From sle-security-updates at lists.suse.com Thu Jul 2 09:05:23 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jul 2015 17:05:23 +0200 (CEST) Subject: SUSE-SU-2015:1173-1: important: Security update for ntp Message-ID: <20150702150523.8635732096@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1173-1 Rating: important References: #924202 #928321 #935409 Cross-References: CVE-2015-1799 CVE-2015-3405 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: ntp was updated to fix two security issues: * CVE-2015-1799: ntpd authentication did not protect symmetric associations against DoS attacks (bsc#924202) * CVE-2015-3405: ntp-keygen may generate non-random symmetric keys on big-endian systems (bsc#928321) Security Issues: * CVE-2015-1799 * CVE-2015-3405 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ntp=10804 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ntp=10804 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ntp=10804 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ntp-4.2.4p8-1.29.36.1 ntp-doc-4.2.4p8-1.29.36.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.4p8-1.29.36.1 ntp-doc-4.2.4p8-1.29.36.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ntp-4.2.4p8-1.29.36.1 ntp-doc-4.2.4p8-1.29.36.1 References: https://www.suse.com/security/cve/CVE-2015-1799.html https://www.suse.com/security/cve/CVE-2015-3405.html https://bugzilla.suse.com/924202 https://bugzilla.suse.com/928321 https://bugzilla.suse.com/935409 https://download.suse.com/patch/finder/?keywords=01d100dcc703803037ff705ec9182df6 From sle-security-updates at lists.suse.com Thu Jul 2 09:06:11 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jul 2015 17:06:11 +0200 (CEST) Subject: SUSE-SU-2015:1174-1: moderate: Security update for Linux Kernel Message-ID: <20150702150611.CCA6F32096@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1174-1 Rating: moderate References: #831029 #877456 #889221 #891212 #891641 #900881 #902286 #904242 #904883 #904901 #906027 #908706 #909309 #909312 #909477 #909684 #910517 #911326 #912202 #912741 #913080 #913598 #914726 #914742 #914818 #914987 #915045 #915200 #915577 #916521 #916848 #917093 #917120 #917648 #917684 #917830 #917839 #918333 #919007 #919018 #919357 #919463 #919589 #919682 #919808 #921769 #922583 #923344 #924142 #924271 #924333 #924340 #925012 #925370 #925443 #925567 #925729 #926016 #926240 #926439 #926767 #927190 #927257 #927262 #927338 #928122 #928130 #928142 #928333 #928970 #929145 #929148 #929283 #929525 #929647 #930145 #930171 #930226 #930284 #930401 #930669 #930786 #930788 #931014 #931015 #931850 Cross-References: CVE-2014-8086 CVE-2014-8159 CVE-2014-9419 CVE-2014-9529 CVE-2014-9683 CVE-2015-0777 CVE-2015-1421 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3339 CVE-2015-3636 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 71 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues. The following vulnerabilities have been fixed: * CVE-2015-3636: A missing sk_nulls_node_init() in ping_unhash() inside the ipv4 stack can cause crashes if a disconnect is followed by another connect() attempt. (bnc#929525) * CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bnc#928130) * CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bnc#927257) * CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (bnc#922583) * CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bnc#926240) * CVE-2015-2150: XSA-120: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bnc#919463) * CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (bnc#919018) * CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (bnc#919007) * CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. (bnc#915577) * CVE-2015-0777: drivers/xen/usbback/usbback.c in 1 -2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bnc#917830) * CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. (bnc#918333) * CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. (bnc#912202) * CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. (bnc#911326) * CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bnc#914742) * CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. (bnc#900881) Also the following non-security bugs have been fixed: * mm: exclude reserved pages from dirtyable memory (bnc#931015, bnc#930788). * mm: fix calculation of dirtyable memory (bnc#931015, bnc#930788). * mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (bnc#931015, bnc#930788). * mm, oom: fix and cleanup oom score calculations (bnc#930171). * mm: fix anon_vma->degree underflow in anon_vma endless growing prevention (bnc#904242). * mm, slab: lock the correct nodelist after reenabling irqs (bnc#926439). * x86: irq: Check for valid irq descriptor incheck_irq_vectors_for_cpu_disable (bnc#914726). * x86/mce: Introduce mce_gather_info() (bsc#914987). * x86/mce: Fix mce regression from recent cleanup (bsc#914987). * x86/mce: Update MCE severity condition check (bsc#914987). * x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). * x86/reboot: Fix a warning message triggered by stop_other_cpus() (bnc#930284). * x86/apic/uv: Update the UV APIC HUB check (bsc#929145). * x86/apic/uv: Update the UV APIC driver check (bsc#929145). * x86/apic/uv: Update the APIC UV OEM check (bsc#929145). * kabi: invalidate removed sys_elem_dir::children (bnc#919589). * kabi: fix for changes in the sysfs_dirent structure (bnc#919589). * iommu/amd: Correctly encode huge pages in iommu page tables (bsc#931014). * iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte interface (bsc#931014). * iommu/amd: Optimize alloc_new_range for new fetch_pte interface (bsc#931014). * iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface (bsc#931014). * iommu/amd: Return the pte page-size in fetch_pte (bsc#931014). * rtc: Prevent the automatic reboot after powering off the system (bnc#930145) * rtc: Restore the RTC alarm time to the configured alarm time in BIOS Setup (bnc#930145, bnc#927262). * rtc: Add more TGCS models for alarm disable quirk (bnc#927262). * kernel: Fix IA64 kernel/kthread.c build woes. Hide #include <1/hardirq.h> from kABI checker. * cpu: Correct cpu affinity for dlpar added cpus (bsc#928970). * proc: deal with deadlock in d_walk fix (bnc#929148, bnc#929283). * proc: /proc/stat: convert to single_open_size() (bnc#928122). * proc: new helper: single_open_size() (bnc#928122). * proc: speed up /proc/stat handling (bnc#928122). * sched: Fix potential near-infinite distribute_cfs_runtime() loop (bnc#930786) * tty: Correct tty buffer flush (bnc#929647). * tty: hold lock across tty buffer finding and buffer filling (bnc#929647). * fork: report pid reservation failure properly (bnc#909684). * random: Fix add_timer_randomness throttling (bsc#904883,bsc#904901,FATE#317374). * random: account for entropy loss due to overwrites (FATE#317374). * random: allow fractional bits to be tracked (FATE#317374). * random: statically compute poolbitshift, poolbytes, poolbits (FATE#317374). * crypto: Limit allocation of crypto mechanisms to dialect which requires (bnc#925729). * net: relax rcvbuf limits (bug#923344). * udp: only allow UFO for packets from SOCK_DGRAM sockets (bnc#909309). * acpi / sysfs: Treat the count field of counter_show() as unsigned (bnc#909312). * acpi / osl: speedup grace period in acpi_os_map_cleanup (bnc#877456). * btrfs: upstream fixes from 3.18 * btrfs: fix race when reusing stale extent buffers that leads to BUG_ON. * btrfs: btrfs_release_extent_buffer_page did not free pages of dummy extent (bnc#930226, bnc#916521). * btrfs: set error return value in btrfs_get_blocks_direct. * btrfs: fix off-by-one in cow_file_range_inline(). * btrfs: wake up transaction thread from SYNC_FS ioctl. * btrfs: fix wrong fsid check of scrub. * btrfs: try not to ENOSPC on log replay. * btrfs: fix build_backref_tree issue with multiple shared blocks. * btrfs: add missing end_page_writeback on submit_extent_page failure. * btrfs: fix crash of btrfs_release_extent_buffer_page. * btrfs: fix race in WAIT_SYNC ioctl. * btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup. * btrfs: cleanup orphans while looking up default subvolume (bsc#914818). * btrfs: fix lost return value due to variable shadowing. * btrfs: abort the transaction if we fail to update the free space cache inode. * btrfs: fix scheduler warning when syncing log. * btrfs: add more checks to btrfs_read_sys_array. * btrfs: cleanup, rename a few variables in btrfs_read_sys_array. * btrfs: add checks for sys_chunk_array sizes. * btrfs: more superblock checks, lower bounds on devices and sectorsize/nodesize. * btrfs: fix setup_leaf_for_split() to avoid leaf corruption. * btrfs: fix typos in btrfs_check_super_valid. * btrfs: use macro accessors in superblock validation checks. * btrfs: add more superblock checks. * btrfs: avoid premature -ENOMEM in clear_extent_bit(). * btrfs: avoid returning -ENOMEM in