernel-ppc64-3.0.80-0.5.1 kernel-ppc64-base-3.0.80-0.5.1 kernel-ppc64-devel-3.0.80-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.5.1 kernel-pae-base-3.0.80-0.5.1 kernel-pae-devel-3.0.80-0.5.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.80_0.5-2.18.45 cluster-network-kmp-trace-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-default-2_3.0.80_0.5-0.7.76 gfs2-kmp-trace-2_3.0.80_0.5-0.7.76 ocfs2-kmp-default-1.6_3.0.80_0.5-0.11.44 ocfs2-kmp-trace-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-xen-2_3.0.80_0.5-0.7.76 ocfs2-kmp-xen-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-ppc64-2_3.0.80_0.5-0.7.76 ocfs2-kmp-ppc64-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.80_0.5-2.18.45 gfs2-kmp-pae-2_3.0.80_0.5-0.7.76 ocfs2-kmp-pae-1.6_3.0.80_0.5-0.11.44 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.80]: kernel-default-3.0.80-0.5.1 kernel-default-base-3.0.80-0.5.1 kernel-default-devel-3.0.80-0.5.1 kernel-default-extra-3.0.80-0.5.1 kernel-source-3.0.80-0.5.1 kernel-syms-3.0.80-0.5.1 kernel-trace-3.0.80-0.5.1 kernel-trace-base-3.0.80-0.5.1 kernel-trace-devel-3.0.80-0.5.1 kernel-trace-extra-3.0.80-0.5.1 kernel-xen-3.0.80-0.5.1 kernel-xen-base-3.0.80-0.5.1 kernel-xen-devel-3.0.80-0.5.1 kernel-xen-extra-3.0.80-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-kmp-default-4.1.5_02_3.0.80_0.5-0.5.5 xen-kmp-trace-4.1.5_02_3.0.80_0.5-0.5.5 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.80]: kernel-pae-3.0.80-0.5.1 kernel-pae-base-3.0.80-0.5.1 kernel-pae-devel-3.0.80-0.5.1 kernel-pae-extra-3.0.80-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=19c95cc7458aa30d3c072b77a8701a6d http://download.novell.com/patch/finder/?keywords=23807efa0fda2554a9635e4fffacead3 http://download.novell.com/patch/finder/?keywords=8bd84321504d865c571ca2d3e49279bb http://download.novell.com/patch/finder/?keywords=9004723920468a034b1397e23a00e0ff http://download.novell.com/patch/finder/?keywords=ba206bb6e19abef79b40e9307204a30e From sle-security-updates at lists.suse.com Tue Jun 18 07:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Jun 2013 15:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1022-3: important: Security update for Linux kernel Message-ID: <20130618130410.0E48A32374@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1022-3 Rating: important References: #763968 #764209 #768052 #769685 #788590 #792584 #793139 #797042 #797175 #800907 #802153 #804154 #804609 #805804 #805945 #806431 #806980 #808647 #809122 #809155 #809748 #809895 #810580 #810624 #810722 #812281 #814719 #815356 #815444 #815745 #816443 #816451 #816586 #816668 #816708 #817010 #817339 #818053 #818327 #818371 #818514 #818516 #818798 #819295 #819519 #819655 #819789 #820434 #821560 #821930 #822431 #822722 Cross-References: CVE-2013-0160 CVE-2013-1979 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Real Time 11 SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 38 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues. The following security issues have been fixed: * CVE-2013-0160: Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3227: The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3076: The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. * CVE-2013-1979: The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. * A kernel information leak via tkill/tgkill was fixed. The following bugs have been fixed: * reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). * libfc: do not exch_done() on invalid sequence ptr (bnc#810722). * netfilter: ip6t_LOG: fix logging of packet mark (bnc#821930). * hyperv: use 3.4 as LIC version string (bnc#822431). * virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID (bnc#819655). * xen/netback: do not disconnect frontend when seeing oversize packet. * xen/netfront: reduce gso_max_size to account for max TCP header. * xen/netfront: fix kABI after "reduce gso_max_size to account for max TCP header". * xfs: Fix kABI due to change in xfs_buf (bnc#815356). * xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). * xfs: Serialize file-extending direct IO (bnc#818371). * xhci: Do not switch webcams in some HP ProBooks to XHCI (bnc#805804). * bluetooth: Do not switch BT on HP ProBook 4340 (bnc#812281). * s390/ftrace: fix mcount adjustment (bnc#809895). * mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections (bnc#804609, bnc#820434). * patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation (bnc#805945). * mm: compaction: Restart compaction from near where it left off * mm: compaction: cache if a pageblock was scanned and no pages were isolated * mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity * mm: compaction: Scan PFN caching KABI workaround * mm: page_allocator: Remove first_pass guard * mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles (bnc#816451) * qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). * SUNRPC: Get rid of the redundant xprt->shutdown bit field (bnc#800907). * SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot (bnc#800907). * SUNRPC: Fix a UDP transport regression (bnc#800907). * SUNRPC: Allow caller of rpc_sleep_on() to select priority levels (bnc#800907). * SUNRPC: Replace xprt->resend and xprt->sending with a priority queue (bnc#800907). * SUNRPC: Fix potential races in xprt_lock_write_next() (bnc#800907). * md: cannot re-add disks after recovery (bnc#808647). * fs/xattr.c:getxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed (bnc#818053). * fs/xattr.c:setxattr(): improve handling of allocation failures (bnc#818053). * fs/xattr.c: suppress page allocation failure warnings from sys_listxattr() (bnc#818053). * virtio-blk: Call revalidate_disk() upon online disk resize (bnc#817339). * usb-storage: CY7C68300A chips do not support Cypress ATACB (bnc#819295). * patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580). * usb: Using correct way to clear usb3.0 devices remote wakeup feature (bnc#818516). * xhci: Fix TD size for isochronous URBs (bnc#818514). * ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio (bnc#818798). * ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs (bnc#818798). * xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get (bnc#818053). * xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053). * xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053). * xHCI: store rings type. * xhci: Fix hang on back-to-back Set TR Deq Ptr commands. * xHCI: check enqueue pointer advance into dequeue seg. * xHCI: store rings last segment and segment numbers. * xHCI: Allocate 2 segments for transfer ring. * xHCI: count free TRBs on transfer ring. * xHCI: factor out segments allocation and free function. * xHCI: update sg tablesize. * xHCI: set cycle state when allocate rings. * xhci: Reserve one command for USB3 LPM disable. * xHCI: dynamic ring expansion. * xhci: Do not warn on empty ring for suspended devices. * md/raid1: Do not release reference to device while handling read error (bnc#809122, bnc#814719). * rpm/mkspec: Stop generating the get_release_number.sh file. * rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix. * rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. * rpm/kernel-*.spec.in, rpm/mkspec: Do not force the "" string in specfiles. * mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters (bnc#792584). * bonding: only use primary address for ARP (bnc#815444). * bonding: remove entries for master_ip and vlan_ip and query devices instead (bnc#815444). * mm: speedup in __early_pfn_to_nid (bnc#810624). * TTY: fix atime/mtime regression (bnc#815745). * sd_dif: problem with verify of type 1 protection information (PI) (bnc#817010). * sched: harden rq rt usage accounting (bnc#769685, bnc#788590). * rcu: Avoid spurious RCU CPU stall warnings (bnc#816586). * rcu: Dump local stack if cannot dump all CPUs stacks (bnc#816586). * rcu: Fix detection of abruptly-ending stall (bnc#816586). * rcu: Suppress NMI backtraces when stall ends before dump (bnc#816586). * Update Xen patches to 3.0.74. * btrfs: do not re-enter when allocating a chunk. * btrfs: save us a read_lock. * btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. * btrfs: remove unused fs_info from btrfs_decode_error(). * btrfs: handle null fs_info in btrfs_panic(). * btrfs: fix varargs in __btrfs_std_error. * btrfs: fix the race between bio and btrfs_stop_workers. * btrfs: fix NULL pointer after aborting a transaction. * btrfs: fix infinite loop when we abort on mount. * xfs: Do not allocate new buffers on every call to _xfs_buf_find (bnc#763968). * xfs: fix buffer lookup race on allocation failure (bnc#763968). Security Issue references: * CVE-2013-0160 * CVE-2013-3076 * CVE-2013-3222 * CVE-2013-3223 * CVE-2013-3224 * CVE-2013-3225 * CVE-2013-3227 * CVE-2013-3228 * CVE-2013-3229 * CVE-2013-3231 * CVE-2013-3232 * CVE-2013-3234 * CVE-2013-3235 * CVE-2013-1979 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-kernel-7828 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.80.rt108]: cluster-network-kmp-rt-1.4_3.0.80_rt108_0.5-2.18.47 cluster-network-kmp-rt_trace-1.4_3.0.80_rt108_0.5-2.18.47 drbd-kmp-rt-8.4.2_3.0.80_rt108_0.5-0.6.6.38 drbd-kmp-rt_trace-8.4.2_3.0.80_rt108_0.5-0.6.6.38 iscsitarget-kmp-rt-1.4.20_3.0.80_rt108_0.5-0.23.44 iscsitarget-kmp-rt_trace-1.4.20_3.0.80_rt108_0.5-0.23.44 kernel-rt-3.0.80.rt108-0.5.1 kernel-rt-base-3.0.80.rt108-0.5.1 kernel-rt-devel-3.0.80.rt108-0.5.1 kernel-rt_trace-3.0.80.rt108-0.5.1 kernel-rt_trace-base-3.0.80.rt108-0.5.1 kernel-rt_trace-devel-3.0.80.rt108-0.5.1 kernel-source-rt-3.0.80.rt108-0.5.1 kernel-syms-rt-3.0.80.rt108-0.5.1 lttng-modules-kmp-rt-2.0.4_3.0.80_rt108_0.5-0.7.35 lttng-modules-kmp-rt_trace-2.0.4_3.0.80_rt108_0.5-0.7.35 ocfs2-kmp-rt-1.6_3.0.80_rt108_0.5-0.11.46 ocfs2-kmp-rt_trace-1.6_3.0.80_rt108_0.5-0.11.46 ofed-kmp-rt-1.5.2_3.0.80_rt108_0.5-0.28.28.18 ofed-kmp-rt_trace-1.5.2_3.0.80_rt108_0.5-0.28.28.18 References: http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-1979.html http://support.novell.com/security/cve/CVE-2013-3076.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3225.html http://support.novell.com/security/cve/CVE-2013-3227.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/763968 https://bugzilla.novell.com/764209 https://bugzilla.novell.com/768052 https://bugzilla.novell.com/769685 https://bugzilla.novell.com/788590 https://bugzilla.novell.com/792584 https://bugzilla.novell.com/793139 https://bugzilla.novell.com/797042 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/802153 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/806980 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809155 https://bugzilla.novell.com/809748 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/810580 https://bugzilla.novell.com/810624 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/814719 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/815444 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816443 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816586 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/816708 https://bugzilla.novell.com/817010 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818327 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818514 https://bugzilla.novell.com/818516 https://bugzilla.novell.com/818798 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822722 http://download.novell.com/patch/finder/?keywords=0a3106322709c3a3f920332f0f5ba34c From sle-security-updates at lists.suse.com Tue Jun 18 12:04:16 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Jun 2013 20:04:16 +0200 (CEST) Subject: SUSE-SU-2013:1039-1: important: Security update for flash-player Message-ID: <20130618180416.8728A3237A@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1039-1 Rating: important References: #824512 Cross-References: CVE-2013-3343 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Adobe flash-player has been updated to the 11.2.202.291 security update which fixes several security issues. Bug#824512 / CVE-2013-3343 / APSB13-16 Security Issue reference: * CVE-2013-3343 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-7850 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.291]: flash-player-11.2.202.291-0.3.1 flash-player-gnome-11.2.202.291-0.3.1 flash-player-kde4-11.2.202.291-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 11.2.202.291]: flash-player-11.2.202.291-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3343.html https://bugzilla.novell.com/824512 http://download.novell.com/patch/finder/?keywords=79c597776eb65522c777c2c31d78be79 http://download.novell.com/patch/finder/?keywords=eade46809046296377fc288dde27a404 From sle-security-updates at lists.suse.com Wed Jun 19 09:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Jun 2013 17:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1051-1: Security update for pigz Message-ID: <20130619150410.87FC43237A@maintenance.suse.de> SUSE Security Update: Security update for pigz ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1051-1 Rating: low References: #803933 Affected Products: SUSE Studio Onsite 1.2 SUSE Studio Extension for System z 1.