From sle-security-updates at lists.suse.com Thu Jan 2 14:04:10 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jan 2014 22:04:10 +0100 (CET) Subject: SUSE-SU-2014:0002-1: moderate: Security update for curl Message-ID: <20140102210410.B0B1732149@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0002-1 Rating: moderate References: #810760 #849596 Cross-References: CVE-2013-4545 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following security issues with curl: * bnc#849596: ssl cert checks with unclear behaviour (CVE-2013-4545) * bnc#810760: wrap tftp sequence number, fixes large files transfer Security Issue reference: * CVE-2013-4545 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-8621 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-curl-8621 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-curl-8621 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-curl-8621 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-curl-8621 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.29.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): curl-7.19.7-1.20.29.1 libcurl4-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libcurl4-32bit-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.20.29.1 libcurl4-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libcurl4-x86-7.19.7-1.20.29.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): curl-7.19.7-1.20.29.1 libcurl4-7.19.7-1.20.29.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libcurl4-32bit-7.19.7-1.20.29.1 References: http://support.novell.com/security/cve/CVE-2013-4545.html https://bugzilla.novell.com/810760 https://bugzilla.novell.com/849596 http://download.novell.com/patch/finder/?keywords=035dfe55bda2e3e09951a60bb82ba296 From sle-security-updates at lists.suse.com Thu Jan 2 15:04:26 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jan 2014 23:04:26 +0100 (CET) Subject: SUSE-SU-2014:0004-1: moderate: Security update for curl Message-ID: <20140102220426.D7E8832149@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0004-1 Rating: moderate References: #849596 Cross-References: CVE-2013-4545 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issues with curl: * bnc#849596: ssl cert checks with unclear behaviour (CVE-2013-4545) Security Issue reference: * CVE-2013-4545 Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-curl-8617 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-curl-8617 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-curl-8617 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-curl-8617 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): curl-7.19.7-1.30.1 libcurl4-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libcurl4-32bit-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.30.1 libcurl4-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libcurl4-x86-7.19.7-1.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): curl-7.19.7-1.30.1 libcurl4-7.19.7-1.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libcurl4-32bit-7.19.7-1.30.1 References: http://support.novell.com/security/cve/CVE-2013-4545.html https://bugzilla.novell.com/849596 http://download.novell.com/patch/finder/?keywords=6696ea7568dc85f57f47a079047688a4 From sle-security-updates at lists.suse.com Mon Jan 6 08:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jan 2014 16:04:11 +0100 (CET) Subject: SUSE-SU-2014:0022-1: important: Security update for WebYaST Message-ID: <20140106150411.0ACC232052@maintenance.suse.de> SUSE Security Update: Security update for WebYaST ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0022-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: WebYaST 1.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: In the past WebYAST was installed with world readable secret tokens. Although these were modified on the start of the webyast service and so could not be read from remote, it was possible for local attackers on the same machine to read the secrets and so gain local root access via the webyast services. This has been fixed. (CVE-2013-3709) Security Issue reference: * CVE-2013-3709 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.2: zypper in -t patch slewyst12-webyast-base-ui-8706 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.2 (noarch) [New Version: 0.2.64]: webyast-base-ui-0.2.64-0.3.1 webyast-base-ui-branding-default-0.2.64-0.3.1 webyast-base-ui-testsuite-0.2.64-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116 http://download.novell.com/patch/finder/?keywords=af7e4362e22d530ab6e447346f0afdfb From sle-security-updates at lists.suse.com Mon Jan 6 16:04:18 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jan 2014 00:04:18 +0100 (CET) Subject: SUSE-SU-2014:0023-1: moderate: Security update for pixman Message-ID: <20140106230418.427603205D@maintenance.suse.de> SUSE Security Update: Security update for pixman ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0023-1 Rating: moderate References: #853824 Cross-References: CVE-2013-6425 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpixman-1-0-8697 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libpixman-1-0-8701 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpixman-1-0-8697 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpixman-1-0-8697 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libpixman-1-0-8701 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libpixman-1-0-8701 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpixman-1-0-8697 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libpixman-1-0-8701 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-devel-0.24.4-0.15.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-devel-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpixman-1-0-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpixman-1-0-32bit-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpixman-1-0-32bit-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpixman-1-0-x86-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libpixman-1-0-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libpixman-1-0-32bit-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libpixman-1-0-32bit-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libpixman-1-0-x86-0.16.0-1.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpixman-1-0-0.24.4-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpixman-1-0-32bit-0.24.4-0.15.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libpixman-1-0-0.16.0-1.4.1 libpixman-1-0-devel-0.16.0-1.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libpixman-1-0-32bit-0.16.0-1.4.1 References: http://support.novell.com/security/cve/CVE-2013-6425.html https://bugzilla.novell.com/853824 http://download.novell.com/patch/finder/?keywords=1fc79e726107e92e1e2aec08550e036e http://download.novell.com/patch/finder/?keywords=91193a18682bc9249c55cfc64718cdf3 From sle-security-updates at lists.suse.com Mon Jan 6 16:04:33 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jan 2014 00:04:33 +0100 (CET) Subject: SUSE-SU-2014:0024-1: important: Security update for Samba Message-ID: <20140106230433.ACA333205D@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0024-1 Rating: important References: #817880 #838472 #844720 #848101 #849226 #853021 #853347 #854520 Cross-References: CVE-2012-6150 CVE-2013-4408 CVE-2013-4475 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update fixes the following security issues with Samba: * bnc#844720: DCERPC frag_len not checked (CVE-2013-4408) * bnc#853347: winbind pam security problem (CVE-2012-6150) * bnc#848101: No access check verification on stream files (CVE-2013-4475) And fixes the following non-security issues: * bnc#853021: libsmbclient0 package description contains comments * bnc#817880: rpcclient adddriver and setdrive do not set all needed registry entries * bnc#838472: Client trying to delete print job fails: Samba returns: WERR_INVALID_PRINTER_NAME * bnc#854520 and bnc#849226: various upstream fixes Security Issue references: * CVE-2012-6150 * CVE-2013-4408 * CVE-2013-4475 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cifs-mount-8655 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-cifs-mount-8656 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cifs-mount-8655 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cifs-mount-8655 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-cifs-mount-8656 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-cifs-mount-8656 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cifs-mount-8655 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-cifs-mount-8656 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.46.1 libnetapi-devel-3.6.3-0.46.1 libnetapi0-3.6.3-0.46.1 libsmbclient-devel-3.6.3-0.46.1 libsmbsharemodes-devel-3.6.3-0.46.1 libsmbsharemodes0-3.6.3-0.46.1 libtalloc-devel-3.6.3-0.46.1 libtdb-devel-3.6.3-0.46.1 libtevent-devel-3.6.3-0.46.1 libwbclient-devel-3.6.3-0.46.1 samba-devel-3.6.3-0.46.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.33.39.1 libnetapi-devel-3.6.3-0.33.39.1 libnetapi0-3.6.3-0.33.39.1 libsmbclient-devel-3.6.3-0.33.39.1 libsmbsharemodes-devel-3.6.3-0.33.39.1 libsmbsharemodes0-3.6.3-0.33.39.1 libtalloc-devel-3.6.3-0.33.39.1 libtdb-devel-3.6.3-0.33.39.1 libtevent-devel-3.6.3-0.33.39.1 libwbclient-devel-3.6.3-0.33.39.1 samba-devel-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ldapsmb-1.34b-12.46.1 libldb1-3.6.3-0.46.1 libsmbclient0-3.6.3-0.46.1 libtalloc2-3.6.3-0.46.1 libtdb1-3.6.3-0.46.1 libtevent0-3.6.3-0.46.1 libwbclient0-3.6.3-0.46.1 samba-3.6.3-0.46.1 samba-client-3.6.3-0.46.1 samba-krb-printing-3.6.3-0.46.1 samba-winbind-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.46.1 libtalloc2-32bit-3.6.3-0.46.1 libtdb1-32bit-3.6.3-0.46.1 libtevent0-32bit-3.6.3-0.46.1 libwbclient0-32bit-3.6.3-0.46.1 samba-32bit-3.6.3-0.46.1 samba-client-32bit-3.6.3-0.46.1 samba-winbind-32bit-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): samba-doc-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.46.1 libldb1-3.6.3-0.46.1 libsmbclient0-3.6.3-0.46.1 libtalloc2-3.6.3-0.46.1 libtdb1-3.6.3-0.46.1 libtevent0-3.6.3-0.46.1 libwbclient0-3.6.3-0.46.1 samba-3.6.3-0.46.1 samba-client-3.6.3-0.46.1 samba-krb-printing-3.6.3-0.46.1 samba-winbind-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.46.1 libtalloc2-32bit-3.6.3-0.46.1 libtdb1-32bit-3.6.3-0.46.1 libtevent0-32bit-3.6.3-0.46.1 libwbclient0-32bit-3.6.3-0.46.1 samba-32bit-3.6.3-0.46.1 samba-client-32bit-3.6.3-0.46.1 samba-winbind-32bit-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): samba-doc-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsmbclient0-x86-3.6.3-0.46.1 libtalloc2-x86-3.6.3-0.46.1 libtdb1-x86-3.6.3-0.46.1 libwbclient0-x86-3.6.3-0.46.1 samba-client-x86-3.6.3-0.46.1 samba-winbind-x86-3.6.3-0.46.1 samba-x86-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ldapsmb-1.34b-12.33.39.1 libldb1-3.6.3-0.33.39.1 libsmbclient0-3.6.3-0.33.39.1 libtalloc1-3.4.3-1.50.1 libtalloc2-3.6.3-0.33.39.1 libtdb1-3.6.3-0.33.39.1 libtevent0-3.6.3-0.33.39.1 libwbclient0-3.6.3-0.33.39.1 samba-3.6.3-0.33.39.1 samba-client-3.6.3-0.33.39.1 samba-krb-printing-3.6.3-0.33.39.1 samba-winbind-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.33.39.1 libtalloc1-32bit-3.4.3-1.50.1 libtalloc2-32bit-3.6.3-0.33.39.1 libtdb1-32bit-3.6.3-0.33.39.1 libtevent0-32bit-3.6.3-0.33.39.1 libwbclient0-32bit-3.6.3-0.33.39.1 samba-32bit-3.6.3-0.33.39.1 samba-client-32bit-3.6.3-0.33.39.1 samba-winbind-32bit-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): samba-doc-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.33.39.1 libldb1-3.6.3-0.33.39.1 libsmbclient0-3.6.3-0.33.39.1 libtalloc1-3.4.3-1.50.1 libtalloc2-3.6.3-0.33.39.1 libtdb1-3.6.3-0.33.39.1 libtevent0-3.6.3-0.33.39.1 libwbclient0-3.6.3-0.33.39.1 samba-3.6.3-0.33.39.1 samba-client-3.6.3-0.33.39.1 samba-krb-printing-3.6.3-0.33.39.1 samba-winbind-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.33.39.1 libtalloc1-32bit-3.4.3-1.50.1 libtalloc2-32bit-3.6.3-0.33.39.1 libtdb1-32bit-3.6.3-0.33.39.1 libtevent0-32bit-3.6.3-0.33.39.1 libwbclient0-32bit-3.6.3-0.33.39.1 samba-32bit-3.6.3-0.33.39.1 samba-client-32bit-3.6.3-0.33.39.1 samba-winbind-32bit-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): samba-doc-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libsmbclient0-x86-3.6.3-0.33.39.1 libtalloc1-x86-3.4.3-1.50.1 libtalloc2-x86-3.6.3-0.33.39.1 libtdb1-x86-3.6.3-0.33.39.1 libwbclient0-x86-3.6.3-0.33.39.1 samba-client-x86-3.6.3-0.33.39.1 samba-winbind-x86-3.6.3-0.33.39.1 samba-x86-3.6.3-0.33.39.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libldb1-3.6.3-0.46.1 libsmbclient0-3.6.3-0.46.1 libtalloc2-3.6.3-0.46.1 libtdb1-3.6.3-0.46.1 libtevent0-3.6.3-0.46.1 libwbclient0-3.6.3-0.46.1 samba-3.6.3-0.46.1 samba-client-3.6.3-0.46.1 samba-krb-printing-3.6.3-0.46.1 samba-winbind-3.6.3-0.46.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libldb1-32bit-3.6.3-0.46.1 libsmbclient0-32bit-3.6.3-0.46.1 libtalloc2-32bit-3.6.3-0.46.1 libtdb1-32bit-3.6.3-0.46.1 libtevent0-32bit-3.6.3-0.46.1 libwbclient0-32bit-3.6.3-0.46.1 samba-32bit-3.6.3-0.46.1 samba-client-32bit-3.6.3-0.46.1 samba-winbind-32bit-3.6.3-0.46.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): samba-doc-3.6.3-0.46.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libldb1-3.6.3-0.33.39.1 libsmbclient0-3.6.3-0.33.39.1 libtalloc1-3.4.3-1.50.1 libtalloc2-3.6.3-0.33.39.1 libtdb1-3.6.3-0.33.39.1 libtevent0-3.6.3-0.33.39.1 libwbclient0-3.6.3-0.33.39.1 samba-3.6.3-0.33.39.1 samba-client-3.6.3-0.33.39.1 samba-krb-printing-3.6.3-0.33.39.1 samba-winbind-3.6.3-0.33.39.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libldb1-32bit-3.6.3-0.33.39.1 libsmbclient0-32bit-3.6.3-0.33.39.1 libtalloc1-32bit-3.4.3-1.50.1 libtalloc2-32bit-3.6.3-0.33.39.1 libtdb1-32bit-3.6.3-0.33.39.1 libtevent0-32bit-3.6.3-0.33.39.1 libwbclient0-32bit-3.6.3-0.33.39.1 samba-32bit-3.6.3-0.33.39.1 samba-client-32bit-3.6.3-0.33.39.1 samba-winbind-32bit-3.6.3-0.33.39.