convert_extent_bit() too early. * btrfs: call inode_dec_link_count() on mkdir error path. * btrfs: fix fs corruption on transaction abort if device supports discard. * btrfs: make sure we wait on logged extents when fsycning two subvols. * btrfs: make xattr replace operations atomic. * xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (bnc#913080, bnc#912741). * xfs: prevent deadlock trying to cover an active log (bsc#917093). * xfs: introduce xfs_bmapi_read() (bnc#891641). * xfs: factor extent map manipulations out of xfs_bmapi (bnc#891641). * nfs: Fix a regression in nfs_file_llseek() (bnc#930401). * nfs: do not try to use lock state when we hold a delegation (bnc#831029) - add to series.conf * sunrpc: Fix the execution time statistics in the face of RPC restarts (bnc#924271). * fsnotify: Fix handling of renames in audit (bnc#915200). * configfs: fix race between dentry put and lookup (bnc#924333). * fs/pipe.c: add ->statfs callback for pipefs (bsc#916848). * fs/buffer.c: make block-size be per-page and protected by the page lock (bnc#919357). * st: fix corruption of the st_modedef structures in st_set_options() (bnc#928333). * lpfc: Fix race on command completion (bnc#906027,bnc#889221). * cifs: fix use-after-free bug in find_writable_file (bnc#909477). * sysfs: Make sysfs_rename safe with sysfs_dirents in rbtrees (bnc#919589). * sysfs: use rb-tree for inode number lookup (bnc#919589). * sysfs: use rb-tree for name lookups (bnc#919589). * dasd: Fix inability to set a DASD device offline (bnc#927338, LTC#123905). * dasd: Fix device having no paths after suspend/resume (bnc#927338, LTC#123896). * dasd: Fix unresumed device after suspend/resume (bnc#927338, LTC#123892). * dasd: Missing partition after online processing (bnc#917120, LTC#120565). * af_iucv: fix AF_IUCV sendmsg() errno (bnc#927338, LTC#123304). * s390: avoid z13 cache aliasing (bnc#925012). * s390: enable large page support with CONFIG_DEBUG_PAGEALLOC (bnc#925012). * s390: z13 base performance (bnc#925012, LTC#KRN1514). * s390/spinlock: cleanup spinlock code (bnc#925012). * s390/spinlock: optimize spinlock code sequence (bnc#925012). * s390/spinlock,rwlock: always to a load-and-test first (bnc#925012). * s390/spinlock: refactor arch_spin_lock_wait[_flags] (bnc#925012). * s390/spinlock: optimize spin_unlock code (bnc#925012). * s390/rwlock: add missing local_irq_restore calls (bnc#925012). * s390/time: use stck clock fast for do_account_vtime (bnc#925012). * s390/kernel: use stnsm 255 instead of stosm 0 (bnc#925012). * s390/mm: align 64-bit PIE binaries to 4GB (bnc#925012). * s390/mm: use pfmf instruction to initialize storage keys (bnc#925012). * s390/mm: speedup storage key initialization (bnc#925012). * s390/memory hotplug: initialize storage keys (bnc#925012). * s390/memory hotplug: use pfmf instruction to initialize storage keys (bnc#925012). * s390/facilities: cleanup PFMF and HPAGE machine facility detection (bnc#925012). * powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH (bsc#928142). * powerpc+sparc64/mm: Remove hack in mmap randomize layout (bsc#917839). * powerpc: Make chip-id information available to userspace (bsc#919682). * powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds the allowed address space (bsc#930669). * ib/ipoib: Add missing locking when CM object is deleted (bsc#924340). * ib/ipoib: Fix RCU pointer dereference of wrong object (bsc#924340). * IPoIB: Fix race in deleting ipoib_neigh entries (bsc#924340). * IPoIB: Fix ipoib_neigh hashing to use the correct daddr octets (bsc#924340). * IPoIB: Fix AB-BA deadlock when deleting neighbours (bsc#924340). * IPoIB: Fix memory leak in the neigh table deletion flow (bsc#924340). * ch: fixup refcounting imbalance for SCSI devices (bsc#925443). * ch: remove ch_mutex (bnc#925443). * DLPAR memory add failed on Linux partition (bsc#927190). * Revert "pseries/iommu: Remove DDW on kexec" (bsc#926016). * Revert "powerpc/pseries/iommu: remove default window before attempting DDW manipulation" (bsc#926016). * alsa: hda_intel: apply the Seperate stream_tag for Sunrise Point (bsc#925370). * alsa: hda_intel: apply the Seperate stream_tag for Skylake (bsc#925370). * alsa: hda_controller: Separate stream_tag for input and output streams (bsc#925370). * md: do not give up looking for spares on first failure-to-add (bnc#908706). * md: fix safe_mode buglet (bnc#926767). * md: do not wait for plug_cnt to go to zero (bnc#891641). * epoll: fix use-after-free in eventpoll_release_file (epoll scaling). * eventpoll: use-after-possible-free in epoll_create1() (bug#917648). * direct-io: do not read inode->i_blkbits multiple times (bnc#919357). * scsifront: do not use bitfields for indicators modified under different locks. * msi: also reject resource with flags all clear. * pvscsi: support suspend/resume (bsc#902286). * Do not switch internal CDC device on IBM NeXtScale nx360 M5 (bnc#913598). * dm: optimize use SRCU and RCU (bnc#910517). * uvc: work on XHCI controllers without ring expansion (bnc#915045). * qla2xxx: Do not crash system for sp ref count zero (bnc#891212,bsc#917684). * megaraid_sas : Update threshold based reply post host index register (bnc#919808). * bnx2x: Fix kdump when iommu=on (bug#921769). * Provide/Obsolete all subpackages of old flavors (bnc#925567) * tgcs: Ichigan 6140-x3x Integrated touchscreen is not precised (bnc#924142). Security Issues: * CVE-2014-8086 * CVE-2014-8159 * CVE-2014-9419 * CVE-2014-9529 * CVE-2014-9683 * CVE-2015-0777 * CVE-2015-1421 * CVE-2015-2041 * CVE-2015-2042 * CVE-2015-2150 * CVE-2015-2830 * CVE-2015-2922 * CVE-2015-3331 * CVE-2015-3339 * CVE-2015-3636 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel=10717 slessp3-kernel=10740 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel=10717 slessp3-kernel=10718 slessp3-kernel=10719 slessp3-kernel=10720 slessp3-kernel=10740 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel=10717 slehasp3-kernel=10718 slehasp3-kernel=10719 slehasp3-kernel=10720 slehasp3-kernel=10740 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel=10717 sledsp3-kernel=10740 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.55.1 kernel-default-base-3.0.101-0.47.55.1 kernel-default-devel-3.0.101-0.47.55.1 kernel-source-3.0.101-0.47.55.1 kernel-syms-3.0.101-0.47.55.1 kernel-trace-3.0.101-0.47.55.1 kernel-trace-base-3.0.101-0.47.55.1 kernel-trace-devel-3.0.101-0.47.55.1 kernel-xen-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.55.1 kernel-pae-base-3.0.101-0.47.55.1 kernel-pae-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.55.1 kernel-default-base-3.0.101-0.47.55.1 kernel-default-devel-3.0.101-0.47.55.1 kernel-source-3.0.101-0.47.55.1 kernel-syms-3.0.101-0.47.55.1 kernel-trace-3.0.101-0.47.55.1 kernel-trace-base-3.0.101-0.47.55.1 kernel-trace-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.47.55.1 kernel-ec2-base-3.0.101-0.47.55.1 kernel-ec2-devel-3.0.101-0.47.55.1 kernel-xen-3.0.101-0.47.55.1 kernel-xen-base-3.0.101-0.47.55.1 kernel-xen-devel-3.0.101-0.47.55.1 xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-3.0.101-0.47.55.1 kernel-bigsmp-base-3.0.101-0.47.55.1 kernel-bigsmp-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.47.55.1 kernel-ppc64-base-3.0.101-0.47.55.1 kernel-ppc64-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.55.1 kernel-pae-base-3.0.101-0.47.55.1 kernel-pae-devel-3.0.101-0.47.55.1 xen-kmp-pae-4.2.5_08_3.0.101_0.47.55-0.7.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.47.55-2.28.1.21 cluster-network-kmp-trace-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-default-2_3.0.101_0.47.55-0.17.1.21 gfs2-kmp-trace-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-default-1.6_3.0.101_0.47.55-0.21.1.21 ocfs2-kmp-trace-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-xen-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-xen-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise High Availability Extension 11 SP3 (x86_64): cluster-network-kmp-bigsmp-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-bigsmp-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-bigsmp-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-ppc64-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-ppc64-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-pae-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-pae-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.55.1 kernel-default-base-3.0.101-0.47.55.1 kernel-default-devel-3.0.101-0.47.55.1 kernel-default-extra-3.0.101-0.47.55.1 kernel-source-3.0.101-0.47.55.1 kernel-syms-3.0.101-0.47.55.1 kernel-trace-devel-3.0.101-0.47.55.1 kernel-xen-3.0.101-0.47.55.1 kernel-xen-base-3.0.101-0.47.55.1 kernel-xen-devel-3.0.101-0.47.55.1 kernel-xen-extra-3.0.101-0.47.55.1 xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.55.1 kernel-pae-base-3.0.101-0.47.55.1 kernel-pae-devel-3.0.101-0.47.55.1 kernel-pae-extra-3.0.101-0.47.55.1 xen-kmp-pae-4.2.5_08_3.0.101_0.47.55-0.7.