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes an issue where pigz created temp files with insecure permissions. (CVE-2013-0296) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.2: zypper in -t patch slestso12-pigz-7514 - SUSE Studio Extension for System z 1.2: zypper in -t patch slestso12-pigz-7514 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.2 (x86_64): pigz-2.1.6-0.5.2 - SUSE Studio Extension for System z 1.2 (s390x): pigz-2.1.6-0.5.2 References: https://bugzilla.novell.com/803933 http://download.novell.com/patch/finder/?keywords=e363bd8fee9fef2db5c1aeaf1503cdb0 From sle-security-updates at lists.suse.com Wed Jun 19 09:04:13 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Jun 2013 17:04:13 +0200 (CEST) Subject: SUSE-SU-2013:1052-1: Security update for pigz Message-ID: <20130619150413.51D953237A@maintenance.suse.de> SUSE Security Update: Security update for pigz ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1052-1 Rating: low References: #597756 #803933 Cross-References: CVE-2013-0296 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This pigz update to version 2.1.6 includes a security fix and several bug fixes: * fix temporary file permission bug (bnc#803933, CVE-2013-0296) * fix dictzip with #CPU == 1 (bnc#597756) Security Issue reference: * CVE-2013-0296 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-pigz-7838 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 2.1.6]: pigz-2.1.6-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-0296.html https://bugzilla.novell.com/597756 https://bugzilla.novell.com/803933 http://download.novell.com/patch/finder/?keywords=041a111ad6c334270d3aa6b836278738 From sle-security-updates at lists.suse.com Thu Jun 20 13:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Jun 2013 21:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1058-1: Security update for gpg2 Message-ID: <20130620190411.9A8333237B@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1058-1 Rating: low References: #780943 #798465 #808958 Cross-References: CVE-2012-6085 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gpg2 provides the following fixes: * Set proper file permissions when en/de-crypting files (bnc#780943) * Fix an issue that could cause corruption of the public keys database. (CVE-2012-6085, #798465) * Select proper ciphers when running in FIPS mode (bnc#808958) Security Issue reference * CVE-2012-6085 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gpg2-7737 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gpg2-7737 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gpg2-7737 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gpg2-2.0.9-25.33.33.1 gpg2-lang-2.0.9-25.33.33.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gpg2-2.0.9-25.33.33.1 gpg2-lang-2.0.9-25.33.33.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gpg2-2.0.9-25.33.33.1 gpg2-lang-2.0.9-25.33.33.1 References: http://support.novell.com/security/cve/CVE-2012-6085.html https://bugzilla.novell.com/780943 https://bugzilla.novell.com/798465 https://bugzilla.novell.com/808958 http://download.novell.com/patch/finder/?keywords=305e4b78fde413f704a65bf60a15b7a0 From sle-security-updates at lists.suse.com Thu Jun 20 14:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Jun 2013 22:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1059-1: moderate: Security update for clamav Message-ID: <20130620200411.15A063237B@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1059-1 Rating: moderate References: #816865 Cross-References: CVE-2013-2020 CVE-2013-2021 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update contains clamav 0.97.8 which fixes security issues (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation. Security Issue references: * CVE-2013-2020 * CVE-2013-2021 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-clamav-7821 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-clamav-7821 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-clamav-7821 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 0.97.8]: clamav-0.97.8-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-2020.html http://support.novell.com/security/cve/CVE-2013-2021.html https://bugzilla.novell.com/816865 http://download.novell.com/patch/finder/?keywords=5f21128dffc5d53e9eb8ed016ccae08e http://download.novell.com/patch/finder/?keywords=9d302ad645143524072bb084bf9f2ded From sle-security-updates at lists.suse.com Thu Jun 20 14:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Jun 2013 22:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1060-1: important: Security update for GnuTLS Message-ID: <20130620200414.CFFDC3237B@maintenance.suse.de> SUSE Security Update: Security update for GnuTLS ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1060-1 Rating: important References: #821818 Cross-References: CVE-2013-2116 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of GnuTLS fixes a regression introduced by the previous update that could have resulted in a Denial of Service (application crash). Security Issue reference: * CVE-2013-2116 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-gnutls-7781 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gnutls-7781 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gnutls-7781 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gnutls-7781 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.47.1 libgnutls-extra-devel-2.4.1-24.39.47.1 libgnutls-extra26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gnutls-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.47.1 libgnutls-extra26-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libgnutls26-x86-2.4.1-24.39.47.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): gnutls-1.2.10-13.36.1 gnutls-devel-1.2.10-13.36.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): gnutls-32bit-1.2.10-13.36.1 gnutls-devel-32bit-1.2.10-13.36.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): gnutls-x86-1.2.10-13.36.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): gnutls-64bit-1.2.10-13.36.1 gnutls-devel-64bit-1.2.10-13.36.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gnutls-2.4.1-24.39.47.1 libgnutls26-2.4.1-24.39.47.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libgnutls26-32bit-2.4.1-24.39.47.