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): samba-doc-3.6.3-0.33.39.1 References: http://support.novell.com/security/cve/CVE-2012-6150.html http://support.novell.com/security/cve/CVE-2013-4408.html http://support.novell.com/security/cve/CVE-2013-4475.html https://bugzilla.novell.com/817880 https://bugzilla.novell.com/838472 https://bugzilla.novell.com/844720 https://bugzilla.novell.com/848101 https://bugzilla.novell.com/849226 https://bugzilla.novell.com/853021 https://bugzilla.novell.com/853347 https://bugzilla.novell.com/854520 http://download.novell.com/patch/finder/?keywords=7c9c4ddeaf5362a86442d4bcd791d030 http://download.novell.com/patch/finder/?keywords=8c60b7480fc521d7eeb322955b387165 From sle-security-updates at lists.suse.com Mon Jan 6 17:04:10 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jan 2014 01:04:10 +0100 (CET) Subject: SUSE-SU-2014:0025-1: important: Security update for openssl-certs Message-ID: <20140107000410.D427D3205C@maintenance.suse.de> SUSE Security Update: Security update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0025-1 Rating: important References: #796628 #854367 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: openssl-certs was updated with the current certificate data available from mozilla.org. Changes: * Updated certificates to revision 1.95 Distrust a sub-ca that issued google.com certificates. "Distrusted AC DG Tresor SSL" (bnc#854367) Many CA updates from Mozilla: * new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt server auth, code signing, email signing * new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt server auth, code signing, email signing * new: China_Internet_Network_Information_Center_EV_Certificates_Ro ot:2.4.72.159.0.1.crt server auth * changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr t removed code signing and server auth abilities * changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c rt removed code signing and server auth abilities * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt server auth * new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server auth * removed: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102. crt * new: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248. crt * removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt * new: PSCProcert:2.1.11.crt server auth, code signing, email signing * new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124 .74.30.90.24.103.182.crt server auth, code signing, email signing * new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141. 253.16.29.4.31.118.202.88.crt server auth, code signing * changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51 .21.2.228.108.244.crt removed all abilities * new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt server auth, code signing * changed: TWCA_Root_Certification_Authority:2.1.1.crt added code signing ability * new "EE Certification Centre Root CA" * new "T-TeleSec GlobalRoot Class 3" * revoke mis-issued intermediate CAs from TURKTRUST. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-openssl-certs-8682 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-openssl-certs-8682 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openssl-certs-8681 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openssl-certs-8681 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-openssl-certs-8682 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-openssl-certs-8681 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 References: https://bugzilla.novell.com/796628 https://bugzilla.novell.com/854367 http://download.novell.com/patch/finder/?keywords=01d9e4cf8922756e2ff6eda21c67ab47 http://download.novell.com/patch/finder/?keywords=614f90966ba2255b839d3ad76b087c11 From sle-security-updates at lists.suse.com Mon Jan 13 12:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Jan 2014 20:04:11 +0100 (CET) Subject: SUSE-SU-2014:0050-1: moderate: Security update for lighttpd Message-ID: <20140113190411.48B1E3214F@maintenance.suse.de> SUSE Security Update: Security update for lighttpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0050-1 Rating: moderate References: #801071 #850468 #850469 Cross-References: CVE-2013-4560 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: lighthttpd received fixes for the following security issues: * CVE-2013-4559: lighttpd did not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might have caused lighttpd to run as root if it is restarted and allowed remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. * CVE-2013-4560: Use-after-free vulnerability in lighttpd allowed remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. * CVE-2011-1473: Added support for disabling client side initiated renegotation to avoid potential computational denial of service (unbalanced computation efforts server vs client). Security Issue reference: * CVE-2013-4559 * CVE-2013-4560 * CVE-2011-1473 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-lighttpd-8645 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-lighttpd-8644 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-lighttpd-8645 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-lighttpd-8644 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.52.1 lighttpd-mod_cml-1.4.20-2.52.1 lighttpd-mod_magnet-1.4.20-2.52.1 lighttpd-mod_mysql_vhost-1.4.20-2.52.1 lighttpd-mod_rrdtool-1.4.20-2.52.1 lighttpd-mod_trigger_b4_dl-1.4.20-2.52.1 lighttpd-mod_webdav-1.4.20-2.52.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.52.1 lighttpd-mod_cml-1.4.20-2.52.1 lighttpd-mod_magnet-1.4.20-2.52.1 lighttpd-mod_mysql_vhost-1.4.20-2.52.1 lighttpd-mod_rrdtool-1.4.20-2.52.1 lighttpd-mod_trigger_b4_dl-1.4.20-2.52.1 lighttpd-mod_webdav-1.4.20-2.52.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.52.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.52.1 References: http://support.novell.com/security/cve/CVE-2013-4560.html https://bugzilla.novell.com/801071 https://bugzilla.novell.com/850468 https://bugzilla.novell.com/850469 http://download.novell.com/patch/finder/?keywords=bfe99f3db932bd71cf3b8413b2374ba5 http://download.novell.com/patch/finder/?keywords=def7a5cbed6ad6036f50fdb5d6eb8ffd From sle-security-updates at lists.suse.com Mon Jan 13 15:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Jan 2014 23:04:11 +0100 (CET) Subject: SUSE-SU-2014:0051-1: moderate: Security update for xorg-x11-server Message-ID: <20140113220411.5AA2B32149@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0051-1 Rating: moderate References: #853846 Cross-References: CVE-2013-6424 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with xorg-x11-server: * bnc#853846: integer underflow when handling trapezoids (CVE-2013-6424) Security Issue reference: * CVE-2013-6424 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-Xvnc-8687 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-Xvnc-8687 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-Xvnc-8687 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-Xvnc-8687 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.85.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.85.1 xorg-x11-server-7.4-27.85.1 xorg-x11-server-extra-7.4-27.85.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.85.1 xorg-x11-server-7.4-27.85.1 xorg-x11-server-extra-7.4-27.85.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-Xvnc-7.4-27.85.1 xorg-x11-server-7.4-27.85.1 xorg-x11-server-extra-7.4-27.85.1 References: http://support.novell.com/security/cve/CVE-2013-6424.html https://bugzilla.novell.com/853846 http://download.novell.com/patch/finder/?keywords=9d5f8559d9c8c32f4040ba7c821ce013 From sle-security-updates at lists.suse.com Tue Jan 14 10:04:10 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Jan 2014 18:04:10 +0100 (CET) Subject: SUSE-SU-2014:0061-1: moderate: Security update for python-suds Message-ID: <20140114170410.A083E320E8@maintenance.suse.de> SUSE Security Update: Security update for python-suds ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0061-1 Rating: moderate References: #827568 Cross-References: CVE-2013-2217 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with python-suds: * Insecure temporary directory use when initializing file-based URL cache (CVE-2013-2217). Security Issue reference: * CVE-2013-2217 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-python-suds-8629 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64): python-suds-0.4-0.18.1 References: http://support.novell.com/security/cve/CVE-2013-2217.html https://bugzilla.novell.com/827568 http://download.novell.com/patch/finder/?keywords=64ff5afe4a2a9fd9ee28d2024fb47e4e From sle-security-updates at lists.suse.com Tue Jan 14 10:04:25 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Jan 2014 18:04:25 +0100 (CET) Subject: SUSE-SU-2014:0051-2: moderate: Security update for xorg-x11-server Message-ID: <20140114170425.6AC1F320E8@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0051-2 Rating: moderate References: #853846 Cross-References: CVE-2013-6424 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with xorg-x11-server: * bnc#853846: integer underflow when handling trapezoids (CVE-2013-6424) Security Issue reference: * CVE-2013-6424 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-Xvnc-8686 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-Xvnc-8686 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-Xvnc-8686 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-Xvnc-8686 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.70.76.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.76.1 xorg-x11-server-7.4-27.70.76.1 xorg-x11-server-extra-7.4-27.70.76.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.70.76.1 xorg-x11-server-7.4-27.70.76.1 xorg-x11-server-extra-7.4-27.70.76.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.76.1 xorg-x11-server-7.4-27.70.76.1 xorg-x11-server-extra-7.4-27.70.76.1 References: http://support.novell.com/security/cve/CVE-2013-6424.html https://bugzilla.novell.com/853846 http://download.novell.com/patch/finder/?keywords=22374bf939aee384066e9c9124ef3ba0 From sle-security-updates at lists.suse.com Tue Jan 14 12:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Jan 2014 20:04:11 +0100 (CET) Subject: SUSE-SU-2014:0062-1: moderate: Security update for PHP5 Message-ID: <20140114190411.BC387320F3@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0062-1 Rating: moderate References: #837746 #854880 Cross-References: CVE-2013-4248 CVE-2013-6420 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 * CVE-2013-4248 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php5-8710 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php5-8710 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php5-8710 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php5-devel-5.2.14-0.7.30.50.1 php5-imap-5.2.14-0.7.30.50.1 php5-ncurses-5.2.14-0.7.30.50.1 php5-posix-5.2.14-0.7.30.50.1 php5-readline-5.2.14-0.7.30.50.1 php5-sockets-5.2.14-0.7.30.50.1 php5-sqlite-5.2.14-0.7.30.50.1 php5-tidy-5.2.14-0.7.30.50.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): apache2-mod_php5-5.2.14-0.7.30.50.1 php5-5.2.14-0.7.30.50.1 php5-bcmath-5.2.14-0.7.30.50.1 php5-bz2-5.2.14-0.7.30.50.1 php5-calendar-5.2.14-0.7.30.50.1 php5-ctype-5.2.14-0.7.30.50.1 php5-curl-5.2.14-0.7.30.50.1 php5-dba-5.2.14-0.7.30.50.1 php5-dbase-5.2.14-0.7.30.50.1 php5-dom-5.2.14-0.7.30.50.1 php5-exif-5.2.14-0.7.30.50.1 php5-fastcgi-5.2.14-0.7.30.50.1 php5-ftp-5.2.14-0.7.30.50.1 php5-gd-5.2.14-0.7.30.50.1 php5-gettext-5.2.14-0.7.30.50.1 php5-gmp-5.2.14-0.7.30.50.1 php5-hash-5.2.14-0.7.30.50.1 php5-iconv-5.2.14-0.7.30.50.1 php5-json-5.2.14-0.7.30.50.1 php5-ldap-5.2.14-0.7.30.50.1 php5-mbstring-5.2.14-0.7.30.50.1 php5-mcrypt-5.2.14-0.7.30.50.1 php5-mysql-5.2.14-0.7.30.50.1 php5-odbc-5.2.14-0.7.30.50.1 php5-openssl-5.2.14-0.7.30.50.1 php5-pcntl-5.2.14-0.7.30.50.1 php5-pdo-5.2.14-0.7.30.50.1 php5-pear-5.2.14-0.7.30.50.1 php5-pgsql-5.2.14-0.7.30.50.1 php5-pspell-5.2.14-0.7.30.50.1 php5-shmop-5.2.14-0.7.30.50.1 php5-snmp-5.2.14-0.7.30.50.1 php5-soap-5.2.14-0.7.30.50.1 php5-suhosin-5.2.14-0.7.30.50.1 php5-sysvmsg-5.2.14-0.7.30.50.1 php5-sysvsem-5.2.14-0.7.30.50.1 php5-sysvshm-5.2.14-0.7.30.50.1 php5-tokenizer-5.2.14-0.7.30.50.1 php5-wddx-5.2.14-0.7.30.50.1 php5-xmlreader-5.2.14-0.7.30.50.1 php5-xmlrpc-5.2.14-0.7.30.50.1 php5-xmlwriter-5.2.14-0.7.30.50.1 php5-xsl-5.2.14-0.7.30.50.1 php5-zip-5.2.14-0.7.30.50.1 php5-zlib-5.2.14-0.7.30.50.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php5-5.2.14-0.7.30.50.1 php5-5.2.14-0.7.30.50.1 php5-bcmath-5.2.14-0.7.30.50.1 php5-bz2-5.2.14-0.7.30.50.1 php5-calendar-5.2.14-0.7.30.50.1 php5-ctype-5.2.14-0.7.30.50.1 php5-curl-5.2.14-0.7.30.50.1 php5-dba-5.2.14-0.7.30.50.1 php5-dbase-5.2.14-0.7.30.50.1 php5-dom-5.2.14-0.7.30.50.1 php5-exif-5.2.14-0.7.30.50.1 php5-fastcgi-5.2.14-0.7.30.50.1 php5-ftp-5.2.14-0.7.30.50.1 php5-gd-5.2.14-0.7.30.50.1 php5-gettext-5.2.14-0.7.30.50.1 php5-gmp-5.2.14-0.7.30.50.1 php5-hash-5.2.14-0.7.30.50.1 php5-iconv-5.2.14-0.7.30.50.1 php5-json-5.2.14-0.7.30.50.1 php5-ldap-5.2.14-0.7.30.50.1 php5-mbstring-5.2.14-0.7.30.50.1 php5-mcrypt-5.2.14-0.7.30.50.1 php5-mysql-5.2.14-0.7.30.50.1 php5-odbc-5.2.14-0.7.30.50.1 php5-openssl-5.2.14-0.7.30.50.1 php5-pcntl-5.2.14-0.7.30.50.1 php5-pdo-5.2.14-0.7.30.50.1 php5-pear-5.2.14-0.7.30.50.1 php5-pgsql-5.2.14-0.7.30.50.1 php5-pspell-5.2.14-0.7.30.50.1 php5-shmop-5.2.14-0.7.30.50.1 php5-snmp-5.2.14-0.7.30.50.1 php5-soap-5.2.14-0.7.30.50.1 php5-suhosin-5.2.14-0.7.30.50.1 php5-sysvmsg-5.2.14-0.7.30.50.1 php5-sysvsem-5.2.14-0.7.30.50.1 php5-sysvshm-5.2.14-0.7.30.50.1 php5-tokenizer-5.2.14-0.7.30.50.1 php5-wddx-5.2.14-0.7.30.50.1 php5-xmlreader-5.2.14-0.7.30.50.1 php5-xmlrpc-5.2.14-0.7.30.50.1 php5-xmlwriter-5.2.14-0.7.30.50.1 php5-xsl-5.2.14-0.7.30.50.1 php5-zip-5.2.14-0.7.30.50.1 php5-zlib-5.2.14-0.7.30.50.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php5-5.2.14-0.7.30.50.1 php5-5.2.14-0.7.30.50.1 php5-bcmath-5.2.14-0.7.30.50.1 php5-bz2-5.2.14-0.7.30.50.1 php5-calendar-5.2.14-0.7.30.50.1 php5-ctype-5.2.14-0.7.30.50.1 php5-curl-5.2.14-0.7.30.50.1 php5-dba-5.2.14-0.7.30.50.1 php5-dbase-5.2.14-0.7.30.50.1 php5-dom-5.2.14-0.7.30.50.1 php5-exif-5.2.14-0.7.30.50.1 php5-fastcgi-5.2.14-0.7.30.50.1 php5-ftp-5.2.14-0.7.30.50.1 php5-gd-5.2.14-0.7.30.50.1 php5-gettext-5.2.14-0.7.30.50.1 php5-gmp-5.2.14-0.7.30.50.1 php5-hash-5.2.14-0.7.30.50.1 php5-iconv-5.2.14-0.7.30.50.1 php5-json-5.2.14-0.7.30.50.1 php5-ldap-5.2.14-0.7.30.50.1 php5-mbstring-5.2.14-0.7.30.50.1 php5-mcrypt-5.2.14-0.7.30.50.1 php5-mysql-5.2.14-0.7.30.50.1 php5-odbc-5.2.14-0.7.30.50.1 php5-openssl-5.2.14-0.7.30.50.1 php5-pcntl-5.2.14-0.7.30.50.1 php5-pdo-5.2.14-0.7.30.50.1 php5-pear-5.2.14-0.7.30.50.1 php5-pgsql-5.2.14-0.7.30.50.1 php5-pspell-5.2.14-0.7.30.50.1 php5-shmop-5.2.14-0.7.30.50.1 php5-snmp-5.2.14-0.7.30.50.1 php5-soap-5.2.14-0.7.30.50.1 php5-suhosin-5.2.14-0.7.30.50.1 php5-sysvmsg-5.2.14-0.7.30.50.1 php5-sysvsem-5.2.14-0.7.30.50.1 php5-sysvshm-5.2.14-0.7.30.50.1 php5-tokenizer-5.2.14-0.7.30.50.1 php5-wddx-5.2.14-0.7.30.50.1 php5-xmlreader-5.2.14-0.7.30.50.1 php5-xmlrpc-5.2.14-0.7.30.50.1 php5-xmlwriter-5.2.14-0.7.30.50.1 php5-xsl-5.2.14-0.7.30.50.1 php5-zip-5.2.14-0.7.30.50.1 php5-zlib-5.2.14-0.7.30.50.1 References: http://support.novell.com/security/cve/CVE-2013-4248.html http://support.novell.com/security/cve/CVE-2013-6420.html https://bugzilla.novell.com/837746 https://bugzilla.novell.com/854880 http://download.novell.com/patch/finder/?keywords=87b01e1c5215269d5c128d2816ac15ed From sle-security-updates at lists.suse.com Tue Jan 14 12:04:35 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Jan 2014 20:04:35 +0100 (CET) Subject: SUSE-SU-2014:0063-1: moderate: Security update for PHP5 Message-ID: <20140114190435.98B2D320F3@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0063-1 Rating: moderate References: #837746 #842676 #853045 #854880 Cross-References: CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 * CVE-2013-6712 * CVE-2013-4248 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_php53-8684 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_php53-8684 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_php53-8684 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-0.17.1 php53-imap-5.3.17-0.17.1 php53-posix-5.3.17-0.17.1 php53-readline-5.3.17-0.17.1 php53-sockets-5.3.17-0.17.1 php53-sqlite-5.3.17-0.17.1 php53-tidy-5.3.17-0.