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.55.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.47.55.1 - SLE 11 SERVER Unsupported Extras (x86_64): kernel-bigsmp-extra-3.0.101-0.47.55.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.47.55.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.47.55.1 References: https://www.suse.com/security/cve/CVE-2014-8086.html https://www.suse.com/security/cve/CVE-2014-8159.html https://www.suse.com/security/cve/CVE-2014-9419.html https://www.suse.com/security/cve/CVE-2014-9529.html https://www.suse.com/security/cve/CVE-2014-9683.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1421.html https://www.suse.com/security/cve/CVE-2015-2041.html https://www.suse.com/security/cve/CVE-2015-2042.html https://www.suse.com/security/cve/CVE-2015-2150.html https://www.suse.com/security/cve/CVE-2015-2830.html https://www.suse.com/security/cve/CVE-2015-2922.html https://www.suse.com/security/cve/CVE-2015-3331.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-3636.html https://bugzilla.suse.com/831029 https://bugzilla.suse.com/877456 https://bugzilla.suse.com/889221 https://bugzilla.suse.com/891212 https://bugzilla.suse.com/891641 https://bugzilla.suse.com/900881 https://bugzilla.suse.com/902286 https://bugzilla.suse.com/904242 https://bugzilla.suse.com/904883 https://bugzilla.suse.com/904901 https://bugzilla.suse.com/906027 https://bugzilla.suse.com/908706 https://bugzilla.suse.com/909309 https://bugzilla.suse.com/909312 https://bugzilla.suse.com/909477 https://bugzilla.suse.com/909684 https://bugzilla.suse.com/910517 https://bugzilla.suse.com/911326 https://bugzilla.suse.com/912202 https://bugzilla.suse.com/912741 https://bugzilla.suse.com/913080 https://bugzilla.suse.com/913598 https://bugzilla.suse.com/914726 https://bugzilla.suse.com/914742 https://bugzilla.suse.com/914818 https://bugzilla.suse.com/914987 https://bugzilla.suse.com/915045 https://bugzilla.suse.com/915200 https://bugzilla.suse.com/915577 https://bugzilla.suse.com/916521 https://bugzilla.suse.com/916848 https://bugzilla.suse.com/917093 https://bugzilla.suse.com/917120 https://bugzilla.suse.com/917648 https://bugzilla.suse.com/917684 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/917839 https://bugzilla.suse.com/918333 https://bugzilla.suse.com/919007 https://bugzilla.suse.com/919018 https://bugzilla.suse.com/919357 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/919589 https://bugzilla.suse.com/919682 https://bugzilla.suse.com/919808 https://bugzilla.suse.com/921769 https://bugzilla.suse.com/922583 https://bugzilla.suse.com/923344 https://bugzilla.suse.com/924142 https://bugzilla.suse.com/924271 https://bugzilla.suse.com/924333 https://bugzilla.suse.com/924340 https://bugzilla.suse.com/925012 https://bugzilla.suse.com/925370 https://bugzilla.suse.com/925443 https://bugzilla.suse.com/925567 https://bugzilla.suse.com/925729 https://bugzilla.suse.com/926016 https://bugzilla.suse.com/926240 https://bugzilla.suse.com/926439 https://bugzilla.suse.com/926767 https://bugzilla.suse.com/927190 https://bugzilla.suse.com/927257 https://bugzilla.suse.com/927262 https://bugzilla.suse.com/927338 https://bugzilla.suse.com/928122 https://bugzilla.suse.com/928130 https://bugzilla.suse.com/928142 https://bugzilla.suse.com/928333 https://bugzilla.suse.com/928970 https://bugzilla.suse.com/929145 https://bugzilla.suse.com/929148 https://bugzilla.suse.com/929283 https://bugzilla.suse.com/929525 https://bugzilla.suse.com/929647 https://bugzilla.suse.com/930145 https://bugzilla.suse.com/930171 https://bugzilla.suse.com/930226 https://bugzilla.suse.com/930284 https://bugzilla.suse.com/930401 https://bugzilla.suse.com/930669 https://bugzilla.suse.com/930786 https://bugzilla.suse.com/930788 https://bugzilla.suse.com/931014 https://bugzilla.suse.com/931015 https://bugzilla.suse.com/931850 https://download.suse.com/patch/finder/?keywords=03bfa6c75cb5a4cc6051fbc3690140d3 https://download.suse.com/patch/finder/?keywords=33f906d57c7adfdab2c5c7c702cdcc35 https://download.suse.com/patch/finder/?keywords=3e0de0ca574129367fbd700f1fcd6a34 https://download.suse.com/patch/finder/?keywords=613faa6f2a4360fe9998cf1191971acd https://download.suse.com/patch/finder/?keywords=75c42977aa44422b8e12040ea373b902 https://download.suse.com/patch/finder/?keywords=81a75ad520ef4ea9b9c573a7a188dc57 https://download.suse.com/patch/finder/?keywords=8c54aaa27bf9a5984cc9911a7413d962 https://download.suse.com/patch/finder/?keywords=ad2768d3cc62a7649f30b1411b1594c7 https://download.suse.com/patch/finder/?keywords=ba8477a089d848b7d15e1cde80ddf9a0 https://download.suse.com/patch/finder/?keywords=eafe120fa23e6b5da6394f829b734878 From sle-security-updates at lists.suse.com Thu Jul 2 13:05:18 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jul 2015 21:05:18 +0200 (CEST) Subject: SUSE-SU-2015:1177-1: important: Security update for MySQL Message-ID: <20150702190518.6338E320B3@maintenance.suse.de> SUSE Security Update: Security update for MySQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1177-1 Rating: important References: #934789 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update fixes the following security issue: * Logjam Attack: MySQL uses 512 bit dh groups in SSL (bnc#934789) Security Issues: * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libmysql55client18=10826 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libmysql55client18=10826 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libmysql55client18=10826 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libmysql55client18=10826 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.43-0.9.1 libmysqlclient_r15-32bit-5.0.96-0.8.8.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libmysql55client_r18-x86-5.5.43-0.9.1 libmysqlclient_r15-x86-5.0.96-0.8.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 5.5.43]: libmysql55client18-5.5.43-0.9.1 libmysql55client_r18-5.5.43-0.9.1 libmysqlclient15-5.0.96-0.8.8.1 libmysqlclient_r15-5.0.96-0.8.8.1 mysql-5.5.43-0.9.1 mysql-client-5.5.43-0.9.1 mysql-tools-5.5.43-0.9.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 5.5.43]: libmysql55client18-32bit-5.5.43-0.9.1 libmysqlclient15-32bit-5.0.96-0.8.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.5.43]: libmysql55client18-5.5.43-0.9.1 libmysql55client_r18-5.5.43-0.9.1 libmysqlclient15-5.0.96-0.8.8.1 libmysqlclient_r15-5.0.96-0.8.8.1 mysql-5.5.43-0.9.1 mysql-client-5.5.43-0.9.1 mysql-tools-5.5.43-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 5.5.43]: libmysql55client18-32bit-5.5.43-0.9.1 libmysqlclient15-32bit-5.0.96-0.8.8.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 5.5.43]: libmysql55client18-x86-5.5.43-0.9.1 libmysqlclient15-x86-5.0.96-0.8.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 5.5.43]: libmysql55client18-5.5.43-0.9.1 libmysql55client_r18-5.5.43-0.9.1 libmysqlclient15-5.0.96-0.8.8.1 libmysqlclient_r15-5.0.96-0.8.8.1 mysql-5.5.43-0.9.1 mysql-client-5.5.43-0.9.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 5.5.43]: libmysql55client18-32bit-5.5.43-0.9.1 libmysql55client_r18-32bit-5.5.43-0.9.1 libmysqlclient15-32bit-5.0.96-0.8.8.1 libmysqlclient_r15-32bit-5.0.96-0.8.8.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/934789 https://download.suse.com/patch/finder/?keywords=753e69cc9c9eccad4cba2c1ef6809885 From sle-security-updates at lists.suse.com Fri Jul 3 02:05:28 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 10:05:28 +0200 (CEST) Subject: SUSE-SU-2015:1179-1: moderate: Security update for libgcrypt Message-ID: <20150703080528.D330D320B3@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1179-1 Rating: moderate References: #896202 #896435 #898003 #899524 #900275 #900276 #905483 #920057 #928740 #929919 Cross-References: CVE-2014-3591 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements. libgcrypt now uses ciphertext blinding for Elgamal decryption (CVE-2014-3591) FIPS 140-2 related changes: * The library performs its self-tests when the module is complete (the -hmac file is also installed). * Added a NIST 800-90a compliant DRBG. * Change DSA key generation to be FIPS 186-4 compliant. * Change RSA key generation to be FIPS 186-4 compliant. * Enable HW support in fips mode (bnc#896435) * Make DSA selftest use 2048 bit keys (bnc#898003) * Added ECDSA selftests and add support for it to the CAVS testing framework (bnc#896202) * Various CAVS testing improvements. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-296=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-296=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-296=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-13.1 libgcrypt-devel-1.6.1-13.1 libgcrypt-devel-debuginfo-1.6.1-13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-13.1 libgcrypt20-1.6.1-13.1 libgcrypt20-debuginfo-1.6.1-13.1 libgcrypt20-hmac-1.6.1-13.