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): gnutls-1.2.10-13.36.1 gnutls-devel-1.2.10-13.36.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): gnutls-32bit-1.2.10-13.36.1 gnutls-devel-32bit-1.2.10-13.36.1 References: http://support.novell.com/security/cve/CVE-2013-2116.html https://bugzilla.novell.com/821818 http://download.novell.com/patch/finder/?keywords=6b62ecb51e089af80ba626d079de03f3 http://download.novell.com/patch/finder/?keywords=c39cabef26db30df30eff8a1bbef4088 From sle-security-updates at lists.suse.com Thu Jun 20 15:04:28 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Jun 2013 23:04:28 +0200 (CEST) Subject: SUSE-SU-2013:1061-1: Security update for gpg Message-ID: <20130620210428.10A6432376@maintenance.suse.de> SUSE Security Update: Security update for gpg ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1061-1 Rating: low References: #780943 #798465 Cross-References: CVE-2012-6085 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gpg provides the following fixes: * Set proper file permissions when en/de-crypting files (bnc#780943) * Fix an issue that could cause corruption of the public keys database. (CVE-2012-6085, bnc#798465) Security Issue reference: * CVE-2012-6085 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): gpg-1.4.2-23.21.1 gpg2-1.9.18-17.23.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): gpg-1.4.2-23.21.1 gpg2-1.9.18-17.23.1 References: http://support.novell.com/security/cve/CVE-2012-6085.html https://bugzilla.novell.com/780943 https://bugzilla.novell.com/798465 http://download.novell.com/patch/finder/?keywords=3fc2b24dc90bda3b61202a7c4ffc0814 http://download.novell.com/patch/finder/?keywords=c63e1c0dad4c5e8848b14230545d1ec2 From sle-security-updates at lists.suse.com Thu Jun 20 15:04:31 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Jun 2013 23:04:31 +0200 (CEST) Subject: SUSE-SU-2013:1062-1: moderate: Security update for python-django Message-ID: <20130620210431.B43423237B@maintenance.suse.de> SUSE Security Update: Security update for python-django ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1062-1 Rating: moderate References: #795264 #807175 Cross-References: CVE-2012-4520 CVE-2013-0305 CVE-2013-0306 CVE-2013-1665 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: python django was updated to version 1.4.5 which fixes several bugs and security problems. * Update to 1.4.5 (bnc#807175, bnc#795264): o Security release ( CVE-2012-4520 CVE-2013-0305 CVE-2013-0306 CVE-2013-1665 ) * Update to 1.4.3: o Security release: o Host header poisoning o Redirect poisoning o Please check release notes for details: https://www.djangoproject.com/weblog/2012/dec/10/security * Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin * Update to 1.4.2: o Security release: o Host header poisoning o Please check release notes for details: https://www.djangoproject.com/weblog/2012/oct/17/security * Update to 1.4.1: o Security release: o Cross-site scripting in authentication views o Denial-of-service in image validation o Denial-of-service via get_image_dimensions() o Please check release notes for details: https://www.djangoproject.com/weblog/2012/jul/30/security-re leases-issued Security Issue references: * CVE-2012-4520 * CVE-2013-0305 * CVE-2013-0306 * CVE-2013-1665 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-python-django-7839 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64) [New Version: 1.4.5]: python-django-1.4.5-0.6.2.1 References: http://support.novell.com/security/cve/CVE-2012-4520.html http://support.novell.com/security/cve/CVE-2013-0305.html http://support.novell.com/security/cve/CVE-2013-0306.html http://support.novell.com/security/cve/CVE-2013-1665.html https://bugzilla.novell.com/795264 https://bugzilla.novell.com/807175 http://download.novell.com/patch/finder/?keywords=7ea32c047895ee67361bae4515c29ef8 From sle-security-updates at lists.suse.com Fri Jun 21 14:04:15 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Jun 2013 22:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1067-1: Security update for python-keystoneclient Message-ID: <20130621200415.55D0C3237C@maintenance.suse.de> SUSE Security Update: Security update for python-keystoneclient ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1067-1 Rating: low References: #817415 Cross-References: CVE-2013-2013 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: python-keystoneclient has been updated to the latest git version (e4ed1f3) which fixes also a security issue: * CVE-2013-2013: password disclosure on command line was fixed, which allowed local users to find out passwords via ps. Other changes: * Update to latest git (e4ed1f3): o Fix scoped auth for non-admins (bug 1081192) * Update to latest git (27f0c72): o Don't need to lazy load resources loaded from API o Add support for HEAD and PATCH o Add generic entity.delete() o Allow serialization impl to be overridden o enabling i18n with Babel o updating keystoneclient doc theme o updating base keystoneclient documentation o virtualenv quite installation for zypper o Manager for generic CRUD on v3 o v3 Client & test utils o change default wrap for tokens from 78 characters to 0 o v3 Service CRUD o v3 Endpoint CRUD o v3 Policy CRUD o v3 Domain CRUD o v3 Role CRUD o v3 Project CRUD o v3 User CRUD o v3 Credential CRUD o v3 List projects for a user o Fixed httplib2 mocking (bug 1050091, bug 1050097) o v3 Domain/Project role grants o Enable/disable services/endpoints (bug 1048662) o bootstrap a keystone user (e.g. admin) in one cmd o Useful error msg when missing catalog (bug 949904) o Added 'service_id' column to endpoint-list o Ensure JSON isn't read on no HTTP response body o use mock context managers instead of decorators+functions o Fixes https connections to keystone when no CA certificates are specified. o add a new HTTPClient attr for setting the original IP o Add OpenStack trove classifier for PyPI o Don't log an exception for an expected empty catalog. o Replace refs to 'Keystone API' with 'Identity API' o Update --os-* error messages o HACKING compliance: consistent usage of 'except' o Fix keystoneclient so swift works against Rackspace Cloud Files o fixes 1075376 o Warn about bypassing auth on CLI (bug 1076225) o check creds before token/endpoint (bug 1076233) o Check for auth URL before password (bug 1076235) o removing repeat attempt at authorization in client o Make initial structural changes to keystoneclient in preparation to moving