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_php53-5.3.17-0.17.1 php53-5.3.17-0.17.1 php53-bcmath-5.3.17-0.17.1 php53-bz2-5.3.17-0.17.1 php53-calendar-5.3.17-0.17.1 php53-ctype-5.3.17-0.17.1 php53-curl-5.3.17-0.17.1 php53-dba-5.3.17-0.17.1 php53-dom-5.3.17-0.17.1 php53-exif-5.3.17-0.17.1 php53-fastcgi-5.3.17-0.17.1 php53-fileinfo-5.3.17-0.17.1 php53-ftp-5.3.17-0.17.1 php53-gd-5.3.17-0.17.1 php53-gettext-5.3.17-0.17.1 php53-gmp-5.3.17-0.17.1 php53-iconv-5.3.17-0.17.1 php53-intl-5.3.17-0.17.1 php53-json-5.3.17-0.17.1 php53-ldap-5.3.17-0.17.1 php53-mbstring-5.3.17-0.17.1 php53-mcrypt-5.3.17-0.17.1 php53-mysql-5.3.17-0.17.1 php53-odbc-5.3.17-0.17.1 php53-openssl-5.3.17-0.17.1 php53-pcntl-5.3.17-0.17.1 php53-pdo-5.3.17-0.17.1 php53-pear-5.3.17-0.17.1 php53-pgsql-5.3.17-0.17.1 php53-pspell-5.3.17-0.17.1 php53-shmop-5.3.17-0.17.1 php53-snmp-5.3.17-0.17.1 php53-soap-5.3.17-0.17.1 php53-suhosin-5.3.17-0.17.1 php53-sysvmsg-5.3.17-0.17.1 php53-sysvsem-5.3.17-0.17.1 php53-sysvshm-5.3.17-0.17.1 php53-tokenizer-5.3.17-0.17.1 php53-wddx-5.3.17-0.17.1 php53-xmlreader-5.3.17-0.17.1 php53-xmlrpc-5.3.17-0.17.1 php53-xmlwriter-5.3.17-0.17.1 php53-xsl-5.3.17-0.17.1 php53-zip-5.3.17-0.17.1 php53-zlib-5.3.17-0.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-0.17.1 php53-5.3.17-0.17.1 php53-bcmath-5.3.17-0.17.1 php53-bz2-5.3.17-0.17.1 php53-calendar-5.3.17-0.17.1 php53-ctype-5.3.17-0.17.1 php53-curl-5.3.17-0.17.1 php53-dba-5.3.17-0.17.1 php53-dom-5.3.17-0.17.1 php53-exif-5.3.17-0.17.1 php53-fastcgi-5.3.17-0.17.1 php53-fileinfo-5.3.17-0.17.1 php53-ftp-5.3.17-0.17.1 php53-gd-5.3.17-0.17.1 php53-gettext-5.3.17-0.17.1 php53-gmp-5.3.17-0.17.1 php53-iconv-5.3.17-0.17.1 php53-intl-5.3.17-0.17.1 php53-json-5.3.17-0.17.1 php53-ldap-5.3.17-0.17.1 php53-mbstring-5.3.17-0.17.1 php53-mcrypt-5.3.17-0.17.1 php53-mysql-5.3.17-0.17.1 php53-odbc-5.3.17-0.17.1 php53-openssl-5.3.17-0.17.1 php53-pcntl-5.3.17-0.17.1 php53-pdo-5.3.17-0.17.1 php53-pear-5.3.17-0.17.1 php53-pgsql-5.3.17-0.17.1 php53-pspell-5.3.17-0.17.1 php53-shmop-5.3.17-0.17.1 php53-snmp-5.3.17-0.17.1 php53-soap-5.3.17-0.17.1 php53-suhosin-5.3.17-0.17.1 php53-sysvmsg-5.3.17-0.17.1 php53-sysvsem-5.3.17-0.17.1 php53-sysvshm-5.3.17-0.17.1 php53-tokenizer-5.3.17-0.17.1 php53-wddx-5.3.17-0.17.1 php53-xmlreader-5.3.17-0.17.1 php53-xmlrpc-5.3.17-0.17.1 php53-xmlwriter-5.3.17-0.17.1 php53-xsl-5.3.17-0.17.1 php53-zip-5.3.17-0.17.1 php53-zlib-5.3.17-0.17.1 References: http://support.novell.com/security/cve/CVE-2013-4248.html http://support.novell.com/security/cve/CVE-2013-6420.html http://support.novell.com/security/cve/CVE-2013-6712.html https://bugzilla.novell.com/837746 https://bugzilla.novell.com/842676 https://bugzilla.novell.com/853045 https://bugzilla.novell.com/854880 http://download.novell.com/patch/finder/?keywords=2766581a0b71772fb5847e9de0ca1ddd From sle-security-updates at lists.suse.com Tue Jan 14 13:04:09 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Jan 2014 21:04:09 +0100 (CET) Subject: SUSE-SU-2014:0064-1: moderate: Security update for PHP5 Message-ID: <20140114200409.F183C320F3@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0064-1 Rating: moderate References: #854880 Cross-References: CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 * CVE-2013-6712 * CVE-2013-4248 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php53-8683 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php53-8683 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php53-8683 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.8-0.43.1 php53-imap-5.3.8-0.43.1 php53-posix-5.3.8-0.43.1 php53-readline-5.3.8-0.43.1 php53-sockets-5.3.8-0.43.1 php53-sqlite-5.3.8-0.43.1 php53-tidy-5.3.8-0.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php53-5.3.8-0.43.1 php53-5.3.8-0.43.1 php53-bcmath-5.3.8-0.43.1 php53-bz2-5.3.8-0.43.1 php53-calendar-5.3.8-0.43.1 php53-ctype-5.3.8-0.43.1 php53-curl-5.3.8-0.43.1 php53-dba-5.3.8-0.43.1 php53-dom-5.3.8-0.43.1 php53-exif-5.3.8-0.43.1 php53-fastcgi-5.3.8-0.43.1 php53-fileinfo-5.3.8-0.43.1 php53-ftp-5.3.8-0.43.1 php53-gd-5.3.8-0.43.1 php53-gettext-5.3.8-0.43.1 php53-gmp-5.3.8-0.43.1 php53-iconv-5.3.8-0.43.1 php53-intl-5.3.8-0.43.1 php53-json-5.3.8-0.43.1 php53-ldap-5.3.8-0.43.1 php53-mbstring-5.3.8-0.43.1 php53-mcrypt-5.3.8-0.43.1 php53-mysql-5.3.8-0.43.1 php53-odbc-5.3.8-0.43.1 php53-openssl-5.3.8-0.43.1 php53-pcntl-5.3.8-0.43.1 php53-pdo-5.3.8-0.43.1 php53-pear-5.3.8-0.43.1 php53-pgsql-5.3.8-0.43.1 php53-pspell-5.3.8-0.43.1 php53-shmop-5.3.8-0.43.1 php53-snmp-5.3.8-0.43.1 php53-soap-5.3.8-0.43.1 php53-suhosin-5.3.8-0.43.1 php53-sysvmsg-5.3.8-0.43.1 php53-sysvsem-5.3.8-0.43.1 php53-sysvshm-5.3.8-0.43.1 php53-tokenizer-5.3.8-0.43.1 php53-wddx-5.3.8-0.43.1 php53-xmlreader-5.3.8-0.43.1 php53-xmlrpc-5.3.8-0.43.1 php53-xmlwriter-5.3.8-0.43.1 php53-xsl-5.3.8-0.43.1 php53-zip-5.3.8-0.43.1 php53-zlib-5.3.8-0.43.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.8-0.43.1 php53-5.3.8-0.43.1 php53-bcmath-5.3.8-0.43.1 php53-bz2-5.3.8-0.43.1 php53-calendar-5.3.8-0.43.1 php53-ctype-5.3.8-0.43.1 php53-curl-5.3.8-0.43.1 php53-dba-5.3.8-0.43.1 php53-dom-5.3.8-0.43.1 php53-exif-5.3.8-0.43.1 php53-fastcgi-5.3.8-0.43.1 php53-fileinfo-5.3.8-0.43.1 php53-ftp-5.3.8-0.43.1 php53-gd-5.3.8-0.43.1 php53-gettext-5.3.8-0.43.1 php53-gmp-5.3.8-0.43.1 php53-iconv-5.3.8-0.43.1 php53-intl-5.3.8-0.43.1 php53-json-5.3.8-0.43.1 php53-ldap-5.3.8-0.43.1 php53-mbstring-5.3.8-0.43.1 php53-mcrypt-5.3.8-0.43.1 php53-mysql-5.3.8-0.43.1 php53-odbc-5.3.8-0.43.1 php53-openssl-5.3.8-0.43.1 php53-pcntl-5.3.8-0.43.1 php53-pdo-5.3.8-0.43.1 php53-pear-5.3.8-0.43.1 php53-pgsql-5.3.8-0.43.1 php53-pspell-5.3.8-0.43.1 php53-shmop-5.3.8-0.43.1 php53-snmp-5.3.8-0.43.1 php53-soap-5.3.8-0.43.1 php53-suhosin-5.3.8-0.43.1 php53-sysvmsg-5.3.8-0.43.1 php53-sysvsem-5.3.8-0.43.1 php53-sysvshm-5.3.8-0.43.1 php53-tokenizer-5.3.8-0.43.1 php53-wddx-5.3.8-0.43.1 php53-xmlreader-5.3.8-0.43.1 php53-xmlrpc-5.3.8-0.43.1 php53-xmlwriter-5.3.8-0.43.1 php53-xsl-5.3.8-0.43.1 php53-zip-5.3.8-0.43.1 php53-zlib-5.3.8-0.43.1 References: http://support.novell.com/security/cve/CVE-2013-4248.html http://support.novell.com/security/cve/CVE-2013-6420.html http://support.novell.com/security/cve/CVE-2013-6712.html https://bugzilla.novell.com/854880 http://download.novell.com/patch/finder/?keywords=8819817181dd7026cfe3ff43214688c6 From sle-security-updates at lists.suse.com Fri Jan 17 11:04:10 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jan 2014 19:04:10 +0100 (CET) Subject: SUSE-SU-2014:0089-1: moderate: Security update for python-keystoneclient Message-ID: <20140117180410.6116432148@maintenance.suse.de> SUSE Security Update: Security update for python-keystoneclient ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0089-1 Rating: moderate References: #824818 #829080 Cross-References: CVE-2013-2166 CVE-2013-2167 CVE-2013-2255 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes the following security issues with python-keystoneclient: * bnc#829080: OpenStack: various SSL hostname checking problems. (CVE-2013-2255) * bnc#824818: Bypass encryption or signing security strategy. (CVE-2013-2166, CVE-2013-2167) Security Issues: * CVE-2013-2255 * CVE-2013-2167 * CVE-2013-2166 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-python-keystoneclient-8619 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64): python-keystoneclient-0.2.3-0.19.1 python-keystoneclient-doc-0.2.3-0.19.1 References: http://support.novell.com/security/cve/CVE-2013-2166.html http://support.novell.com/security/cve/CVE-2013-2167.html http://support.novell.com/security/cve/CVE-2013-2255.html https://bugzilla.novell.com/824818 https://bugzilla.novell.com/829080 http://download.novell.com/patch/finder/?keywords=0eaed759e7a435e4b5bbd29a390653bf From sle-security-updates at lists.suse.com Mon Jan 20 14:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Jan 2014 22:04:11 +0100 (CET) Subject: SUSE-SU-2014:0102-1: moderate: Security update for openstack-glance Message-ID: <20140120210411.6982C32158@maintenance.suse.de> SUSE Security Update: Security update for openstack-glance ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0102-1 Rating: moderate References: #846197 #852600 Cross-References: CVE-2013-4428 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This openstack-glance version update enforces the image_download policy for cached images. CVE-2013-4428 has been assigned to this issue. Security Issue reference: * CVE-2013-4428 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-openstack-glance-8674 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.5.a2.gf4aaf8e]: openstack-glance-2013.1.5.a2.gf4aaf8e-0.7.1 python-glance-2013.1.5.a2.gf4aaf8e-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4428.html https://bugzilla.novell.com/846197 https://bugzilla.novell.com/852600 http://download.novell.com/patch/finder/?keywords=eff99acea3a1f90185eac59915fd3708 From sle-security-updates at lists.suse.com Tue Jan 21 12:04:10 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jan 2014 20:04:10 +0100 (CET) Subject: SUSE-SU-2014:0115-1: moderate: Security update for wireshark Message-ID: <20140121190410.16C8132157@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0115-1 Rating: moderate References: #855980 #856496 #856498 Cross-References: CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: wireshark was updated to security update version 1.8.12, fixing bugs and security issues. * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.htm l Security Issue references: * CVE-2013-7112 * CVE-2013-7113 * CVE-2013-7114 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-wireshark-8709 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-wireshark-8708 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-wireshark-8709 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-wireshark-8709 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-wireshark-8708 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-wireshark-8708 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-wireshark-8709 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-wireshark-8708 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.12]: wireshark-devel-1.8.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.12]: wireshark-devel-1.8.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 References: http://support.novell.com/security/cve/CVE-2013-7112.html http://support.novell.com/security/cve/CVE-2013-7113.html http://support.novell.com/security/cve/CVE-2013-7114.html https://bugzilla.novell.com/855980 https://bugzilla.novell.com/856496 https://bugzilla.novell.com/856498 http://download.novell.com/patch/finder/?keywords=b94c1e7c0199732af659caafafef6d7c http://download.novell.com/patch/finder/?keywords=f0d10203582ba7a6abdae8ec0de87eb2 From sle-security-updates at lists.suse.com Tue Jan 21 12:04:46 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jan 2014 20:04:46 +0100 (CET) Subject: SUSE-SU-2014:0116-1: moderate: Security update for flash-player Message-ID: <20140121190447.00A5D3215A@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0116-1 Rating: moderate References: #858822 Cross-References: CVE-2014-0491 CVE-2014-0492 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update fixes the following security issues with flash-player: * flash-player: security protection bypass (bnc#858822)(APSB14-02) o These updates resolve a vulnerability that could be used to bypass Flash Player security protections (CVE-2014-0491). o These updates resolve an address leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0492). o Ref.: http://helpx.adobe.com/security/products/flash-player/apsb14 -02.html Security Issue references: * CVE-2014-0491 * CVE-2014-0492 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8774 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-8773 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.335]: flash-player-11.2.202.335-0.4.1 flash-player-gnome-11.2.202.335-0.4.1 flash-player-kde4-11.2.202.335-0.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.335]: flash-player-11.2.202.335-0.4.1 flash-player-gnome-11.2.202.335-0.4.1 flash-player-kde4-11.2.202.335-0.4.1 References: http://support.novell.com/security/cve/CVE-2014-0491.html http://support.novell.com/security/cve/CVE-2014-0492.html https://bugzilla.novell.com/858822 http://download.novell.com/patch/finder/?keywords=f52d1952bf6e60475b16a31db971b133 http://download.novell.com/patch/finder/?keywords=fcde8605eb6348521c5fed404b1fa3b5 From sle-security-updates at lists.suse.com Fri Jan 24 22:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 25 Jan 2014 06:04:11 +0100 (CET) Subject: SUSE-SU-2014:0129-1: moderate: Security update for subversion Message-ID: <20140125050411.9BEF932160@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0129-1 Rating: moderate References: #850667 Cross-References: CVE-2013-4505 CVE-2013-4558 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The following issues have been fixed in subversion: * mod_dontdothat did not restrict requests from serf based clients (CVE-2013-4505) * DoS via an assert in mod_dav_svn (CVE-2013-4558) Security Issue references: * CVE-2013-4505 * CVE-2013-4558 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-8770 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-subversion-8771 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-subversion-8770 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.25.1 subversion-devel-1.6.17-1.25.1 subversion-perl-1.6.17-1.25.1 subversion-python-1.6.17-1.25.1 subversion-server-1.6.17-1.25.1 subversion-tools-1.6.17-1.