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgcrypt20-32bit-1.6.1-13.1 libgcrypt20-debuginfo-32bit-1.6.1-13.1 libgcrypt20-hmac-32bit-1.6.1-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgcrypt-debugsource-1.6.1-13.1 libgcrypt20-1.6.1-13.1 libgcrypt20-32bit-1.6.1-13.1 libgcrypt20-debuginfo-1.6.1-13.1 libgcrypt20-debuginfo-32bit-1.6.1-13.1 References: https://www.suse.com/security/cve/CVE-2014-3591.html https://bugzilla.suse.com/896202 https://bugzilla.suse.com/896435 https://bugzilla.suse.com/898003 https://bugzilla.suse.com/899524 https://bugzilla.suse.com/900275 https://bugzilla.suse.com/900276 https://bugzilla.suse.com/905483 https://bugzilla.suse.com/920057 https://bugzilla.suse.com/928740 https://bugzilla.suse.com/929919 From sle-security-updates at lists.suse.com Fri Jul 3 06:05:20 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 14:05:20 +0200 (CEST) Subject: SUSE-SU-2015:1181-1: important: Security update for OpenSSL Message-ID: <20150703120520.CE2FE320B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1181-1 Rating: important References: #929678 #931698 #934487 #934489 #934491 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 Affected Products: SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: OpenSSL was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-4000 Package List: - SLE CLIENT TOOLS 10 for x86_64 (x86_64): openssl-0.9.8a-18.92.1 openssl-32bit-0.9.8a-18.92.1 - SLE CLIENT TOOLS 10 for s390x (s390x): openssl-0.9.8a-18.92.1 openssl-32bit-0.9.8a-18.92.1 - SLE CLIENT TOOLS 10 (i586): openssl-0.9.8a-18.92.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://download.suse.com/patch/finder/?keywords=4a7ecd7eeea5e8090f179934ad1b1b02 From sle-security-updates at lists.suse.com Fri Jul 3 06:06:17 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 14:06:17 +0200 (CEST) Subject: SUSE-SU-2015:1182-1: important: Security update for OpenSSL Message-ID: <20150703120617.4F396320B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1182-1 Rating: important References: #879179 #929678 #931698 #933898 #933911 #934487 #934489 #934491 #934493 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 Affected Products: SUSE Studio Onsite 1.3 SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has two fixes is now available. Description: OpenSSL 0.9.8k was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-3216 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-libopenssl-devel=10780 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-libopenssl-devel=10780 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.72.1 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/879179 https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933898 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://download.suse.com/patch/finder/?keywords=5f8d475ae46705d05176f539f9c56674 From sle-security-updates at lists.suse.com Fri Jul 3 07:05:21 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 15:05:21 +0200 (CEST) Subject: SUSE-SU-2015:1183-1: important: Security update for OpenSSL Message-ID: <20150703130521.3ACD7320B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1183-1 Rating: important References: #929678 #931698 #934489 #934491 Cross-References: CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP2 SUSE Linux Enterprise for SAP Applications 11 SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: OpenSSL was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Security Issues: * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP2: zypper in -t patch slesapp2-compat-openssl097g=10802 - SUSE Linux Enterprise for SAP Applications 11 SP1: zypper in -t patch slesapp1-compat-openssl097g=10793 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP2 (x86_64): compat-openssl097g-0.9.7g-146.22.31.1 compat-openssl097g-32bit-0.9.7g-146.22.31.1 - SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64): compat-openssl097g-0.9.7g-146.22.31.1 compat-openssl097g-32bit-0.9.7g-146.22.31.1 References: https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://download.suse.com/patch/finder/?keywords=988a9debe1ac4ac25cd6b815d5382398 https://download.suse.com/patch/finder/?keywords=b18733973cc66be5941bc1514b5749d4 From sle-security-updates at lists.suse.com Fri Jul 3 08:05:23 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 16:05:23 +0200 (CEST) Subject: SUSE-SU-2015:1184-1: important: Security update for OpenSSL Message-ID: <20150703140523.25A53320B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1184-1 Rating: important References: #929678 #931698 #933911 #934487 #934489 #934491 #934493 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. It includes one version update. Description: OpenSSL 0.9.8j was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-3216 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libopenssl-devel=10794 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.72.1 libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://download.suse.com/patch/finder/?keywords=ab1c52f77471cf8a61e7eae79f57f9bf From sle-security-updates at lists.suse.com Fri Jul 3 08:06:37 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 16:06:37 +0200 (CEST) Subject: SUSE-SU-2015:1185-1: important: Security update for OpenSSL Message-ID: <20150703140637.60EB2320B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1185-1 Rating: important References: #929678 #931698 #933911 #934487 #934489 #934491 #934493 #934494 Cross-References: CVE-2014-8176 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Security Module 11 SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: OpenSSL 1.0.1 was updated to fix several security issues: * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2014-8176: Fixed an invalid free in DTLS. * Fixed a timing side channel in RSA decryption. (bsc#929678) Security Issues: * CVE-2014-8176 * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-libopenssl1-devel=10778 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.30.1 libopenssl1_0_0-1.0.1g-0.30.1 openssl1-1.0.1g-0.30.1 openssl1-doc-1.0.1g-0.30.1 - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.30.1 - SUSE Linux Enterprise Security Module 11 SP3 (ia64): libopenssl1_0_0-x86-1.0.1g-0.30.1 References: https://www.suse.com/security/cve/CVE-2014-8176.html https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://bugzilla.suse.com/934494 https://download.suse.com/patch/finder/?keywords=5afbe87912753d6ca074e9e870b2093c From sle-security-updates at lists.suse.com Fri Jul 3 12:05:19 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 20:05:19 +0200 (CEST) Subject: SUSE-SU-2015:1184-2: important: Security update for OpenSSL Message-ID: <20150703180519.6A46E320B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1184-2 Rating: important References: #929678 #931698 #933911 #934487 #934489 #934491 #934493 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: OpenSSL 0.9.8j was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-3216 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libopenssl-devel=10795 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.72.1 libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://download.suse.com/patch/finder/?keywords=75ca56dc2ed43571b870081da3f3b615 From sle-security-updates at lists.suse.com Fri Jul 3 12:06:27 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 20:06:27 +0200 (CEST) Subject: SUSE-SU-2015:1181-2: important: Security update for OpenSSL Message-ID: <20150703180627.E53B8320B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1181-2 Rating: important References: #929678 #931698 #934487 #934489 #934491 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: OpenSSL was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-4000 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.92.1 openssl-devel-0.9.8a-18.92.1 openssl-doc-0.9.8a-18.92.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.92.1 openssl-devel-32bit-0.9.8a-18.92.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://download.suse.com/patch/finder/?keywords=9f7ad0f893ed0c841ceae726daca55cd From sle-security-updates at lists.suse.com Fri Jul 3 12:07:29 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 20:07:29 +0200 (CEST) Subject: SUSE-SU-2015:1182-2: important: Security update for OpenSSL Message-ID: <20150703180729.D67E4320B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1182-2 Rating: important References: #879179 #929678 #931698 #933898 #933911 #934487 #934489 #934491 #934493 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has two fixes is now available. Description: OpenSSL 0.9.8k was updated to fix several security issues: * CVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * Fixed a timing side channel in RSA decryption. (bsc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698) * Added the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-3216 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libopenssl-devel=10781 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libopenssl-devel=10781 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libopenssl-devel=10781 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libopenssl-devel=10781 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libopenssl0_9_8-x86-0.9.8j-0.72.