auth_token here from keystone. No functional change should occur from this commit (even though it did refresh a newer copy of openstack.common.setup.py, none of the newer updates are in functions called from this client) o Add auth-token code to keystoneclient, along with supporting files o Update README and CLI help o fixes auth_ref initialization error o Throw validation response into the environment * Add Provides/Obsoletes for openSUSE-12.2 package name (openstack-keystoneclient and python-python-keystoneclient) * Update to latest git (6c127df): o Fix PEP8 issues. o fixing pep8 formatting for 1.0.1+ pep8 o Fixed httplib2 mocking (bug 1050091, bug 1050097) o Require httplib2 version 0.7 or higher. o removing deprecated commandline options o Handle "503 Service Unavailable" exception. o Fixes setup compatibility issue on Windows o switching options to match authentication paths o Add wrap option to keystone token-get for humans o Allow empty description for tenants. o pep8 1.3.1 cleanup Security Issue reference: * CVE-2013-2013 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-python-keystoneclient-7868 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): python-keystoneclient-2012.1+git.1353428216.e4ed1f3-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-2013.html https://bugzilla.novell.com/817415 http://download.novell.com/patch/finder/?keywords=063a4ebcd43a01eecec673fc801eed73 From sle-security-updates at lists.suse.com Tue Jun 25 11:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Jun 2013 19:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1075-1: important: Security update for Xen Message-ID: <20130625170414.42D7E32047@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1075-1 Rating: important References: #801663 #809662 #813673 #813675 #813677 #814709 #816156 #816159 #816163 #819416 #820917 #820919 #820920 Cross-References: CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1920 CVE-2013-1952 CVE-2013-1964 CVE-2013-2072 CVE-2013-2076 CVE-2013-2077 CVE-2013-2078 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has three fixes is now available. Description: XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed: * CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal. * CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. * CVE-2013-2076: A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. * CVE-2013-2077: A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users. * CVE-2013-2078: A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users. * CVE-2013-2072: Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. * CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. * CVE-2013-1919: Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." * CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, used the wrong ordering of operations when extending the per-domain event channel tracking table, which caused a use-after-free and allowed local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. * CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly released a grant reference when releasing a non-v1, non-transitive grant, which allowed local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. Bugfixes: * Upstream patches from Jan 26956-x86-mm-preemptible-cleanup.patch 27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch 27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check.pat ch 27079-fix-XSA-46-regression-with-xend-xm.patch 27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-pointe rs.patch * Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. * bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec * Upstream patches from Jan 26702-powernow-add-fixups-for-AMD-P-state-figures.patch 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-ev ents.patch 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-m appings.patch 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-message s.patch 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch 26742-IOMMU-properly-check-whether-interrupt-remapping-is-en abled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.pat ch 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics .patch 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vect ors.patch 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mo de.patch 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap- pages.patch 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch 26851-iommu-crash-Interrupt-remapping-is-also-disabled-on-cr ash.patch * bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto xend-cpuinfo-model-name.patch * Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_extended _msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpup ool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-values.pa tch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch 26683-credit1-Use-atomic-bit-operations-for-the-flags-struct ure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch Security Issue references: * CVE-2013-1917 * CVE-2013-1918 * CVE-2013-1919 * CVE-2013-1920 * CVE-2013-1952 * CVE-2013-1964 * CVE-2013-2072 * CVE-2013-2076 * CVE-2013-2077 * CVE-2013-2078 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201305-7798 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-201305-7798 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201305-7798 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201305-7798 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): xen-devel-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-libs-4.1.5_02-0.5.1 xen-tools-domU-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.5_02-0.5.1 xen-doc-html-4.1.5_02-0.5.1 xen-doc-pdf-4.1.5_02-0.5.1 xen-libs-32bit-4.1.5_02-0.5.1 xen-tools-4.1.5_02-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1 xen-libs-4.1.5_02-0.5.1 xen-tools-domU-4.1.5_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.5_02-0.5.1 xen-doc-html-4.1.5_02-0.5.1 xen-doc-pdf-4.1.5_02-0.5.1 xen-libs-32bit-4.1.5_02-0.5.1 xen-tools-4.1.5_02-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586): xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-1917.html http://support.novell.com/security/cve/CVE-2013-1918.html http://support.novell.com/security/cve/CVE-2013-1919.html http://support.novell.com/security/cve/CVE-2013-1920.html http://support.novell.com/security/cve/CVE-2013-1952.html http://support.novell.com/security/cve/CVE-2013-1964.html http://support.novell.com/security/cve/CVE-2013-2072.html