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.25.1 subversion-devel-1.6.17-1.25.1 subversion-perl-1.6.17-1.25.1 subversion-python-1.6.17-1.25.1 subversion-server-1.6.17-1.25.1 subversion-tools-1.6.17-1.25.1 References: http://support.novell.com/security/cve/CVE-2013-4505.html http://support.novell.com/security/cve/CVE-2013-4558.html https://bugzilla.novell.com/850667 http://download.novell.com/patch/finder/?keywords=2049928450e987f08e12a06dc79272fd http://download.novell.com/patch/finder/?keywords=8fb03f08094944d594f078df4a036170 From sle-security-updates at lists.suse.com Fri Jan 24 22:04:28 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 25 Jan 2014 06:04:28 +0100 (CET) Subject: SUSE-SU-2014:0130-1: important: Security update for oracle-update Message-ID: <20140125050428.C7BB232160@maintenance.suse.de> SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0130-1 Rating: important References: #859033 Cross-References: CVE-2013-5764 CVE-2013-5853 CVE-2013-5858 CVE-2014-0377 CVE-2014-0378 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This oracle-server update fixes the issues from the January 2014 Oracle Critical Patch Update: CVE-2013-5858, CVE-2013-5853, CVE-2014-0377, CVE-2013-5764 and CVE-2014-0378. Security Issue references: * CVE-2013-5858 * CVE-2013-5853 * CVE-2014-0377 * CVE-2013-5764 * CVE-2014-0378 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-oracle-update-8816 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): oracle-update-1.7-0.23.1 References: http://support.novell.com/security/cve/CVE-2013-5764.html http://support.novell.com/security/cve/CVE-2013-5853.html http://support.novell.com/security/cve/CVE-2013-5858.html http://support.novell.com/security/cve/CVE-2014-0377.html http://support.novell.com/security/cve/CVE-2014-0378.html https://bugzilla.novell.com/859033 http://download.novell.com/patch/finder/?keywords=b29bf6be21e017ded3464349daae8ab9 From sle-security-updates at lists.suse.com Mon Jan 27 09:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Jan 2014 17:04:11 +0100 (CET) Subject: SUSE-SU-2014:0137-1: moderate: Security update for rubygem-activemodel-3_1 Message-ID: <20140127160411.A582D32166@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activemodel-3_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0137-1 Rating: moderate References: #846239 Cross-References: CVE-2013-4389 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes two new package versions. Description: The Rubygem ActiveModel was updated to version 3.1.4 to fix some bugs: * Small documentation fix in Active Model callbacks module. * Improve cache on route_key lookup. * Fix ActiveModel::Errors#dup. * Ruby 2.0 makes protected methods return false for respond_to, so pass true as the second parameter. Security Issue reference: * CVE-2013-4389 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygem-actionmailer-3_2-8665 slewyst13-rubygem-activesupport-3_2-8669 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-actionmailer-3_2-8665 slestso13-rubygem-activesupport-3_2-8669 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rubygem-actionmailer-3_1-8664 sdksp3-rubygem-activemodel-3_1-8677 sdksp3-rubygem-activesupport-3_1-8668 sdksp3-rubygem-activesupport-3_2-8670 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygem-activesupport-3_2-8669 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-actionmailer-3_2-8665 sleslms13-rubygem-activesupport-3_2-8669 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.2.12]: rubygem-actionmailer-3_2-3.2.12-0.7.3 rubygem-activesupport-3_2-3.2.12-0.7.1 - SUSE Studio Onsite 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionmailer-3_2-3.2.12-0.7.3 rubygem-activesupport-3_2-3.2.12-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.1.4]: rubygem-actionmailer-3_1-3.1.4-0.7.3 rubygem-activemodel-3_1-3.1.4-0.7.1 rubygem-activesupport-3_1-3.1.4-0.7.1 rubygem-activesupport-3_2-3.2.12-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): rubygem-activesupport-3_2-3.2.12-0.7.1 - SUSE Lifecycle Management Server 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionmailer-3_2-3.2.12-0.7.3 rubygem-activesupport-3_2-3.2.12-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4389.html https://bugzilla.novell.com/846239 http://download.novell.com/patch/finder/?keywords=2f5f8746fdd59e317fd670d6992aa769 http://download.novell.com/patch/finder/?keywords=8b56e11bc155aa2e747853d6e5ef6f77 http://download.novell.com/patch/finder/?keywords=96ba098b416c982a0173facf263c7f54 http://download.novell.com/patch/finder/?keywords=a54ac06340589b745aa0713384211b72 http://download.novell.com/patch/finder/?keywords=ac7fe3b0288f63e45fba4cdd477d4a8f http://download.novell.com/patch/finder/?keywords=fd30ac9ae0ce346115ab0e4899f05508 From sle-security-updates at lists.suse.com Mon Jan 27 09:05:06 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Jan 2014 17:05:06 +0100 (CET) Subject: SUSE-SU-2014:0140-1: moderate: Security update for Linux kernel Message-ID: <20140127160506.DFCE232166@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0140-1 Rating: moderate References: #708296 #769644 #787843 #789359 #798050 #806988 #807434 #810323 #813245 #818545 #819979 #820102 #820338 #821980 #823618 #825696 #825896 #826602 #826756 #827767 #828236 #831168 #834473 #834708 #834808 #835074 #835186 #836718 #837739 #838623 #839407 #840226 #841445 #842239 #843419 #843429 #843445 #843642 #843645 #845621 #845729 #846036 #846984 #847261 #848321 #848336 #848544 #848652 #849021 #849029 #849034 #849404 #849675 #849809 #849848 #849950 #850640 #851066 #851101 #851314 #852373 #852558 #852559 #852624 #853050 #853051 #853052 #854546 #854634 #854722 #855037 Cross-References: CVE-2013-4345 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6368 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6463 CVE-2013-7027 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 57 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added: * supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed: * CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) * CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) * CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) * CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) * CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) * CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) * CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) * CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) * CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) * CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) Also the following non-security bugs have been fixed: * kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). * printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). * blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). * x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). * futex: fix handling of read-only-mapped hugepages (VM Functionality). * random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). * Provide realtime priority kthread and workqueue boot options (bnc#836718). * sched: Fix several races in CFS_BANDWIDTH (bnc#848336). * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). * sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). * sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). * sched: Fix buglet in return_cfs_rq_runtime(). * sched: Guarantee new group-entities always have weight (bnc#848336). * sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). * watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). * tcp: bind() fix autoselection to share ports (bnc#823618). * tcp: bind() use stronger condition for bind_conflict (bnc#823618). * tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). * macvlan: disable LRO on lower device instead of macvlan (bnc#846984). * macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). * macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). * xen: netback: bump tx queue length (bnc#849404). * xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). * xen: fixed USB passthrough issue (bnc#852624). * netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). * xfrm: invalidate dst on policy insertion/deletion (bnc#842239). * xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). * crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). * crypto: gf128mul - fix call to memset() (obvious fix). * autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). * autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). * autofs4: close the races around autofs4_notify_daemon() (bnc#851314). * autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). * autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). * autofs4 - fix deal with autofs4_write races (bnc#851314). * autofs4 - use simple_empty() for empty directory check (bnc#851314). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). * dlm: set zero linger time on sctp socket (bnc#787843). * SUNRPC: Fix a data corruption issue when retransmitting RPC calls (bnc#855037) * nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). * nfs: Adapt readdirplus to application usage patterns (bnc#834708). * xfs: Account log unmount transaction correctly (bnc#849950). * xfs: improve ioend error handling (bnc#846036). * xfs: reduce ioend latency (bnc#846036). * xfs: use per-filesystem I/O completion workqueues (bnc#846036). * xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). * vfs: avoid "attempt to access beyond end of device" warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * cifs: Improve performance of browsing directories with several files (bnc#810323). * cifs: Ensure cifs directories do not show up as files (bnc#826602). * sd: avoid deadlocks when running under multipath (bnc#818545). * sd: fix crash when UA received on DIF enabled device (bnc#841445). * sg: fix blk_get_queue usage (bnc#834808). * block: factor out vector mergeable decision to a helper function (bnc#769644). * block: modify __bio_add_page check to accept pages that do not start a new segment (bnc#769644). * dm-multipath: abort all requests when failing a path (bnc#798050). * scsi: Add "eh_deadline" to limit SCSI EH runtime (bnc#798050). * scsi: Allow error handling timeout to be specified (bnc#798050). * scsi: Fixup compilation warning (bnc#798050). * scsi: Retry failfast commands after EH (bnc#798050). * scsi: Warn on invalid command completion (bnc#798050). * scsi: kABI fixes (bnc#798050). * scsi: remove check for "resetting" (bnc#798050). * advansys: Remove "last_reset" references (bnc#798050). * cleanup setting task state in scsi_error_handler() (bnc#798050). * dc395: Move "last_reset" into internal host structure (bnc#798050). * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). * tmscsim: Move "last_reset" into host structure (bnc#798050). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). * scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). * scsi_dh_alua: Evaluate state for all port groups (bnc#708296). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: Make stpg synchronous (bnc#708296). * scsi_dh_alua: Pass buffer as function argument (bnc#708296). * scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). * scsi_dh_alua: Recheck state on transitioning (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * scsi_dh_alua: asynchronous RTPG (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). * scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: invalid state information for "optimized" paths (bnc#843445). * scsi_dh_alua: move RTPG to workqueue (bnc#708296). * scsi_dh_alua: move "expiry" into PG structure (bnc#708296). * scsi_dh_alua: move some sense code handling into generic code (bnc#813245). * scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). * scsi_dh_alua: parse target device id (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: put sense buffer on stack (bnc#708296). * scsi_dh_alua: reattaching device handler fails with "Error 15" (bnc#843429). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: retry command on "mode parameter changed" sense code (bnc#843645). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: simplify state update (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: use flag for RTPG extended header (bnc#708296). * scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). * lpfc: Fix kernel warning on spinlock usage (bnc#806988). * lpfc: Fixed system panic due to midlayer abort (bnc#806988). * qla2xxx: Add module parameter to override the default request queue size (bnc#826756). * qla2xxx: Module parameter "ql2xasynclogin" (bnc#825896). * bna: do not register ndo_set_rx_mode callback (bnc#847261). * hv: handle more than just WS2008 in KVP negotiation (bnc#850640). * drm: do not add inferred modes for monitors that do not support them (bnc#849809). * pci/quirks: Modify reset method for Chelsio T4 (bnc#831168). * pci: fix truncation of resource size to 32 bits (bnc#843419). * pci: pciehp: Retrieve link speed after link is trained (bnc#820102). * pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). * pci: pciehp: replace unconditional sleep with config space access check (bnc#820102). * pci: pciehp: make check_link_active more helpful (bnc#820102). * pci: pciehp: Add pcie_wait_link_not_active() (bnc#820102). * pci: pciehp: Add Disable/enable link functions (bnc#820102). * pci: pciehp: Disable/enable link during slot power off/on (bnc#820102). * mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). * mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). * net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). * qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). * cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). * s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). * s390/cio: skip broken paths (bnc#837739,LTC#97047). * s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). * s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Security Issue references: * CVE-2013-4345 * CVE-2013-4483 * CVE-2013-4511 * CVE-2013-4514 * CVE-2013-4515 * CVE-2013-4587 * CVE-2013-4592 * CVE-2013-6367 * CVE-2013-6368 * CVE-2013-6378 * CVE-2013-6380 * CVE-2013-6383 * CVE-2013-6463 * CVE-2013-7027 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-8779 slessp2-kernel-8791 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-8779 slessp2-kernel-8780 slessp2-kernel-8781 slessp2-kernel-8791 slessp2-kernel-8792 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-8779 sleshasp2-kernel-8780 sleshasp2-kernel-8781 sleshasp2-kernel-8791 sleshasp2-kernel-8792 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-8779 sledsp2-kernel-8791 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.15.1 kernel-default-base-3.0.101-0.7.15.1 kernel-default-devel-3.0.101-0.7.15.1 kernel-source-3.0.101-0.7.15.1 kernel-syms-3.0.101-0.7.15.1 kernel-trace-3.0.101-0.7.15.1 kernel-trace-base-3.0.101-0.7.15.1 kernel-trace-devel-3.0.101-0.7.15.1 kernel-xen-devel-3.0.101-0.7.15.1 xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.15.1 kernel-pae-base-3.0.101-0.7.15.1 kernel-pae-devel-3.0.101-0.7.15.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.15.1 kernel-default-base-3.0.101-0.7.15.1 kernel-default-devel-3.0.101-0.7.15.1 kernel-source-3.0.101-0.7.15.1 kernel-syms-3.0.101-0.7.15.1 kernel-trace-3.0.101-0.7.15.1 kernel-trace-base-3.0.101-0.7.15.1 kernel-trace-devel-3.0.101-0.7.15.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.7.15.1 kernel-ec2-base-3.0.101-0.7.15.1 kernel-ec2-devel-3.0.101-0.7.15.1 kernel-xen-3.0.101-0.7.15.1 kernel-xen-base-3.0.101-0.7.15.1 kernel-xen-devel-3.0.101-0.7.15.1 xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12 xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.7.15.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.7.15.1 kernel-ppc64-base-3.0.101-0.7.15.1 kernel-ppc64-devel-3.0.101-0.7.15.