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.72.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/879179 https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933898 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://download.suse.com/patch/finder/?keywords=fcf228a4143edf49a5ca32558bfe9721 From sle-security-updates at lists.suse.com Fri Jul 3 12:08:42 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2015 20:08:42 +0200 (CEST) Subject: SUSE-SU-2015:1183-2: important: Security update for OpenSSL Message-ID: <20150703180842.CD75E320B3@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1183-2 Rating: important References: #929678 #931698 #934489 #934491 Cross-References: CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 SLES for SAP Applications ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: OpenSSL was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Security Issues: * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-compat-openssl097g=10790 - SLES for SAP Applications: zypper in -t patch slesappsp3-compat-openssl097g=10790 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): compat-openssl097g-0.9.7g-13.31.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): compat-openssl097g-32bit-0.9.7g-13.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.31.1 - SLES for SAP Applications (x86_64): compat-openssl097g-0.9.7g-146.22.31.1 compat-openssl097g-32bit-0.9.7g-146.22.31.1 References: https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://download.suse.com/patch/finder/?keywords=31613a0a584dc47c4e6779e1a0a09b87 https://download.suse.com/patch/finder/?keywords=9cebc5e391114f90b2cb9133b6763127 From sle-security-updates at lists.suse.com Mon Jul 6 02:05:22 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2015 10:05:22 +0200 (CEST) Subject: SUSE-SU-2015:1196-1: moderate: Security update for strongswan Message-ID: <20150706080522.9D72F320B3@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1196-1 Rating: moderate References: #933591 Cross-References: CVE-2015-4171 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Strongswan was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-4171: Rogue servers were able to authenticate themselves with certificate issued by any CA the client trusts, to gain user credentials from a client in certain IKEv2 setups (bsc#933591) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-297=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-297=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): strongswan-5.1.3-18.1 strongswan-debugsource-5.1.3-18.1 strongswan-hmac-5.1.3-18.1 strongswan-ipsec-5.1.3-18.1 strongswan-ipsec-debuginfo-5.1.3-18.1 strongswan-libs0-5.1.3-18.1 strongswan-libs0-debuginfo-5.1.3-18.1 - SUSE Linux Enterprise Server 12 (noarch): strongswan-doc-5.1.3-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): strongswan-5.1.3-18.1 strongswan-debugsource-5.1.3-18.1 strongswan-ipsec-5.1.3-18.1 strongswan-ipsec-debuginfo-5.1.3-18.1 strongswan-libs0-5.1.3-18.1 strongswan-libs0-debuginfo-5.1.3-18.1 - SUSE Linux Enterprise Desktop 12 (noarch): strongswan-doc-5.1.3-18.1 References: https://www.suse.com/security/cve/CVE-2015-4171.html https://bugzilla.suse.com/933591 From sle-security-updates at lists.suse.com Wed Jul 8 07:08:18 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2015 15:08:18 +0200 (CEST) Subject: SUSE-SU-2015:1204-1: moderate: Security update for bind Message-ID: <20150708130818.182E232076@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1204-1 Rating: moderate References: #918330 #936476 Cross-References: CVE-2015-1349 CVE-2015-4620 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: bind was updated to fix two security issues. These security issues were fixed: - CVE-2015-1349: Named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allowed remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use (bsc#918330). - CVE-2015-4620: Fixed resolver crash when validating (bsc#936476). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-300=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-300=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-300=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.6P1-18.1 bind-debugsource-9.9.6P1-18.1 bind-devel-9.9.6P1-18.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.6P1-18.1 bind-chrootenv-9.9.6P1-18.1 bind-debuginfo-9.9.6P1-18.1 bind-debugsource-9.9.6P1-18.1 bind-libs-9.9.6P1-18.1 bind-libs-debuginfo-9.9.6P1-18.1 bind-utils-9.9.6P1-18.1 bind-utils-debuginfo-9.9.6P1-18.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.6P1-18.1 bind-libs-debuginfo-32bit-9.9.6P1-18.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.6P1-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.6P1-18.1 bind-debugsource-9.9.6P1-18.1 bind-libs-32bit-9.9.6P1-18.1 bind-libs-9.9.6P1-18.1 bind-libs-debuginfo-32bit-9.9.6P1-18.1 bind-libs-debuginfo-9.9.6P1-18.1 bind-utils-9.9.6P1-18.1 bind-utils-debuginfo-9.9.6P1-18.1 References: https://www.suse.com/security/cve/CVE-2015-1349.html https://www.suse.com/security/cve/CVE-2015-4620.html https://bugzilla.suse.com/918330 https://bugzilla.suse.com/936476 From sle-security-updates at lists.suse.com Wed Jul 8 08:08:17 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2015 16:08:17 +0200 (CEST) Subject: SUSE-SU-2015:1205-1: important: Security update for bind Message-ID: <20150708140817.64AAA320B2@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1205-1 Rating: important References: #918330 #936476 Cross-References: CVE-2015-1349 CVE-2015-4620 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: bind was updated to fix two security issues: * CVE-2015-1349: A problem with trust anchor management could have caused named to crash (bsc#918330). * CVE-2015-4620: Fix resolver crash when validating (bsc#936476). Security Issues: * CVE-2015-1349 * CVE-2015-4620 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bind=10833 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bind=10833 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bind=10833 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bind=10833 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.6P1]: bind-devel-9.9.6P1-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64) [New Version: 9.9.6P1]: bind-devel-32bit-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 9.9.6P1]: bind-9.9.6P1-0.7.1 bind-chrootenv-9.9.6P1-0.7.1 bind-doc-9.9.6P1-0.7.1 bind-libs-9.9.6P1-0.7.1 bind-utils-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.6P1]: bind-9.9.6P1-0.7.1 bind-chrootenv-9.9.6P1-0.7.1 bind-doc-9.9.6P1-0.7.1 bind-libs-9.9.6P1-0.7.1 bind-utils-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 9.9.6P1]: bind-libs-x86-9.9.6P1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 9.9.6P1]: bind-libs-9.9.6P1-0.7.1 bind-utils-9.9.6P1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.7.1 References: https://www.suse.com/security/cve/CVE-2015-1349.html https://www.suse.com/security/cve/CVE-2015-4620.html https://bugzilla.suse.com/918330 https://bugzilla.suse.com/936476 https://download.suse.com/patch/finder/?keywords=62fe9017ea5999fde9990f72b72740da From sle-security-updates at lists.suse.com Wed Jul 8 09:08:08 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2015 17:08:08 +0200 (CEST) Subject: SUSE-SU-2015:1206-1: important: Security update for Xen Message-ID: <20150708150808.9EDC0320B2@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1206-1 Rating: important References: #932770 #932996 Cross-References: CVE-2015-3209 CVE-2015-4164 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Xen was updated to fix two security issues: * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bsc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bsc#932996) Security Issues: * CVE-2015-4164 * CVE-2015-3209 Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): xen-3.2.3_17040_46-0.17.1 xen-devel-3.2.3_17040_46-0.17.1 xen-doc-html-3.2.3_17040_46-0.17.1 xen-doc-pdf-3.2.3_17040_46-0.17.1 xen-doc-ps-3.2.3_17040_46-0.17.1 xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-libs-3.2.3_17040_46-0.17.1 xen-tools-3.2.3_17040_46-0.17.1 xen-tools-domU-3.2.3_17040_46-0.17.1 xen-tools-ioemu-3.2.3_17040_46-0.17.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_46-0.17.