http://support.novell.com/security/cve/CVE-2013-2076.html http://support.novell.com/security/cve/CVE-2013-2077.html http://support.novell.com/security/cve/CVE-2013-2078.html https://bugzilla.novell.com/801663 https://bugzilla.novell.com/809662 https://bugzilla.novell.com/813673 https://bugzilla.novell.com/813675 https://bugzilla.novell.com/813677 https://bugzilla.novell.com/814709 https://bugzilla.novell.com/816156 https://bugzilla.novell.com/816159 https://bugzilla.novell.com/816163 https://bugzilla.novell.com/819416 https://bugzilla.novell.com/820917 https://bugzilla.novell.com/820919 https://bugzilla.novell.com/820920 http://download.novell.com/patch/finder/?keywords=2f3309c493da194384ed2eba64f84f0d From sle-security-updates at lists.suse.com Fri Jun 28 07:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 15:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1095-1: moderate: Security update for xorg-x11-libXrender Message-ID: <20130628130410.C8A863213D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXrender ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1095-1 Rating: moderate References: #815451 #821669 Cross-References: CVE-2013-1987 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXrender fixes several integer overflow issues (bnc#815451, bnc#821669, CVE-2013-1987). Security Issue reference: * CVE-2013-1987 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXrender-7809 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXrender-7809 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXrender-7809 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXrender-7809 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-devel-7.4-1.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXrender-devel-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXrender-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXrender-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXrender-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXrender-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXrender-x86-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXrender-7.4-1.16.1 xorg-x11-libXrender-devel-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXrender-32bit-7.4-1.16.1 References: http://support.novell.com/security/cve/CVE-2013-1987.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821669 http://download.novell.com/patch/finder/?keywords=48e45fee5e1a69e7883874b01777532f From sle-security-updates at lists.suse.com Fri Jun 28 08:04:11 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 16:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1096-1: Security update for xorg-x11-libxcb Message-ID: <20130628140411.B747632148@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libxcb ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1096-1 Rating: low References: #818829 #821584 Cross-References: CVE-2013-2064 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xorg-x11-libxcb addresses the following security issues: * Fix a deadlock with multi-threaded applications running on real time kernels. (bnc#818829) * Fix an integer overflow in read_packet(). (bnc#821584, CVE-2013-2064) Security Issues: * CVE-2013-2064 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libxcb-7760 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libxcb-7760 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libxcb-7760 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libxcb-7760 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libxcb-devel-7.4-1.22.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libxcb-devel-32bit-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libxcb-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libxcb-32bit-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libxcb-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libxcb-32bit-7.4-1.22.5.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libxcb-x86-7.4-1.22.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libxcb-7.4-1.22.5.1 xorg-x11-libxcb-devel-7.4-1.22.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libxcb-32bit-7.4-1.22.5.1 References: http://support.novell.com/security/cve/CVE-2013-2064.html https://bugzilla.novell.com/818829 https://bugzilla.novell.com/821584 http://download.novell.com/patch/finder/?keywords=e08d51376bdda6da2110e604a495b364 From sle-security-updates at lists.suse.com Fri Jun 28 08:04:15 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 16:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1097-1: moderate: Security update for xorg-x11-libXfixes Message-ID: <20130628140416.01B8532148@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXfixes ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1097-1 Rating: moderate References: #815451 #821667 Cross-References: CVE-2013-1983 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXfixes fixes a integer overflow issue (bnc#815451, bnc#821667, CVE-2013-1983). Security Issue reference: * CVE-2013-1983 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXfixes-7802 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXfixes-7802 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXfixes-7802 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXfixes-7802 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXfixes-devel-7.4-1.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXfixes-devel-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXfixes-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXfixes-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXfixes-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXfixes-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXfixes-x86-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXfixes-7.4-1.16.1 xorg-x11-libXfixes-devel-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXfixes-32bit-7.4-1.16.1 References: http://support.novell.com/security/cve/CVE-2013-1983.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821667 http://download.novell.com/patch/finder/?keywords=f00e57d4e83124293883c5eb13495c03 From sle-security-updates at lists.suse.com Fri Jun 28 08:04:20 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 16:04:20 +0200 (CEST) Subject: SUSE-SU-2013:1098-1: moderate: Security update for Mesa Message-ID: <20130628140420.EBD4732139@maintenance.suse.de> SUSE Security Update: Security update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1098-1 Rating: moderate References: #815451 #821855 Cross-References: CVE-2013-1993 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of Mesa fixes multiple integer overflows. Security Issue reference: * CVE-2013-1993 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-Mesa-7805 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-Mesa-7805 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-Mesa-7805 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-Mesa-7805 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): Mesa-devel-7.11.2-0.