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.15.1 kernel-pae-base-3.0.101-0.7.15.1 kernel-pae-devel-3.0.101-0.7.15.1 xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.7.15-2.18.79 cluster-network-kmp-trace-1.4_3.0.101_0.7.15-2.18.79 gfs2-kmp-default-2_3.0.101_0.7.15-0.7.107 gfs2-kmp-trace-2_3.0.101_0.7.15-0.7.107 ocfs2-kmp-default-1.6_3.0.101_0.7.15-0.11.78 ocfs2-kmp-trace-1.6_3.0.101_0.7.15-0.11.78 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.7.15-2.18.79 gfs2-kmp-xen-2_3.0.101_0.7.15-0.7.107 ocfs2-kmp-xen-1.6_3.0.101_0.7.15-0.11.78 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.7.15-2.18.79 gfs2-kmp-ppc64-2_3.0.101_0.7.15-0.7.107 ocfs2-kmp-ppc64-1.6_3.0.101_0.7.15-0.11.78 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.7.15-2.18.79 gfs2-kmp-pae-2_3.0.101_0.7.15-0.7.107 ocfs2-kmp-pae-1.6_3.0.101_0.7.15-0.11.78 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.15.1 kernel-default-base-3.0.101-0.7.15.1 kernel-default-devel-3.0.101-0.7.15.1 kernel-default-extra-3.0.101-0.7.15.1 kernel-source-3.0.101-0.7.15.1 kernel-syms-3.0.101-0.7.15.1 kernel-trace-3.0.101-0.7.15.1 kernel-trace-base-3.0.101-0.7.15.1 kernel-trace-devel-3.0.101-0.7.15.1 kernel-trace-extra-3.0.101-0.7.15.1 kernel-xen-3.0.101-0.7.15.1 kernel-xen-base-3.0.101-0.7.15.1 kernel-xen-devel-3.0.101-0.7.15.1 kernel-xen-extra-3.0.101-0.7.15.1 xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12 xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.15.1 kernel-pae-base-3.0.101-0.7.15.1 kernel-pae-devel-3.0.101-0.7.15.1 kernel-pae-extra-3.0.101-0.7.15.1 xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.101_0.7.15-0.14.88 ext4-writeable-kmp-trace-0_3.0.101_0.7.15-0.14.88 kernel-default-extra-3.0.101-0.7.15.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.101_0.7.15-0.14.88 kernel-xen-extra-3.0.101-0.7.15.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.101_0.7.15-0.14.88 kernel-ppc64-extra-3.0.101-0.7.15.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.101_0.7.15-0.14.88 kernel-pae-extra-3.0.101-0.7.15.1 References: http://support.novell.com/security/cve/CVE-2013-4345.html http://support.novell.com/security/cve/CVE-2013-4483.html http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4514.html http://support.novell.com/security/cve/CVE-2013-4515.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-4592.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6368.html http://support.novell.com/security/cve/CVE-2013-6378.html http://support.novell.com/security/cve/CVE-2013-6380.html http://support.novell.com/security/cve/CVE-2013-6383.html http://support.novell.com/security/cve/CVE-2013-6463.html http://support.novell.com/security/cve/CVE-2013-7027.html https://bugzilla.novell.com/708296 https://bugzilla.novell.com/769644 https://bugzilla.novell.com/787843 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/798050 https://bugzilla.novell.com/806988 https://bugzilla.novell.com/807434 https://bugzilla.novell.com/810323 https://bugzilla.novell.com/813245 https://bugzilla.novell.com/818545 https://bugzilla.novell.com/819979 https://bugzilla.novell.com/820102 https://bugzilla.novell.com/820338 https://bugzilla.novell.com/821980 https://bugzilla.novell.com/823618 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/825896 https://bugzilla.novell.com/826602 https://bugzilla.novell.com/826756 https://bugzilla.novell.com/827767 https://bugzilla.novell.com/828236 https://bugzilla.novell.com/831168 https://bugzilla.novell.com/834473 https://bugzilla.novell.com/834708 https://bugzilla.novell.com/834808 https://bugzilla.novell.com/835074 https://bugzilla.novell.com/835186 https://bugzilla.novell.com/836718 https://bugzilla.novell.com/837739 https://bugzilla.novell.com/838623 https://bugzilla.novell.com/839407 https://bugzilla.novell.com/840226 https://bugzilla.novell.com/841445 https://bugzilla.novell.com/842239 https://bugzilla.novell.com/843419 https://bugzilla.novell.com/843429 https://bugzilla.novell.com/843445 https://bugzilla.novell.com/843642 https://bugzilla.novell.com/843645 https://bugzilla.novell.com/845621 https://bugzilla.novell.com/845729 https://bugzilla.novell.com/846036 https://bugzilla.novell.com/846984 https://bugzilla.novell.com/847261 https://bugzilla.novell.com/848321 https://bugzilla.novell.com/848336 https://bugzilla.novell.com/848544 https://bugzilla.novell.com/848652 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/849029 https://bugzilla.novell.com/849034 https://bugzilla.novell.com/849404 https://bugzilla.novell.com/849675 https://bugzilla.novell.com/849809 https://bugzilla.novell.com/849848 https://bugzilla.novell.com/849950 https://bugzilla.novell.com/850640 https://bugzilla.novell.com/851066 https://bugzilla.novell.com/851101 https://bugzilla.novell.com/851314 https://bugzilla.novell.com/852373 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/852559 https://bugzilla.novell.com/852624 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853052 https://bugzilla.novell.com/854546 https://bugzilla.novell.com/854634 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/855037 http://download.novell.com/patch/finder/?keywords=282330ca15c25c5d414afa797fd00055 http://download.novell.com/patch/finder/?keywords=3d92bf18525263d6502455d7bb30778d http://download.novell.com/patch/finder/?keywords=457afa810386e3c89cbe7d34f2669ec6 http://download.novell.com/patch/finder/?keywords=67177844fdc4ad7928d0b72e827b1792 http://download.novell.com/patch/finder/?keywords=6d440d2c2b586181d099e77b38c3f10c http://download.novell.com/patch/finder/?keywords=7e6471ccc2fab115e43fdd4825b2703d http://download.novell.com/patch/finder/?keywords=8f7b9d1a1e950072493fafe9d3ce7b0b http://download.novell.com/patch/finder/?keywords=96c8b378c86a8c1970d130e0ca6c215e http://download.novell.com/patch/finder/?keywords=9a3c3a81214dce764b5a30eb1137ff05 http://download.novell.com/patch/finder/?keywords=a3c4d33c79469ac8a1f49845dce098d2 From sle-security-updates at lists.suse.com Tue Jan 28 08:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jan 2014 16:04:11 +0100 (CET) Subject: SUSE-SU-2014:0149-1: moderate: Security update for openstack-nova Message-ID: <20140128150411.7B34432169@maintenance.suse.de> SUSE Security Update: Security update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0149-1 Rating: moderate References: #847648 #848825 Cross-References: CVE-2013-4463 CVE-2013-4497 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This version update of openstack-nova fixes the following issues: * Ensure that oversized images are not booted. (CVE-2013-4463) * Ensure that XenAPI security groups are kept through migrate or resize. (CVE-2013-4497) Security Issues references: * CVE-2013-4463 * CVE-2013-4497 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-openstack-nova-8676 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.5.a17.g4655df1]: openstack-nova-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-api-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-cells-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-cert-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-compute-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-conductor-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-console-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-consoleauth-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-novncproxy-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-objectstore-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-scheduler-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-vncproxy-2013.1.5.a17.g4655df1-0.7.1 python-nova-2013.1.5.a17.g4655df1-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4463.html http://support.novell.com/security/cve/CVE-2013-4497.html https://bugzilla.novell.com/847648 https://bugzilla.novell.com/848825 http://download.novell.com/patch/finder/?keywords=963d3704946a714b607c467e353bc9dd From sle-security-updates at lists.suse.com Tue Jan 28 09:04:10 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jan 2014 17:04:10 +0100 (CET) Subject: SUSE-SU-2014:0150-1: Security update for libxml2 Message-ID: <20140128160410.DC13332169@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0150-1 Rating: low References: #829077 #854869 Cross-References: CVE-2013-2877 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been assigned to this issue. Security Issue reference: * CVE-2013-2877 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libxml2-8714 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libxml2-8713 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libxml2-8714 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libxml2-8714 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libxml2-8713 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libxml2-8713 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libxml2-8715 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libxml2-8714 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libxml2-8713 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libxml2-x86-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libxml2-x86-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libxml2-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libxml2-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libxml2-32bit-2.7.6-0.25.1 References: http://support.novell.com/security/cve/CVE-2013-2877.html https://bugzilla.novell.com/829077 https://bugzilla.novell.com/854869 http://download.novell.com/patch/finder/?keywords=0c936564803f98a5cd705410a42ff5d7 http://download.novell.com/patch/finder/?keywords=192bc6cf648429344756348581fe18f9 http://download.novell.com/patch/finder/?keywords=289bdd1d9305ac3ded648c5dc9315daf From sle-security-updates at lists.suse.com Tue Jan 28 11:04:43 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jan 2014 19:04:43 +0100 (CET) Subject: SUSE-SU-2014:0152-1: moderate: Security update for rubygem-actionpack-3_2 Message-ID: <20140128180443.6CCA632169@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-3_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0152-1 Rating: moderate References: #846239 #853625 #853627 #853632 #853633 Cross-References: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. It includes one version update. Description: This update fixes the following security issues with rubygem-actionpack: * bnc#853625: i18n missing translation XSS (CVE-2013-4491) * bnc#853627: unsafe query generation risk (incomplete fix for CVE-2013-0155) (CVE-2013-6417) * bnc#853632: number_to_currency XSS (CVE-2013-6415) * bnc#853633: Action View DoS (CVE-2013-6414) * bnc#846239: fix possible DoS vulnerability in the log subscriber component (CVE-2013-4389) Security Issue references: * CVE-2013-4491 * CVE-2013-6417 * CVE-2013-6415 * CVE-2013-6414 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygem-actionpack-3_2-8667 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-actionpack-3_2-8667 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-actionpack-3_2-8667 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.2.12]: rubygem-actionpack-3_2-3.2.12-0.11.1 - SUSE Studio Onsite 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionpack-3_2-3.2.12-0.11.1 - SUSE Lifecycle Management Server 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionpack-3_2-3.2.12-0.11.1 References: http://support.novell.com/security/cve/CVE-2013-4491.html http://support.novell.com/security/cve/CVE-2013-6414.html http://support.novell.com/security/cve/CVE-2013-6415.html http://support.novell.com/security/cve/CVE-2013-6417.html https://bugzilla.novell.com/846239 https://bugzilla.novell.com/853625 https://bugzilla.novell.com/853627 https://bugzilla.novell.com/853632 https://bugzilla.novell.com/853633 http://download.novell.com/patch/finder/?keywords=4f7a3b6109dc5ea4e4fb5301ae244222 From sle-security-updates at lists.suse.com Tue Jan 28 11:06:02 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jan 2014 19:06:02 +0100 (CET) Subject: SUSE-SU-2014:0153-1: moderate: Security update for rubygem-actionpack-2_3 Message-ID: <20140128180602.11D9032169@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-2_3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0153-1 Rating: moderate References: #853632 Cross-References: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: This update fixes the following security issues with rubygem-actionpack: * CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). Security Issue references: * CVE-2013-4491 * CVE-2013-6417 * CVE-2013-6415 * CVE-2013-6414 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygem-actionpack-2_3-8702 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.17]: rubygem-actionpack-2_3-2.3.17-0.13.2 References: http://support.novell.com/security/cve/CVE-2013-4491.html http://support.novell.com/security/cve/CVE-2013-6414.html http://support.novell.com/security/cve/CVE-2013-6415.html http://support.novell.com/security/cve/CVE-2013-6417.html https://bugzilla.novell.com/853632 http://download.novell.com/patch/finder/?keywords=eed33b2944b04d2b779d8d32db4cc8e3 From sle-security-updates at lists.suse.com Tue Jan 28 11:06:21 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jan 2014 19:06:21 +0100 (CET) Subject: SUSE-SU-2014:0154-1: moderate: Security update for rubygem-actionpack-2_1 Message-ID: <20140128180621.42ACA32169@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-2_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0154-1 Rating: moderate References: #853632 Cross-References: CVE-2013-6415 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with rubygem-actionpack: * bnc#853632: number_to_currency XSS (CVE-2013-6415) Security Issue reference: * CVE-2013-6415 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rubygem-actionpack-2_1-8637 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygem-actionpack-2_1-8636 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-2_1-2.1.2-1.14.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-2_1-2.1.2-1.14.1 References: http://support.novell.com/security/cve/CVE-2013-6415.html https://bugzilla.novell.com/853632 http://download.novell.com/patch/finder/?keywords=96afa834d89354388e6936917f331849 http://download.novell.com/patch/finder/?keywords=e0dcf6f359c57c79d985cd0edfbf591d From sle-security-updates at lists.suse.com Tue Jan 28 11:06:39 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jan 2014 19:06:39 +0100 (CET) Subject: SUSE-SU-2014:0155-1: important: Security update for puppet Message-ID: <20140128180639.2565A32169@maintenance.suse.de> SUSE Security Update: Security update for puppet ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0155-1 Rating: important References: #835122 #853982 Cross-References: CVE-2013-4761 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update for puppet fixes a remote code execution vulnerability in the "resource_type" service. (CVE-2013-4761) Additionally, the update prevents puppet from executing initialization scripts that could trigger a system reboot when handling "puppet resource service" calls. Security Issue reference: * CVE-2013-4761 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-puppet-8812 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-puppet-8812 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-puppet-8811 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-puppet-8811 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-puppet-8812 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-puppet-8811 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): puppet-2.6.18-0.12.1 puppet-server-2.6.18-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): puppet-2.6.18-0.12.1 puppet-server-2.6.18-0.12.