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 References: https://www.suse.com/security/cve/CVE-2015-3209.html https://www.suse.com/security/cve/CVE-2015-4164.html https://bugzilla.suse.com/932770 https://bugzilla.suse.com/932996 https://download.suse.com/patch/finder/?keywords=f26fb5291b18bbfa26447df16a7ab90f From sle-security-updates at lists.suse.com Wed Jul 8 10:08:18 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2015 18:08:18 +0200 (CEST) Subject: SUSE-SU-2015:1208-1: moderate: Security update for python-keystoneclient Message-ID: <20150708160818.5BC74320B2@maintenance.suse.de> SUSE Security Update: Security update for python-keystoneclient ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1208-1 Rating: moderate References: #928205 Cross-References: CVE-2015-1852 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The python-keystoneclient was updated to fix one security issues. The following vulnerability was fixed: - bsc#928205: S3Token TLS cert verification option not honored (CVE-2015-1852) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-303=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-keystoneclient-1.0.0-16.1 python-keystoneclient-doc-1.0.0-16.1 References: https://www.suse.com/security/cve/CVE-2015-1852.html https://bugzilla.suse.com/928205 From sle-security-updates at lists.suse.com Thu Jul 9 03:08:11 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Jul 2015 11:08:11 +0200 (CEST) Subject: SUSE-SU-2015:1211-1: critical: Security update for flash-player Message-ID: <20150709090811.8F386320A4@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1211-1 Rating: critical References: #937339 Cross-References: CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: flash-player was updated to fix 35 security issues. These security issues were fixed: - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3126, CVE-2015-4429: Null pointer dereference issues (bsc#937339). - CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339). - CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339). - CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-306=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-306=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.481-93.1 flash-player-gnome-11.2.202.481-93.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.481-93.1 flash-player-gnome-11.2.202.481-93.1 References: https://www.suse.com/security/cve/CVE-2014-0578.html https://www.suse.com/security/cve/CVE-2015-3114.html https://www.suse.com/security/cve/CVE-2015-3115.html https://www.suse.com/security/cve/CVE-2015-3116.html https://www.suse.com/security/cve/CVE-2015-3117.html https://www.suse.com/security/cve/CVE-2015-3118.html https://www.suse.com/security/cve/CVE-2015-3119.html https://www.suse.com/security/cve/CVE-2015-3120.html https://www.suse.com/security/cve/CVE-2015-3121.html https://www.suse.com/security/cve/CVE-2015-3122.html https://www.suse.com/security/cve/CVE-2015-3123.html https://www.suse.com/security/cve/CVE-2015-3124.html https://www.suse.com/security/cve/CVE-2015-3125.html https://www.suse.com/security/cve/CVE-2015-3126.html https://www.suse.com/security/cve/CVE-2015-3127.html https://www.suse.com/security/cve/CVE-2015-3128.html https://www.suse.com/security/cve/CVE-2015-3129.html https://www.suse.com/security/cve/CVE-2015-3130.html https://www.suse.com/security/cve/CVE-2015-3131.html https://www.suse.com/security/cve/CVE-2015-3132.html https://www.suse.com/security/cve/CVE-2015-3133.html https://www.suse.com/security/cve/CVE-2015-3134.html https://www.suse.com/security/cve/CVE-2015-3135.html https://www.suse.com/security/cve/CVE-2015-3136.html https://www.suse.com/security/cve/CVE-2015-3137.html https://www.suse.com/security/cve/CVE-2015-4428.html https://www.suse.com/security/cve/CVE-2015-4429.html https://www.suse.com/security/cve/CVE-2015-4430.html https://www.suse.com/security/cve/CVE-2015-4431.html https://www.suse.com/security/cve/CVE-2015-4432.html https://www.suse.com/security/cve/CVE-2015-4433.html https://www.suse.com/security/cve/CVE-2015-5116.html https://www.suse.com/security/cve/CVE-2015-5117.html https://www.suse.com/security/cve/CVE-2015-5118.html https://www.suse.com/security/cve/CVE-2015-5119.html https://bugzilla.suse.com/937339 From sle-security-updates at lists.suse.com Thu Jul 9 06:08:21 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Jul 2015 14:08:21 +0200 (CEST) Subject: SUSE-SU-2015:1214-1: critical: Security update for flash-player Message-ID: <20150709120821.B0C9D320B3@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1214-1 Rating: critical References: #937339 Cross-References: CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: flash-player was updated to fix 35 security issues. These security issues were fixed: - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3126, CVE-2015-4429: Null pointer dereference issues (bsc#937339). - CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339). - CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339). - CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-20150708-1=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-20150708-1=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.481-0.5.1 flash-player-gnome-11.2.202.481-0.5.1 flash-player-kde4-11.2.202.481-0.5.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.481-0.5.1 flash-player-gnome-11.2.202.481-0.5.1 flash-player-kde4-11.2.202.481-0.5.1 References: https://www.suse.com/security/cve/CVE-2014-0578.html https://www.suse.com/security/cve/CVE-2015-3114.html https://www.suse.com/security/cve/CVE-2015-3115.html https://www.suse.com/security/cve/CVE-2015-3116.html https://www.suse.com/security/cve/CVE-2015-3117.html https://www.suse.com/security/cve/CVE-2015-3118.html https://www.suse.com/security/cve/CVE-2015-3119.html https://www.suse.com/security/cve/CVE-2015-3120.html https://www.suse.com/security/cve/CVE-2015-3121.html https://www.suse.com/security/cve/CVE-2015-3122.html https://www.suse.com/security/cve/CVE-2015-3123.html https://www.suse.com/security/cve/CVE-2015-3124.html https://www.suse.com/security/cve/CVE-2015-3125.html https://www.suse.com/security/cve/CVE-2015-3126.html https://www.suse.com/security/cve/CVE-2015-3127.html https://www.suse.com/security/cve/CVE-2015-3128.html https://www.suse.com/security/cve/CVE-2015-3129.html https://www.suse.com/security/cve/CVE-2015-3130.html https://www.suse.com/security/cve/CVE-2015-3131.html https://www.suse.com/security/cve/CVE-2015-3132.html https://www.suse.com/security/cve/CVE-2015-3133.html https://www.suse.com/security/cve/CVE-2015-3134.html https://www.suse.com/security/cve/CVE-2015-3135.html https://www.suse.com/security/cve/CVE-2015-3136.html https://www.suse.com/security/cve/CVE-2015-3137.html https://www.suse.com/security/cve/CVE-2015-4428.html https://www.suse.com/security/cve/CVE-2015-4429.html https://www.suse.com/security/cve/CVE-2015-4430.html https://www.suse.com/security/cve/CVE-2015-4431.html https://www.suse.com/security/cve/CVE-2015-4432.html https://www.suse.com/security/cve/CVE-2015-4433.html https://www.suse.com/security/cve/CVE-2015-5116.html https://www.suse.com/security/cve/CVE-2015-5117.html https://www.suse.com/security/cve/CVE-2015-5118.html https://www.suse.com/security/cve/CVE-2015-5119.html https://bugzilla.suse.com/937339 From sle-security-updates at lists.suse.com Fri Jul 10 08:08:14 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Jul 2015 16:08:14 +0200 (CEST) Subject: SUSE-SU-2015:1224-1: important: Security update for the Linux Kernel Message-ID: <20150710140814.E037D320B3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1224-1 Rating: important References: #915517 #919007 #922583 #923908 #927355 #929525 #929647 #930786 #933429 #933896 #933904 #933907 #935705 #936831 Affected Products: SUSE Linux Enterprise Server 11-SP3-TERADATA ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix the following bugs and security issues. The following security issues have been fixed: - Update patches.fixes/udp-fix-behavior-of-wrong-checksums.patch (bsc#936831, CVE-2015-5364, CVE-2015-5366). - Btrfs: make xattr replace operations atomic (bnc#923908, CVE-2014-9710). - udp: fix behavior of wrong checksums (bsc#936831, CVE-2015-5364, CVE-2015-5366). - vfs: read file_handle only once in handle_to_path (bsc#915517, CVE-2015-1420). - x86: bpf_jit: fix compilation of large bpf programs (bnc#935705,CVE-2015-4700). - udf: Check length of extended attributes and allocation (bsc#936831, CVE-2015-5364, CVE-2015-5366). - Update patches.fixes/udf-Check-component-length-before-reading-it.patch (bsc#933904, CVE-2014-9728, CVE-2014-9730). - Update patches.fixes/udf-Verify-i_size-when-loading-inode.patch (bsc#933904, CVE-2014-9728, CVE-2014-9729). - Update patches.fixes/udf-Verify-symlink-size-before-loading-it.patch (bsc#933904, CVE-2014-9728). - Update patches.fixes/udf-Check-path-length-when-reading-symlink.patch (bnc#933896, CVE-2014-9731). - pipe: fix iov overrun for failed atomic copy (bsc#933429, CVE-2015-1805). - ipv6: Don't reduce hop limit for an interface (bsc#922583, CVE-2015-2922). - net: llc: use correct size for sysctl timeout entries (bsc#919007, CVE-2015-2041). - ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525, CVE-2015-3636). - ipv6: Don't reduce hop limit for an interface (bsc#922583, CVE-2015-2922). - net: llc: use correct size for sysctl timeout entries (bsc#919007, CVE-2015-2041). - ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525, CVE-2015-3636). The following non-security issues have been fixed: - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - net/mlx4_core: Don't disable SRIOV if there are active VFs (bsc#927355). - udf: Remove repeated loads blocksize (bsc#933907). - Refresh patches.fixes/deal-with-deadlock-in-d_walk-fix.patch. based on 3.2 stable fix 20defcec264c ("dcache: Fix locking bugs in backported "deal with deadlock in d_walk()""). Not harmfull for regular SLES kernels but RT or PREEMPT kernels would see disbalance. - sched: Fix potential near-infinite distribute_cfs_runtime() loop (bnc#930786) - tty: Correct tty buffer flush (bnc#929647). - tty: hold lock across tty buffer finding and buffer filling (bnc#929647). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-TERADATA: zypper in -t patch slessp3-kernel-201507-2=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-TERADATA (x86_64): kernel-default-3.0.101-57.TDC.2 kernel-default-base-3.0.101-57.TDC.2 kernel-default-devel-3.0.101-57.TDC.2 kernel-source-3.0.101-57.TDC.2 kernel-syms-3.0.101-57.TDC.2 kernel-trace-3.0.101-57.TDC.2 kernel-trace-base-3.0.101-57.TDC.2 kernel-trace-devel-3.0.101-57.TDC.2 kernel-xen-3.0.101-57.TDC.2 kernel-xen-base-3.0.101-57.TDC.2 kernel-xen-devel-3.0.101-57.TDC.2 References: https://bugzilla.suse.com/915517 https://bugzilla.suse.com/919007 https://bugzilla.suse.com/922583 https://bugzilla.suse.com/923908 https://bugzilla.suse.com/927355 https://bugzilla.suse.com/929525 https://bugzilla.suse.com/929647 https://bugzilla.suse.com/930786 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/935705 https://bugzilla.suse.com/936831 From sle-security-updates at lists.suse.com Fri Jul 10 11:08:03 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Jul 2015 19:08:03 +0200 (CEST) Subject: SUSE-SU-2015:1177-2: important: Security update for MySQL Message-ID: <20150710170803.248E7320B3@maintenance.suse.de> SUSE Security Update: Security update for MySQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1177-2 Rating: important References: #934789 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This MySQL update fixes the following security issue: * Logjam Attack: MySQL uses 512 bit DH groups in SSL connections. (bsc#934789) Security Issues: * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libmysqlclient-devel=10835 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libmysqlclient-devel=10834 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.8.8.2 libmysqlclient_r15-5.0.96-0.8.8.2 mysql-5.0.96-0.8.8.2 mysql-Max-5.0.96-0.8.8.2 mysql-client-5.0.96-0.8.8.2 mysql-tools-5.0.96-0.8.8.2 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.8.8.2 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.8.8.2 libmysqlclient_r15-5.0.96-0.8.8.2 mysql-5.0.96-0.8.8.2 mysql-Max-5.0.96-0.8.8.2 mysql-client-5.0.96-0.8.8.2 mysql-tools-5.0.96-0.8.8.2 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.8.8.2 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/934789 https://download.suse.com/patch/finder/?keywords=981d8f54c6495496c156cd451d10c084 https://download.suse.com/patch/finder/?keywords=9bf49a65c370d89b69d6200ce055b991 From sle-security-updates at lists.suse.com Fri Jul 10 11:08:24 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Jul 2015 19:08:24 +0200 (CEST) Subject: SUSE-SU-2015:1227-1: moderate: Security update for strongswan Message-ID: <20150710170824.5344B320B3@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1227-1 Rating: moderate References: #933591 Cross-References: CVE-2015-4171 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: strongswan was updated to fix a problem that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. (CVE-2015-4171) Security Issues: * CVE-2015-4171 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-strongswan=10739 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-strongswan=10739 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-strongswan=10739 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): strongswan-4.4.0-6.27.1 strongswan-doc-4.4.0-6.27.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.27.1 strongswan-doc-4.4.0-6.27.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): strongswan-4.4.0-6.27.1 strongswan-doc-4.4.0-6.27.1 References: https://www.suse.com/security/cve/CVE-2015-4171.html https://bugzilla.suse.com/933591 https://download.suse.com/patch/finder/?keywords=812b92d737144f4bab961ce3080050bc From sle-security-updates at lists.suse.com Fri Jul 10 11:08:43 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Jul 2015 19:08:43 +0200 (CEST) Subject: SUSE-SU-2015:1228-1: moderate: Security update for strongswan Message-ID: <20150710170843.D14FB320B3@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1228-1 Rating: moderate References: #876449 #933591 Cross-References: CVE-2014-2891 CVE-2015-4171 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: strongswan was updated to fix two security issues: * An issue that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. (CVE-2015-4171) * A bug in decoding ID_DER_ASN1_DN ID payloads that could be used for remote denial of service attacks. (CVE-2014-2891) Security Issues: * CVE-2015-4171 * CVE-2014-2891 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): strongswan-4.4.0-6.19.1 strongswan-doc-4.4.0-6.19.1 References: https://www.suse.com/security/cve/CVE-2014-2891.html https://www.suse.com/security/cve/CVE-2015-4171.html https://bugzilla.suse.com/876449 https://bugzilla.suse.com/933591 https://download.suse.com/patch/finder/?keywords=98e26dc2a1696d47c59ab9aa31ce0c35 From sle-security-updates at lists.suse.com Thu Jul 16 02:08:25 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Jul 2015 10:08:25 +0200 (CEST) Subject: SUSE-SU-2015:1249-1: moderate: Security update for augeas Message-ID: <20150716080825.7B28C320B5@maintenance.suse.de> SUSE Security Update: Security update for augeas ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1249-1 Rating: moderate References: #925225 Cross-References: CVE-2014-8119 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-320=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-320=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-320=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): augeas-debuginfo-1.2.0-3.1 augeas-debugsource-1.2.0-3.1 augeas-devel-1.2.0-3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): augeas-1.2.0-3.1 augeas-debuginfo-1.2.0-3.1 augeas-debugsource-1.2.0-3.1 augeas-lenses-1.2.0-3.1 libaugeas0-1.2.0-3.1 libaugeas0-debuginfo-1.2.0-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): augeas-debuginfo-1.2.0-3.1 augeas-debugsource-1.2.0-3.1 libaugeas0-1.2.0-3.1 libaugeas0-debuginfo-1.2.0-3.1 References: https://www.suse.com/security/cve/CVE-2014-8119.html https://bugzilla.suse.com/925225 From sle-security-updates at lists.suse.com Fri Jul 17 02:12:08 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2015 10:12:08 +0200 (CEST) Subject: SUSE-SU-2015:1253-1: important: Security update for php5 Message-ID: <20150717081208.719A7320B5@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1253-1 Rating: important References: #919080 #927147 #931421 #931769 #931772 #931776 #933227 #935224 #935226 #935227 #935232 #935234 #935274 #935275 Cross-References: CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This security update of PHP fixes the following issues: Security issues fixed: * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability. * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity. * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow. * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL. * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type confusion after unserialize() information disclosure. * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. Bugs fixed: * configure php-fpm with --localstatedir=/var [bnc#927147] * fix timezone map [bnc#919080] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-322=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-322=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-30.1 php5-debugsource-5.5.14-30.1 php5-devel-5.5.14-30.1 - SUSE Linux Enterprise Module for Web Scripting 12 (s390x x86_64): apache2-mod_php5-5.5.14-30.1 apache2-mod_php5-debuginfo-5.5.14-30.1 php5-5.5.14-30.1 php5-bcmath-5.5.14-30.1 php5-bcmath-debuginfo-5.5.14-30.1 php5-bz2-5.5.14-30.1 php5-bz2-debuginfo-5.5.14-30.1 