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): Mesa-devel-32bit-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): Mesa-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): Mesa-32bit-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): Mesa-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): Mesa-32bit-7.11.2-0.9.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): Mesa-x86-7.11.2-0.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): Mesa-7.11.2-0.9.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): Mesa-32bit-7.11.2-0.9.1 References: http://support.novell.com/security/cve/CVE-2013-1993.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821855 http://download.novell.com/patch/finder/?keywords=4d5a801bc9ddf7dd7e30b344d7210146 From sle-security-updates at lists.suse.com Fri Jun 28 08:04:25 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 16:04:25 +0200 (CEST) Subject: SUSE-SU-2013:1099-1: moderate: Security update for xorg-x11-libXext Message-ID: <20130628140425.023E03213C@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXext ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1099-1 Rating: moderate References: #815451 #821665 Cross-References: CVE-2013-1982 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXext fixes several integer overflow issues (bnc#815451, bnc#821665, CVE-2013-1982) Security Issue reference: * CVE-2013-1982 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXext-7800 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXext-7800 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXext-7800 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXext-7800 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXext-devel-7.4-1.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXext-devel-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXext-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXext-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXext-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXext-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXext-x86-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXext-7.4-1.18.1 xorg-x11-libXext-devel-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXext-32bit-7.4-1.18.1 References: http://support.novell.com/security/cve/CVE-2013-1982.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821665 http://download.novell.com/patch/finder/?keywords=cba7da3f4f032fc302bbe5d590336cda From sle-security-updates at lists.suse.com Fri Jun 28 10:04:10 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 18:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1100-1: moderate: Security update for xorg-x11-libX11 Message-ID: <20130628160410.A6F9C3213D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1100-1 Rating: moderate References: #815451 #821664 Cross-References: CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update of xorg-x11-libX11 fixes several security issues (bnc#815451, bnc#821664). Security Issue references: * CVE-2013-1981 * CVE-2013-1997 * CVE-2013-2004 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libX11-7842 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libX11-7842 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libX11-7842 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libX11-7842 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libX11-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libX11-32bit-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.11.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libX11-x86-7.4-5.11.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libX11-7.4-5.11.11.1 xorg-x11-libX11-devel-7.4-5.11.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libX11-32bit-7.4-5.11.11.1 References: http://support.novell.com/security/cve/CVE-2013-1981.html http://support.novell.com/security/cve/CVE-2013-1997.html http://support.novell.com/security/cve/CVE-2013-2004.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821664 http://download.novell.com/patch/finder/?keywords=573b836e9cf1967d6abb379c25a9952d From sle-security-updates at lists.suse.com Fri Jun 28 10:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 18:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1101-1: moderate: Security update for xorg-x11-libXt Message-ID: <20130628160414.ADB423213D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXt ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1101-1 Rating: moderate References: #815451 #821670 Cross-References: CVE-2013-2002 CVE-2013-2005 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of xorg-x11-libXt fixes several integer and buffer overflow issues (bnc#815451, bnc#821670, CVE-2013-2002, CVE-2013-2005). Security Issue references: * CVE-2013-2002 * CVE-2013-2005 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXt-7823 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXt-7823 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXt-7823 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXt-7823 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXt-devel-7.4-1.19.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXt-devel-32bit-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXt-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXt-32bit-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXt-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXt-32bit-7.4-1.19.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXt-x86-7.4-1.19.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXt-7.4-1.19.1 xorg-x11-libXt-devel-7.4-1.19.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXt-32bit-7.4-1.19.1 References: http://support.novell.com/security/cve/CVE-2013-2002.html http://support.novell.com/security/cve/CVE-2013-2005.