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.12.1 puppet-server-2.6.18-0.12.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.12.1 puppet-server-2.6.18-0.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): puppet-2.6.18-0.12.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.12.1 References: http://support.novell.com/security/cve/CVE-2013-4761.html https://bugzilla.novell.com/835122 https://bugzilla.novell.com/853982 http://download.novell.com/patch/finder/?keywords=7107f4238800d8be5194203b85b2b3f8 http://download.novell.com/patch/finder/?keywords=d16a0df5a7c526b2fb71f3b5f9a79da8 From sle-security-updates at lists.suse.com Tue Jan 28 14:04:12 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jan 2014 22:04:12 +0100 (CET) Subject: SUSE-SU-2014:0156-1: moderate: Security update for nagios Message-ID: <20140128210412.2845A32168@maintenance.suse.de> SUSE Security Update: Security update for nagios ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0156-1 Rating: moderate References: #856837 Cross-References: CVE-2013-7108 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a DoS vulnerability in process_cgivars() of the nagios package. CVE-2013-7108 has been assigned to this issue. Security Issue reference: * CVE-2013-7108 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-nagios-8727 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-nagios-8726 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-nagios-8727 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-nagios-8727 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nagios-8726 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nagios-8726 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): nagios-devel-3.0.6-1.25.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): nagios-devel-3.0.6-1.25.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 References: http://support.novell.com/security/cve/CVE-2013-7108.html https://bugzilla.novell.com/856837 http://download.novell.com/patch/finder/?keywords=8a6864e60da3a72a78cdb920058e30a9 http://download.novell.com/patch/finder/?keywords=8fc494de0036590c9a022f803caa64bb From sle-security-updates at lists.suse.com Wed Jan 29 11:04:12 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Jan 2014 19:04:12 +0100 (CET) Subject: SUSE-SU-2014:0154-2: moderate: Security update for rubygem-actionpack-2_3 Message-ID: <20140129180412.40B8F32169@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-2_3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0154-2 Rating: moderate References: #853632 Cross-References: CVE-2013-6415 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issues with rubygem-actionpack: * CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). Security Issue reference: * CVE-2013-6415 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rubygem-actionpack-2_3-8698 - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-rubygem-actionpack-2_3-8698 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-2_3-2.3.17-0.13.1 - SUSE Cloud 2.0 (x86_64): rubygem-actionpack-2_3-2.3.17-0.13.1 References: http://support.novell.com/security/cve/CVE-2013-6415.html https://bugzilla.novell.com/853632 http://download.novell.com/patch/finder/?keywords=11fe2cd6802619c2d89b0b300584b56e From sle-security-updates at lists.suse.com Thu Jan 30 14:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jan 2014 22:04:11 +0100 (CET) Subject: SUSE-SU-2014:0161-1: moderate: Security update for rubygem-will_paginate Message-ID: <20140130210411.969293216F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-will_paginate ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0161-1 Rating: moderate References: #856831 Cross-References: CVE-2013-6459 Affected Products: SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of rubygem-will_paginate fixes XSS vulnerabilities. CVE-2013-6459 has been assigned to this update. Security Issue reference: * CVE-2013-6459 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-will_paginate-8788 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-will_paginate-3.0.3-0.9.1 References: http://support.novell.com/security/cve/CVE-2013-6459.html https://bugzilla.novell.com/856831 http://download.novell.com/patch/finder/?keywords=e2cb0f1d9e9851cd14bb6b279de35c60 From sle-security-updates at lists.suse.com Thu Jan 30 14:04:31 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jan 2014 22:04:31 +0100 (CET) Subject: SUSE-SU-2014:0162-1: moderate: Security update for libvirt Message-ID: <20140130210431.61D973216D@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0162-1 Rating: moderate References: #841720 #842016 #854486 Cross-References: CVE-2013-6436 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: This update fixes a crash in LXC's memtune code. CVE-2013-6436 has been assigned to this issue. Security Issue reference: * CVE-2013-6436 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libvirt-8705 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libvirt-8705 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libvirt-8705 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.8]: libvirt-devel-1.0.5.8-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.8]: libvirt-devel-32bit-1.0.5.8-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.8]: libvirt-1.0.5.8-0.7.1 libvirt-client-1.0.5.8-0.7.1 libvirt-doc-1.0.5.8-0.7.1 libvirt-lock-sanlock-1.0.5.8-0.7.1 libvirt-python-1.0.5.8-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 1.0.5.8]: libvirt-client-32bit-1.0.5.8-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.0.5.8]: libvirt-1.0.5.8-0.7.1 libvirt-client-1.0.5.8-0.7.1 libvirt-doc-1.0.5.8-0.7.1 libvirt-python-1.0.5.8-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.8]: libvirt-client-32bit-1.0.5.8-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-6436.html https://bugzilla.novell.com/841720 https://bugzilla.novell.com/842016 https://bugzilla.novell.com/854486 http://download.novell.com/patch/finder/?keywords=eb6c071b757a4d31edd18f2de7480658 From sle-security-updates at lists.suse.com Thu Jan 30 14:05:15 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jan 2014 22:05:15 +0100 (CET) Subject: SUSE-SU-2014:0163-1: moderate: Security update for openstack-keystone Message-ID: <20140130210515.C81233216B@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0163-1 Rating: moderate References: #837800 #839876 #843443 #848066 Cross-References: CVE-2013-4222 CVE-2013-4477 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. It includes one version update. Description: This version update fixes the following security issues: * remove role assignment adds role using LDAP assignment (CVE-2013-4477) * revoke user tokens when disabling/deleting a project (CVE-2013-4222) Security Issue references: * CVE-2013-4477 * CVE-2013-4222 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-openstack-keystone-8675 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.5.a2.g82dcde0]: openstack-keystone-2013.1.5.a2.g82dcde0-0.7.1 python-keystone-2013.1.5.a2.g82dcde0-0.7.1 - SUSE Cloud 2.0 (noarch) [New Version: 2013.1.5.a2.g82dcde0]: openstack-keystone-doc-2013.1.5.a2.g82dcde0-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4222.html http://support.novell.com/security/cve/CVE-2013-4477.html https://bugzilla.novell.com/837800 https://bugzilla.novell.com/839876 https://bugzilla.novell.com/843443 https://bugzilla.novell.com/848066 http://download.novell.com/patch/finder/?keywords=3ac1770b48f8df2913e60fe8fc0e81ab From sle-security-updates at lists.suse.com Fri Jan 31 08:04:14 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jan 2014 16:04:14 +0100 (CET) Subject: SUSE-SU-2014:0168-1: moderate: Security update for Real Time Linux Kernel Message-ID: <20140131150414.2AF6332172@maintenance.suse.de> SUSE Security Update: Security update for Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0168-1 Rating: moderate References: #708296 #733022 #770541 #787843 #789359 #803174 #806988 #810323 #813245 #818064 #818545 #819979 #820102 #820338 #821619 #821980 #825006 #825696 #825896 #826602 #826756 #826978 #827527 #827767 #828236 #831103 #833097 #834473 #834708 #834808 #835074 #835186 #836718 #837206 #837739 #838623 #839407 #839973 #840116 #840226 #841445 #841654 #842239 #843185 #843419 #843429 #843445 #843642 #843645 #843654 #845352 #845378 #845729 #846036 #846298 #846989 #847261 #847660 #847842 #848317 #848321 #848335 #848336 #848544 #848864 #849021 #849029 #849034 #849256 #849362 #849404 #849675 #849809 #849950 #850072 #850103 #850324 #850493 #850640 #851066 #851101 #851290 #851314 #851879 #852373 #852558 #852559 #852652 #852761 #853050 #853051 #853053 #853428 #853465 #854546 #854634 #854722 #856307 #856481 Cross-References: CVE-2013-2146 CVE-2013-2930 CVE-2013-4345 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6376 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6463 CVE-2013-7027 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 83 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was updated to version 3.0.101, fixing various bugs and security issues. The following feature has been added: * supported.conf: Mark net/netfilter/xt_set as supported. (bnc#851066, FATE#313309) The following security issues have been fixed: * CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) * CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) * CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) * CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) * CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) * CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) * CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) * CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) * CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) * CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) * CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006) * CVE-2013-2930: The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362) The following non-security issues have been fixed: * rt: upstream sysv semaphore scalability fixes (bnc#803174). * kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). * kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). * kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). * asm-generic: io: Fix ioread16/32be and iowrite16/32be (bnc#848335,LTC#94737). * watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). * random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). * blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). * printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). * Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ * Honor state disabling in the cpuidle ladder governor (bnc#845378). * cpuidle: add a sysfs entry to disable specific C state for debug purpose (bnc#845378). * tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). * tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). * sched: Avoid throttle_cfs_rq() racing with period_timer stopping (bnc#848336). * sched/balancing: Periodically decay max cost of idle balance (bnc#849256). * sched: Consider max cost of idle balance per sched domain (bnc#849256). * sched: Reduce overestimating rq->avg_idle (bnc#849256). * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). * sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). * sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). * sched: Guarantee new group-entities always have weight (bnc#848336). * sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). * sched: Fix several races in CFS_BANDWIDTH (bnc#848336). * futex: fix handling of read-only-mapped hugepages (VM Functionality). * mutex: Make more scalable by doing fewer atomic operations (bnc#849256). * powerpc: Fix memory hotplug with sparse vmemmap (bnc#827527). * powerpc: Add System RAM to /proc/iomem (bnc#827527). * powerpc/mm: Mark Memory Resources as busy (bnc#827527). * powerpc: Fix fatal SLB miss when restoring PPR (bnc#853465). * powerpc: Make function that parses RTAS error logs global (bnc#852761). * powerpc/pseries: Parse and handle EPOW interrupts (bnc#852761). * powerpc/rtas_flash: Fix validate_flash buffer overflow issue (bnc#847842). * powerpc/rtas_flash: Fix bad memory access (bnc#847842). * x86: Update UV3 hub revision ID (bnc#846298 fate#314987). * x86: Remove some noise from boot log when starting cpus (bnc#770541). * x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error (bnc#843654). * ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). * net/mlx4_core: Fix endianness bug in set_param_l (bnc#848335,LTC#94737). * netback: bump tx queue length (bnc#849404). * xfrm: invalidate dst on policy insertion/deletion (bnc#842239). * xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). * fs: Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk (bnc#850324). * autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). * autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). * autofs4: close the races around autofs4_notify_daemon() (bnc#851314). * autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). * autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). * autofs4: fix deal with autofs4_write races (bnc#851314). * autofs4: use simple_empty() for empty directory check (bnc#851314). * dlm: set zero linger time on sctp socket (bnc#787843). * SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). * nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). * nfs: Adapt readdirplus to application usage patterns (bnc#834708). * xfs: Account log unmount transaction correctly (bnc#849950). * xfs: improve ioend error handling (bnc#846036). * xfs: reduce ioend latency (bnc#846036). * xfs: use per-filesystem I/O completion workqueues (bnc#846036). * xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). * Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). * vfs: avoid "attempt to access beyond end of device" warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * cifs: Improve performance of browsing directories with several files (bnc#810323). * cifs: Ensure cifs directories do not show up as files (bnc#826602). * SCSI & usb-storage: add try_rc_10_first flag (bnc#853428). * iscsi_target: race condition on shutdown (bnc#850072). * libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (bnc#837206). * lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout (bnc#856481). * advansys: Remove "last_reset" references (bnc#856481). * dc395: Move "last_reset" into internal host structure (bnc#856481). * Add "eh_deadline" to limit SCSI EH runtime (bnc#856481). * remove check for "resetting" (bnc#856481). * tmscsim: Move "last_reset" into host structure (bnc#856481). * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#856481). * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#856481). * crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). * crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). * crypto: gf128mul - fix call to memset() (obvious fix). * pcifront: Deal with toolstack missing "XenbusStateClosing" state. * xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). * netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). * igb: Fix get_fw_version function for all parts (bnc#848317). * igb: Refactor of init_nvm_params (bnc#848317). * r8169: check ALDPS bit and disable it if enabled for the 8168g (bnc#845352). * qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). * usb: Fix xHCI host issues on remote wakeup (bnc#846989). * xhci: Limit the spurious wakeup fix only to HP machines (bnc#833097). * Intel xhci: refactor EHCI/xHCI port switching (bnc#840116). * xhci-hub.c: preserved kABI (bnc#840116). * xhci: Refactor port status into a new function (bnc#840116). * ALSA: hda - Fix inconsistent mic-mute LED (bnc#848864). * ALSA: hda - load EQ params into IDT codec on HP bNB13 systems (bnc#850493). * lpfc: correct some issues with txcomplq processing (bnc#818064). * lpfc: correct an issue with rrq processing (bnc#818064). * sd: avoid deadlocks when running under multipath (bnc#818545). * sd: fix crash when UA received on DIF enabled device (bnc#841445). * sg: fix blk_get_queue usage (bnc#834808). * lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). * lpfc: Fix kernel warning on spinlock usage (bnc#806988). * lpfc: Fixed system panic due to midlayer abort (bnc#806988). * qla2xxx: Add module parameter to override the default request queue size (bnc#826756). * qla2xxx: Module parameter "ql2xasynclogin" (bnc#825896). * Pragmatic workaround for realtime class abuse induced latency issues. * Provide realtime priority kthread and workqueue boot options (bnc#836718). * mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). * mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). * net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). * bna: do not register ndo_set_rx_mode callback (bnc#847261). * PCI: pciehp: Retrieve link speed after link is trained (bnc#820102). * PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). * PCI: pciehp: replace unconditional sleep with config space access check (bnc#820102). * PCI: pciehp: make check_link_active more helpful (bnc#820102). * PCI: pciehp: Add pcie_wait_link_not_active() (bnc#820102). * PCI: pciehp: Add Disable/enable link functions (bnc#820102). * PCI: pciehp: Disable/enable link during slot power off/on (bnc#820102). * PCI: Add pcibios_pm_ops for optional arch-specific hibernate functionality (bnc#848335,FATE#83037,LTC#94737). * PCI: Add pcibios_release_device() (bnc#848335,FATE#83037,LTC#94737). * PCI: fix truncation of resource size to 32 bits (bnc#843419). * hv: handle more than just WS2008 in KVP negotiation (bnc#850640). * mei: ME hardware reset needs to be synchronized (bnc#821619). * kabi: Restore struct irq_desc::timer_rand_state. * fs3270: unloading module does not remove device (bnc#851879, LTC#100284). * cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). * isci: Fix a race condition in the SSP task management path (bnc#826978). * ptp: dynamic allocation of PHC char devices (bnc#851290). * dm-mpath: Fixup race condition in activate_path() (bnc#708296). * dm-mpath: do not detach stale hardware handler (bnc#708296). * dm-multipath: Improve logging (bnc#708296). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). * scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). * scsi_dh_alua: Evaluate state for all port groups (bnc#708296). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: Make stpg synchronous (bnc#708296). * scsi_dh_alua: Pass buffer as function argument (bnc#708296). * scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). * scsi_dh_alua: Recheck state on transitioning (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * scsi_dh_alua: asynchronous RTPG (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). * scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: invalid state information for "optimized" paths (bnc#843445). * scsi_dh_alua: move RTPG to workqueue (bnc#708296). * scsi_dh_alua: move "expiry" into PG structure (bnc#708296). * scsi_dh_alua: move some sense code handling into generic code (bnc#813245). * scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). * scsi_dh_alua: parse target device id (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: put sense buffer on stack (bnc#708296). * scsi_dh_alua: reattaching device handler fails with "Error 15" (bnc#843429). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: retry command on "mode parameter changed" sense code (bnc#843645). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: simplify state update (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: use flag for RTPG extended header (bnc#708296). * scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: move "expiry" into PG structure (bnc#708296). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). * drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). * drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). * drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). * drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). * drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). * drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). * drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). * drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). * drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). * drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). * drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). * drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). * drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). * drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). * drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). * drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). * drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). * drm/i915: fix gen4 digital port hotplug definitions (bnc#850103). * drm/mgag200: Bug fix: Modified pll algorithm for EH project (bnc#841654). * drm: do not add inferred modes for monitors that do not support them (bnc #849809). Security Issues: * CVE-2013-2146 * CVE-2013-2930 * CVE-2013-4345 * CVE-2013-4483 * CVE-2013-4511 * CVE-2013-4514 * CVE-2013-4515 * CVE-2013-4587 * CVE-2013-4592 * CVE-2013-6367 * CVE-2013-6376 * CVE-2013-6378 * CVE-2013-6380 * CVE-2013-6383 * CVE-2013-6463 * CVE-2013-7027 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-8793 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.10-2.27.37 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.10-2.27.37 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.10-0.22.3 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.10-0.22.3 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.10-0.38.22 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.10-0.38.22 kernel-rt-3.0.101.rt130-0.10.1 kernel-rt-base-3.0.101.rt130-0.10.1 kernel-rt-devel-3.0.101.rt130-0.10.1 kernel-rt_trace-3.0.101.rt130-0.10.1 kernel-rt_trace-base-3.0.101.rt130-0.10.1 kernel-rt_trace-devel-3.0.101.rt130-0.10.1 kernel-source-rt-3.0.101.rt130-0.10.1 kernel-syms-rt-3.0.101.rt130-0.10.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.10-0.11.22 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.10-0.11.22 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.10-0.20.37 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.10-0.20.37 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.10-0.13.28 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.10-0.13.28 References: http://support.novell.com/security/cve/CVE-2013-2146.html http://support.novell.com/security/cve/CVE-2013-2930.html http://support.novell.com/security/cve/CVE-2013-4345.html http://support.novell.com/security/cve/CVE-2013-4483.html http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4514.html http://support.novell.com/security/cve/CVE-2013-4515.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-4592.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6376.html http://support.novell.com/security/cve/CVE-2013-6378.html http://support.novell.com/security/cve/CVE-2013-6380.html http://support.novell.com/security/cve/CVE-2013-6383.html http://support.novell.com/security/cve/CVE-2013-6463.html http://support.novell.com/security/cve/CVE-2013-7027.html https://bugzilla.novell.com/708296 https://bugzilla.novell.com/733022 https://bugzilla.novell.com/770541 https://bugzilla.novell.com/787843 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/803174 https://bugzilla.novell.com/806988 https://bugzilla.novell.com/810323 https://bugzilla.novell.com/813245 https://bugzilla.novell.com/818064 https://bugzilla.novell.com/818545 https://bugzilla.novell.com/819979 https://bugzilla.novell.com/820102 https://bugzilla.novell.com/820338 https://bugzilla.novell.com/821619 https://bugzilla.novell.com/821980 https://bugzilla.novell.com/825006 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/825896 https://bugzilla.novell.com/826602 https://bugzilla.novell.com/826756 https://bugzilla.novell.com/826978 https://bugzilla.novell.com/827527 https://bugzilla.novell.com/827767 https://bugzilla.novell.com/828236 https://bugzilla.novell.com/831103 https://bugzilla.novell.com/833097 https://bugzilla.novell.com/834473 https://bugzilla.novell.com/834708 https://bugzilla.novell.com/834808 https://bugzilla.novell.com/835074 https://bugzilla.novell.com/835186 https://bugzilla.novell.com/836718 https://bugzilla.novell.com/837206 https://bugzilla.novell.com/837739 https://bugzilla.novell.com/838623 https://bugzilla.novell.com/839407 https://bugzilla.novell.com/839973 https://bugzilla.novell.com/840116 https://bugzilla.novell.com/840226 https://bugzilla.novell.com/841445 https://bugzilla.novell.com/841654 https://bugzilla.novell.com/842239 https://bugzilla.novell.com/843185 https://bugzilla.novell.com/843419 https://bugzilla.novell.com/843429 https://bugzilla.novell.com/843445 https://bugzilla.novell.com/843642 https://bugzilla.novell.com/843645 https://bugzilla.novell.com/843654 https://bugzilla.novell.com/845352 https://bugzilla.novell.com/845378 https://bugzilla.novell.com/845729 https://bugzilla.novell.com/846036 https://bugzilla.novell.com/846298 https://bugzilla.novell.com/846989 https://bugzilla.novell.com/847261 https://bugzilla.novell.com/847660 https://bugzilla.novell.com/847842 https://bugzilla.novell.com/848317 https://bugzilla.novell.com/848321 https://bugzilla.novell.com/848335 https://bugzilla.novell.com/848336 https://bugzilla.novell.com/848544 https://bugzilla.novell.com/848864 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/849029 https://bugzilla.novell.com/849034 https://bugzilla.novell.com/849256 https://bugzilla.novell.com/849362 https://bugzilla.novell.com/849404 https://bugzilla.novell.com/849675 https://bugzilla.novell.com/849809 https://bugzilla.novell.com/849950 https://bugzilla.novell.com/850072 https://bugzilla.novell.com/850103 https://bugzilla.novell.com/850324 https://bugzilla.novell.com/850493 https://bugzilla.novell.com/850640 https://bugzilla.novell.com/851066 https://bugzilla.novell.com/851101 https://bugzilla.novell.com/851290 https://bugzilla.novell.com/851314 https://bugzilla.novell.com/851879 https://bugzilla.novell.com/852373 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/852559 https://bugzilla.novell.com/852652 https://bugzilla.novell.com/852761 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853053 https://bugzilla.novell.com/853428 https://bugzilla.novell.com/853465 https://bugzilla.novell.com/854546 https://bugzilla.novell.com/854634 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/856307 https://bugzilla.novell.com/856481 http://download.novell.com/patch/finder/?keywords=d10502547c5fe6d29cecad7489074294 From sle-security-updates at lists.suse.com Fri Jan 31 08:38:57 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jan 2014 16:38:57 +0100 (CET) Subject: SUSE-SU-2014:0169-1: moderate: Security update for Real Time Linux Kernel Message-ID: <20140131153857.7F23532172@maintenance.suse.de> SUSE Security Update: Security update for Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0169-1 Rating: moderate References: #708296 #769644 #787843 #789359 #806988 #810323 #813245 #818545 #819979 #820102 #820338 #821980 #823618 #825696 #825896 #826602 #826756 #827767 #828236 #831168 #834473 #834708 #834808 #835074 #835186 #836718 #837739 #838623 #839407 #840226 #841445 #842239 #843419 #843429 #843445 #843642 #843645 #845621 #845729 #846036 #846984 #847261 #848321 #848336 #848544 #849021 #849029 #849034 #849404 #849675 #849809 #849848 #849950 #850640 #851066 #851101 #851314 #852373 #852558 #852559 #853050 #853051 #853052 #854546 #854634 #854722 #855037 Cross-References: CVE-2013-4345 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6368 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6463 CVE-2013-7027 Affected Products: SUSE Linux Enterprise Real Time 11 SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 53 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel for RealTime was updated to version 3.0.101 and also includes various other bug and security fixes. The following feature has been added: * supported.conf: Mark net/netfilter/xt_set as supported. (bnc#851066, FATE#313309) The following security issues have been fixed: * CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) * CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) * CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) * CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) * CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) * CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) * CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) * CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) * CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) * CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) The following non-security issues have been fixed: * kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). * printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). * blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). * x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). * futex: fix handling of read-only-mapped hugepages (VM Functionality). * random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). * Provide realtime priority kthread and workqueue boot options (bnc#836718). * sched: Fix several races in CFS_BANDWIDTH (bnc#848336). * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). * sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). * sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). * sched: Fix buglet in return_cfs_rq_runtime(). * sched: Guarantee new group-entities always have weight (bnc#848336). * sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). * watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). * tcp: bind() fix autoselection to share ports (bnc#823618). * tcp: bind() use stronger condition for bind_conflict (bnc#823618). * tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). * macvlan: disable LRO on lower device instead of macvlan (bnc#846984). * macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). * macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). * xen: netback: bump tx queue length (bnc#849404). * netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). * xfrm: invalidate dst on policy insertion/deletion (bnc#842239). * xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). * crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). * crypto: gf128mul - fix call to memset() (obvious fix). * autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). * autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). * autofs4: close the races around autofs4_notify_daemon() (bnc#851314). * autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). * autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). * autofs4 - fix deal with autofs4_write races (bnc#851314). * autofs4 - use simple_empty() for empty directory check (bnc#851314). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). * dlm: set zero linger time on sctp socket (bnc#787843). * SUNRPC: Fix a data corruption issue when retransmitting RPC calls (bnc#855037) * nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). * nfs: Adapt readdirplus to application usage patterns (bnc#834708). * xfs: improve ioend error handling (bnc#846036). * xfs: reduce ioend latency (bnc#846036). * xfs: use per-filesystem I/O completion workqueues (bnc#846036). * xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). * xfs: Account log unmount transaction correctly (bnc#849950). * vfs: avoid "attempt to access beyond end of device" warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * cifs: Improve performance of browsing directories with several files (bnc#810323). * cifs: Ensure cifs directories don't show up as files (bnc#826602). * sd: avoid deadlocks when running under multipath (bnc#818545). * sd: fix crash when UA received on DIF enabled device (bnc#841445). * sg: fix blk_get_queue usage (bnc#834808). * block: factor out vector mergeable decision to a helper function (bnc#769644). * block: modify __bio_add_page check to accept pages that don't start a new segment (bnc#769644). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). * scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). * scsi_dh_alua: Evaluate state for all port groups (bnc#708296). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: Make stpg synchronous (bnc#708296). * scsi_dh_alua: Pass buffer as function argument (bnc#708296). * scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). * scsi_dh_alua: Recheck state on transitioning (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * scsi_dh_alua: asynchronous RTPG (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). * scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445). * scsi_dh_alua: move RTPG to workqueue (bnc#708296). * scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). * scsi_dh_alua: move some sense code handling into generic code (bnc#813245). * scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). * scsi_dh_alua: parse target device id (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: put sense buffer on stack (bnc#708296). * scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: simplify state update (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: use flag for RTPG extended header (bnc#708296). * scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). * lpfc: Fix kernel warning on spinlock usage (bnc#806988). * lpfc: Fixed system panic due to midlayer abort (bnc#806988). * qla2xxx: Add module parameter to override the default request queue size (bnc#826756). * qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896). * bna: do not register ndo_set_rx_mode callback (bnc#847261). * hv: handle more than just WS2008 in KVP negotiation (bnc#850640). * drm: don't add inferred modes for monitors that don't support them (bnc #849809). * pci/quirks: Modify reset method for Chelsio T4 (bnc#831168). * pci: fix truncation of resource size to 32 bits (bnc#843419). * pci: pciehp: Retrieve link speed after link is trained (bnc#820102). * pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). * pci: pciehp: replace unconditional sleep with config space access check (bnc#820102). * pci: pciehp: make check_link_active more helpful (bnc#820102). * pci: pciehp: Add pcie_wait_link_not_active() (bnc#820102). * pci: pciehp: Add Disable/enable link functions (bnc#820102). * pci: pciehp: Disable/enable link during slot power off/on (bnc#820102). * mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). * mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). * net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). * qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). * cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). * s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). * s390/cio: skip broken paths (bnc#837739,LTC#97047). * s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). * s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Security Issues: * CVE-2013-4345 * CVE-2013-4483 * CVE-2013-4511 * CVE-2013-4514 * CVE-2013-4515 * CVE-2013-4587 * CVE-2013-4592 * CVE-2013-6367 * CVE-2013-6368 * CVE-2013-6378 * CVE-2013-6380 * CVE-2013-6383 * CVE-2013-6463 * CVE-2013-7027 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-kernel-8790 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.7.9-2.18.79 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.7.9-2.18.79 drbd-kmp-rt-8.4.2_3.0.101_rt130_0.7.9-0.6.6.70 drbd-kmp-rt_trace-8.4.2_3.0.101_rt130_0.7.9-0.6.6.70 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.7.9-0.25.25.18 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.7.9-0.25.25.18 kernel-rt-3.0.101.rt130-0.7.9.1 kernel-rt-base-3.0.101.rt130-0.7.9.1 kernel-rt-devel-3.0.101.rt130-0.7.9.1 kernel-rt_trace-3.0.101.rt130-0.7.9.1 kernel-rt_trace-base-3.0.101.rt130-0.7.9.1 kernel-rt_trace-devel-3.0.101.rt130-0.7.9.1 kernel-source-rt-3.0.101.rt130-0.7.9.1 kernel-syms-rt-3.0.101.rt130-0.7.9.1 lttng-modules-kmp-rt-2.0.4_3.0.101_rt130_0.7.9-0.9.9.6 lttng-modules-kmp-rt_trace-2.0.4_3.0.101_rt130_0.7.9-0.9.9.6 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.7.9-0.11.78 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.7.9-0.11.78 ofed-kmp-rt-1.5.2_3.0.101_rt130_0.7.9-0.28.28.50 ofed-kmp-rt_trace-1.5.2_3.0.101_rt130_0.7.9-0.28.28.50 References: http://support.novell.com/security/cve/CVE-2013-4345.html http://support.novell.com/security/cve/CVE-2013-4483.html http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4514.html http://support.novell.com/security/cve/CVE-2013-4515.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-4592.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6368.html http://support.novell.com/security/cve/CVE-2013-6378.html http://support.novell.com/security/cve/CVE-2013-6380.html http://support.novell.com/security/cve/CVE-2013-6383.html http://support.novell.com/security/cve/CVE-2013-6463.html http://support.novell.com/security/cve/CVE-2013-7027.html https://bugzilla.novell.com/708296 https://bugzilla.novell.com/769644 https://bugzilla.novell.com/787843 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/806988 https://bugzilla.novell.com/810323 https://bugzilla.novell.com/813245 https://bugzilla.novell.com/818545 https://bugzilla.novell.com/819979 https://bugzilla.novell.com/820102 https://bugzilla.novell.com/820338 https://bugzilla.novell.com/821980 https://bugzilla.novell.com/823618 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/825896 https://bugzilla.novell.com/826602 https://bugzilla.novell.com/826756 https://bugzilla.novell.com/827767 https://bugzilla.novell.com/828236 https://bugzilla.novell.com/831168 https://bugzilla.novell.com/834473 https://bugzilla.novell.com/834708 https://bugzilla.novell.com/834808 https://bugzilla.novell.com/835074 https://bugzilla.novell.com/835186 https://bugzilla.novell.com/836718 https://bugzilla.novell.com/837739 https://bugzilla.novell.com/838623 https://bugzilla.novell.com/839407 https://bugzilla.novell.com/840226 https://bugzilla.novell.com/841445 https://bugzilla.novell.com/842239 https://bugzilla.novell.com/843419 https://bugzilla.novell.com/843429 https://bugzilla.novell.com/843445 https://bugzilla.novell.com/843642 https://bugzilla.novell.com/843645 https://bugzilla.novell.com/845621 https://bugzilla.novell.com/845729 https://bugzilla.novell.com/846036 https://bugzilla.novell.com/846984 https://bugzilla.novell.com/847261 https://bugzilla.novell.com/848321 https://bugzilla.novell.com/848336 https://bugzilla.novell.com/848544 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/849029 https://bugzilla.novell.com/849034 https://bugzilla.novell.com/849404 https://bugzilla.novell.com/849675 https://bugzilla.novell.com/849809 https://bugzilla.novell.com/849848 https://bugzilla.novell.com/849950 https://bugzilla.novell.com/850640 https://bugzilla.novell.com/851066 https://bugzilla.novell.com/851101 https://bugzilla.novell.com/851314 https://bugzilla.novell.com/852373 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/852559 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853052 https://bugzilla.novell.com/854546 https://bugzilla.novell.com/854634 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/855037 http://download.novell.com/patch/finder/?keywords=0855fc56b50ab47ce7ab0cc80d988145 From sle-security-updates at lists.suse.com Fri Jan 31 13:28:54 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jan 2014 21:28:54 +0100 (CET) Subject: SUSE-SU-2014:0171-1: moderate: Security update for curl Message-ID: <20140131202854.0BC7E32172@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0171-1 Rating: moderate References: #858673 Cross-References: CVE-2014-0015 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-8796 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-curl-8796 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-curl-8796 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-curl-8796 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-curl-8796 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libcurl4-32bit-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libcurl4-x86-7.19.7-1.20.31.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libcurl4-32bit-7.19.7-1.20.31.1 References: http://support.novell.com/security/cve/CVE-2014-0015.html https://bugzilla.novell.com/858673 http://download.novell.com/patch/finder/?keywords=606b18dd1e3a0fbfccb8d264a48c81a4 From sle-security-updates at lists.suse.com Fri Jan 31 14:05:00 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jan 2014 22:05:00 +0100 (CET) Subject: SUSE-SU-2014:0175-1: moderate: Security update for curl Message-ID: <20140131210500.8948D3216F@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0175-1 Rating: moderate References: #858673 Cross-References: CVE-2014-0015 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-8796 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-curl-8796 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-curl-8796 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-curl-8796 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-curl-8796 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libcurl4-32bit-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libcurl4-x86-7.19.7-1.20.31.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libcurl4-32bit-7.19.7-1.20.31.1 References: http://support.novell.com/security/cve/CVE-2014-0015.html https://bugzilla.novell.com/858673 http://download.novell.com/patch/finder/?keywords=606b18dd1e3a0fbfccb8d264a48c81a4 From sle-security-updates at lists.suse.com Fri Jan 31 15:04:41 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jan 2014 23:04:41 +0100 (CET) Subject: SUSE-SU-2014:0178-1: moderate: Security update for openswan Message-ID: <20140131220441.BA1A232172@maintenance.suse.de> SUSE Security Update: Security update for openswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0178-1 Rating: moderate References: #859220 Cross-References: CVE-2013-7294 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a Denial of Service (DoS) vulnerability via IKEv2 I1 notifications in openswan. CVE-2013-7294 has been assigned to this issue. Security Issues: * CVE-2013-7294 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openswan-8815 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openswan-8815 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): openswan-2.6.16-1.40.1 openswan-doc-2.6.16-1.40.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): openswan-2.6.16-1.40.1 openswan-doc-2.6.16-1.40.1 References: http://support.novell.com/security/cve/CVE-2013-7294.html https://bugzilla.novell.com/859220 http://download.novell.com/patch/finder/?keywords=8c03a9c6bc7982384112974547389842 From sle-security-updates at lists.suse.com Fri Jan 31 17:04:11 2014 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 1 Feb 2014 01:04:11 +0100 (CET) Subject: SUSE-SU-2014:0179-1: moderate: Security update for bind Message-ID: <20140201000411.B9E3A3216B@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0179-1 Rating: moderate References: #858639 Cross-References: CVE-2014-0591 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue. Security Issue references: * CVE-2014-0591 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bind-8835 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bind-8834 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bind-8835 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bind-8835 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bind-8834 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bind-8834 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bind-8835 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bind-8834 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-devel-9.9.4P2-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64) [New Version: 9.9.4P2]: bind-devel-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-devel-9.9.4P2-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64) [New Version: 9.9.4P2]: bind-devel-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 9.9.4P2]: bind-9.9.4P2-0.6.1 bind-chrootenv-9.9.4P2-0.6.1 bind-doc-9.9.4P2-0.6.1 bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-9.9.4P2-0.6.1 bind-chrootenv-9.9.4P2-0.6.1 bind-doc-9.9.4P2-0.6.1 bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 9.9.4P2]: bind-libs-x86-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.9.4P2]: bind-9.9.4P2-0.6.1 bind-chrootenv-9.9.4P2-0.6.1 bind-doc-9.9.4P2-0.6.1 bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-9.9.4P2-0.6.1 bind-chrootenv-9.9.4P2-0.6.1 bind-doc-9.9.4P2-0.6.1 bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 9.9.4P2]: bind-libs-x86-9.9.4P2-0.6.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 9.9.4P2]: bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.9.4P2]: bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 References: http://support.novell.com/security/cve/CVE-2014-0591.html https://bugzilla.novell.com/858639 http://download.novell.com/patch/finder/?keywords=c75339b104a030740707866f9580789b http://download.novell.com/patch/finder/?keywords=ce84da90d80e1d2a41882cba36acdeac