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821670 http://download.novell.com/patch/finder/?keywords=00bfbc86ed2314dee9a8f4889ed16f89 From sle-security-updates at lists.suse.com Fri Jun 28 10:04:18 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 18:04:18 +0200 (CEST) Subject: SUSE-SU-2013:1102-1: moderate: Security update for xorg-x11-libXp Message-ID: <20130628160418.BDA363213D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXp ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1102-1 Rating: moderate References: #815451 #821668 Cross-References: CVE-2013-2062 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xorg-x11-libXp fixes several integer overflow issues (bnc#815451, bnc#821668, CVE-2013-2062). Security Issue reference: * CVE-2013-2062 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXp-7844 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXp-7844 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXp-7844 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXp-7844 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXp-devel-7.4-1.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXp-devel-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXp-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXp-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXp-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXp-32bit-7.4-1.18.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXp-x86-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXp-7.4-1.18.1 xorg-x11-libXp-devel-7.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXp-32bit-7.4-1.18.1 References: http://support.novell.com/security/cve/CVE-2013-2062.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821668 http://download.novell.com/patch/finder/?keywords=24a70c2d18b66d27689cf7ea1ee0dfac From sle-security-updates at lists.suse.com Fri Jun 28 10:04:22 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 18:04:22 +0200 (CEST) Subject: SUSE-SU-2013:1103-1: moderate: Security update for xorg-x11-libs Message-ID: <20130628160422.6BD3F3213D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libs ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1103-1 Rating: moderate References: #815451 #821663 Cross-References: CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1988 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1996 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2003 CVE-2013-2063 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update of xorg-x11-libs fixes several integer and buffer overflow issues (bnc#815451, bnc#821663). Security Issue references: * CVE-2013-1984 * CVE-2013-1985 * CVE-2013-1986 * CVE-2013-1988 * CVE-2013-1990 * CVE-2013-1991 * CVE-2013-1992 * CVE-2013-1995 * CVE-2013-1996 * CVE-2013-1998 * CVE-2013-1999 * CVE-2013-2000 * CVE-2013-2001 * CVE-2013-2003 * CVE-2013-2063 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-devel-7846 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-devel-7846 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-devel-7846 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-devel-7846 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-devel-7.4-8.26.36.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-devel-32bit-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libs-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libs-32bit-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libs-32bit-7.4-8.26.36.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libs-x86-7.4-8.26.36.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-devel-7.4-8.26.36.1 xorg-x11-libs-7.4-8.26.36.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libs-32bit-7.4-8.26.36.1 References: http://support.novell.com/security/cve/CVE-2013-1984.html http://support.novell.com/security/cve/CVE-2013-1985.html http://support.novell.com/security/cve/CVE-2013-1986.html http://support.novell.com/security/cve/CVE-2013-1988.html http://support.novell.com/security/cve/CVE-2013-1990.html http://support.novell.com/security/cve/CVE-2013-1991.html http://support.novell.com/security/cve/CVE-2013-1992.html http://support.novell.com/security/cve/CVE-2013-1995.html http://support.novell.com/security/cve/CVE-2013-1996.html http://support.novell.com/security/cve/CVE-2013-1998.html http://support.novell.com/security/cve/CVE-2013-1999.html http://support.novell.com/security/cve/CVE-2013-2000.html http://support.novell.com/security/cve/CVE-2013-2001.html http://support.novell.com/security/cve/CVE-2013-2003.html http://support.novell.com/security/cve/CVE-2013-2063.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821663 http://download.novell.com/patch/finder/?keywords=2b0c37d1a8beb0af8c31c6e5efaa35d4 From sle-security-updates at lists.suse.com Fri Jun 28 11:04:14 2013 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Jun 2013 19:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1104-1: moderate: Security update for xorg-x11-libXv Message-ID: <20130628170414.B81DF3213D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libXv ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1104-1 Rating: moderate References: #815451 #821671 Cross-References: CVE-2013-1989 CVE-2013-2066 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of xorg-x11-libXv fixes several integer and buffer overflow issues (bnc#815451, bnc#821671, CVE-2013-1989, CVE-2013-2066). Security Issue references: * CVE-2013-1989 * CVE-2013-2066 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-libXv-7825 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-libXv-7825 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-libXv-7825 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-libXv-7825 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXv-devel-7.4-1.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXv-devel-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-libXv-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): xorg-x11-libXv-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libXv-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): xorg-x11-libXv-32bit-7.4-1.16.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): xorg-x11-libXv-x86-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-libXv-7.4-1.16.1 xorg-x11-libXv-devel-7.4-1.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xorg-x11-libXv-32bit-7.4-1.16.1 References: http://support.novell.com/security/cve/CVE-2013-1989.html http://support.novell.com/security/cve/CVE-2013-2066.html https://bugzilla.novell.com/815451 https://bugzilla.novell.com/821671 http://download.novell.com/patch/finder/?keywords=5a1c2236da98dbe6e2394cfd8e607704