php5-calendar-5.5.14-30.1 php5-calendar-debuginfo-5.5.14-30.1 php5-ctype-5.5.14-30.1 php5-ctype-debuginfo-5.5.14-30.1 php5-curl-5.5.14-30.1 php5-curl-debuginfo-5.5.14-30.1 php5-dba-5.5.14-30.1 php5-dba-debuginfo-5.5.14-30.1 php5-debuginfo-5.5.14-30.1 php5-debugsource-5.5.14-30.1 php5-dom-5.5.14-30.1 php5-dom-debuginfo-5.5.14-30.1 php5-enchant-5.5.14-30.1 php5-enchant-debuginfo-5.5.14-30.1 php5-exif-5.5.14-30.1 php5-exif-debuginfo-5.5.14-30.1 php5-fastcgi-5.5.14-30.1 php5-fastcgi-debuginfo-5.5.14-30.1 php5-fileinfo-5.5.14-30.1 php5-fileinfo-debuginfo-5.5.14-30.1 php5-fpm-5.5.14-30.1 php5-fpm-debuginfo-5.5.14-30.1 php5-ftp-5.5.14-30.1 php5-ftp-debuginfo-5.5.14-30.1 php5-gd-5.5.14-30.1 php5-gd-debuginfo-5.5.14-30.1 php5-gettext-5.5.14-30.1 php5-gettext-debuginfo-5.5.14-30.1 php5-gmp-5.5.14-30.1 php5-gmp-debuginfo-5.5.14-30.1 php5-iconv-5.5.14-30.1 php5-iconv-debuginfo-5.5.14-30.1 php5-intl-5.5.14-30.1 php5-intl-debuginfo-5.5.14-30.1 php5-json-5.5.14-30.1 php5-json-debuginfo-5.5.14-30.1 php5-ldap-5.5.14-30.1 php5-ldap-debuginfo-5.5.14-30.1 php5-mbstring-5.5.14-30.1 php5-mbstring-debuginfo-5.5.14-30.1 php5-mcrypt-5.5.14-30.1 php5-mcrypt-debuginfo-5.5.14-30.1 php5-mysql-5.5.14-30.1 php5-mysql-debuginfo-5.5.14-30.1 php5-odbc-5.5.14-30.1 php5-odbc-debuginfo-5.5.14-30.1 php5-openssl-5.5.14-30.1 php5-openssl-debuginfo-5.5.14-30.1 php5-pcntl-5.5.14-30.1 php5-pcntl-debuginfo-5.5.14-30.1 php5-pdo-5.5.14-30.1 php5-pdo-debuginfo-5.5.14-30.1 php5-pgsql-5.5.14-30.1 php5-pgsql-debuginfo-5.5.14-30.1 php5-pspell-5.5.14-30.1 php5-pspell-debuginfo-5.5.14-30.1 php5-shmop-5.5.14-30.1 php5-shmop-debuginfo-5.5.14-30.1 php5-snmp-5.5.14-30.1 php5-snmp-debuginfo-5.5.14-30.1 php5-soap-5.5.14-30.1 php5-soap-debuginfo-5.5.14-30.1 php5-sockets-5.5.14-30.1 php5-sockets-debuginfo-5.5.14-30.1 php5-sqlite-5.5.14-30.1 php5-sqlite-debuginfo-5.5.14-30.1 php5-suhosin-5.5.14-30.1 php5-suhosin-debuginfo-5.5.14-30.1 php5-sysvmsg-5.5.14-30.1 php5-sysvmsg-debuginfo-5.5.14-30.1 php5-sysvsem-5.5.14-30.1 php5-sysvsem-debuginfo-5.5.14-30.1 php5-sysvshm-5.5.14-30.1 php5-sysvshm-debuginfo-5.5.14-30.1 php5-tokenizer-5.5.14-30.1 php5-tokenizer-debuginfo-5.5.14-30.1 php5-wddx-5.5.14-30.1 php5-wddx-debuginfo-5.5.14-30.1 php5-xmlreader-5.5.14-30.1 php5-xmlreader-debuginfo-5.5.14-30.1 php5-xmlrpc-5.5.14-30.1 php5-xmlrpc-debuginfo-5.5.14-30.1 php5-xmlwriter-5.5.14-30.1 php5-xmlwriter-debuginfo-5.5.14-30.1 php5-xsl-5.5.14-30.1 php5-xsl-debuginfo-5.5.14-30.1 php5-zip-5.5.14-30.1 php5-zip-debuginfo-5.5.14-30.1 php5-zlib-5.5.14-30.1 php5-zlib-debuginfo-5.5.14-30.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-30.1 References: https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2015-3412.html https://www.suse.com/security/cve/CVE-2015-4021.html https://www.suse.com/security/cve/CVE-2015-4022.html https://www.suse.com/security/cve/CVE-2015-4024.html https://www.suse.com/security/cve/CVE-2015-4026.html https://www.suse.com/security/cve/CVE-2015-4148.html https://www.suse.com/security/cve/CVE-2015-4598.html https://www.suse.com/security/cve/CVE-2015-4599.html https://www.suse.com/security/cve/CVE-2015-4600.html https://www.suse.com/security/cve/CVE-2015-4601.html https://www.suse.com/security/cve/CVE-2015-4602.html https://www.suse.com/security/cve/CVE-2015-4603.html https://www.suse.com/security/cve/CVE-2015-4643.html https://www.suse.com/security/cve/CVE-2015-4644.html https://bugzilla.suse.com/919080 https://bugzilla.suse.com/927147 https://bugzilla.suse.com/931421 https://bugzilla.suse.com/931769 https://bugzilla.suse.com/931772 https://bugzilla.suse.com/931776 https://bugzilla.suse.com/933227 https://bugzilla.suse.com/935224 https://bugzilla.suse.com/935226 https://bugzilla.suse.com/935227 https://bugzilla.suse.com/935232 https://bugzilla.suse.com/935234 https://bugzilla.suse.com/935274 https://bugzilla.suse.com/935275 From sle-security-updates at lists.suse.com Fri Jul 17 03:08:11 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2015 11:08:11 +0200 (CEST) Subject: SUSE-SU-2015:1253-2: important: Security update for php5 Message-ID: <20150717090811.513EA320B5@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1253-2 Rating: important References: #919080 #927147 #931421 #931769 #931772 #931776 #933227 #935224 #935226 #935227 #935232 #935234 #935274 #935275 Cross-References: CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This security update of PHP fixes the following issues: Security issues fixed: * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability. * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity. * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow. * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL. * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type confusion after unserialize() information disclosure. * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. Bugs fixed: * configure php-fpm with --localstatedir=/var [bnc#927147] * fix timezone map [bnc#919080] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-322=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le): apache2-mod_php5-5.5.14-30.1 apache2-mod_php5-debuginfo-5.5.14-30.1 php5-5.5.14-30.1 php5-bcmath-5.5.14-30.1 php5-bcmath-debuginfo-5.5.14-30.1 php5-bz2-5.5.14-30.1 php5-bz2-debuginfo-5.5.14-30.1 php5-calendar-5.5.14-30.1 php5-calendar-debuginfo-5.5.14-30.1 php5-ctype-5.5.14-30.1 php5-ctype-debuginfo-5.5.14-30.1 php5-curl-5.5.14-30.1 php5-curl-debuginfo-5.5.14-30.1 php5-dba-5.5.14-30.1 php5-dba-debuginfo-5.5.14-30.1 php5-debuginfo-5.5.14-30.1 php5-debugsource-5.5.14-30.1 php5-dom-5.5.14-30.1 php5-dom-debuginfo-5.5.14-30.1 php5-enchant-5.5.14-30.1 php5-enchant-debuginfo-5.5.14-30.1 php5-exif-5.5.14-30.1 php5-exif-debuginfo-5.5.14-30.1 php5-fastcgi-5.5.14-30.1 php5-fastcgi-debuginfo-5.5.14-30.1 php5-fileinfo-5.5.14-30.1 php5-fileinfo-debuginfo-5.5.14-30.1 php5-fpm-5.5.14-30.1 php5-fpm-debuginfo-5.5.14-30.1 php5-ftp-5.5.14-30.1 php5-ftp-debuginfo-5.5.14-30.1 php5-gd-5.5.14-30.1 php5-gd-debuginfo-5.5.14-30.1 php5-gettext-5.5.14-30.1 php5-gettext-debuginfo-5.5.14-30.1 php5-gmp-5.5.14-30.1 php5-gmp-debuginfo-5.5.14-30.1 php5-iconv-5.5.14-30.1 php5-iconv-debuginfo-5.5.14-30.1 php5-intl-5.5.14-30.1 php5-intl-debuginfo-5.5.14-30.1 php5-json-5.5.14-30.1 php5-json-debuginfo-5.5.14-30.1 php5-ldap-5.5.14-30.1 php5-ldap-debuginfo-5.5.14-30.1 php5-mbstring-5.5.14-30.1 php5-mbstring-debuginfo-5.5.14-30.1 php5-mcrypt-5.5.14-30.1 php5-mcrypt-debuginfo-5.5.14-30.1 php5-mysql-5.5.14-30.1 php5-mysql-debuginfo-5.5.14-30.1 php5-odbc-5.5.14-30.1 php5-odbc-debuginfo-5.5.14-30.1 php5-openssl-5.5.14-30.1 php5-openssl-debuginfo-5.5.14-30.1 php5-pcntl-5.5.14-30.1 php5-pcntl-debuginfo-5.5.14-30.1 php5-pdo-5.5.14-30.1 php5-pdo-debuginfo-5.5.14-30.1 php5-pgsql-5.5.14-30.1 php5-pgsql-debuginfo-5.5.14-30.1 php5-pspell-5.5.14-30.1 php5-pspell-debuginfo-5.5.14-30.1 php5-shmop-5.5.14-30.1 php5-shmop-debuginfo-5.5.14-30.1 php5-snmp-5.5.14-30.1 php5-snmp-debuginfo-5.5.14-30.1 php5-soap-5.5.14-30.1 php5-soap-debuginfo-5.5.14-30.1 php5-sockets-5.5.14-30.1 php5-sockets-debuginfo-5.5.14-30.1 php5-sqlite-5.5.14-30.1 php5-sqlite-debuginfo-5.5.14-30.1 php5-suhosin-5.5.14-30.1 php5-suhosin-debuginfo-5.5.14-30.1 php5-sysvmsg-5.5.14-30.1 php5-sysvmsg-debuginfo-5.5.14-30.1 php5-sysvsem-5.5.14-30.1 php5-sysvsem-debuginfo-5.5.14-30.1 php5-sysvshm-5.5.14-30.1 php5-sysvshm-debuginfo-5.5.14-30.1 php5-tokenizer-5.5.14-30.1 php5-tokenizer-debuginfo-5.5.14-30.1 php5-wddx-5.5.14-30.1 php5-wddx-debuginfo-5.5.14-30.1 php5-xmlreader-5.5.14-30.1 php5-xmlreader-debuginfo-5.5.14-30.1 php5-xmlrpc-5.5.14-30.1 php5-xmlrpc-debuginfo-5.5.14-30.1 php5-xmlwriter-5.5.14-30.1 php5-xmlwriter-debuginfo-5.5.14-30.1 php5-xsl-5.5.14-30.1 php5-xsl-debuginfo-5.5.14-30.1 php5-zip-5.5.14-30.1 php5-zip-debuginfo-5.5.14-30.1 php5-zlib-5.5.14-30.1 php5-zlib-debuginfo-5.5.14-30.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-30.1 References: https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2015-3412.html https://www.suse.com/security/cve/CVE-2015-4021.html https://www.suse.com/security/cve/CVE-2015-4022.html https://www.suse.com/security/cve/CVE-2015-4024.html https://www.suse.com/security/cve/CVE-2015-4026.html https://www.suse.com/security/cve/CVE-2015-4148.html https://www.suse.com/security/cve/CVE-2015-4598.html https://www.suse.com/security/cve/CVE-2015-4599.html https://www.suse.com/security/cve/CVE-2015-4600.html https://www.suse.com/security/cve/CVE-2015-4601.html https://www.suse.com/security/cve/CVE-2015-4602.html https://www.suse.com/security/cve/CVE-2015-4603.html https://www.suse.com/security/cve/CVE-2015-4643.html https://www.suse.com/security/cve/CVE-2015-4644.html https://bugzilla.suse.com/919080 https://bugzilla.suse.com/927147 https://bugzilla.suse.com/931421 https://bugzilla.suse.com/931769 https://bugzilla.suse.com/931772 https://bugzilla.suse.com/931776 https://bugzilla.suse.com/933227 https://bugzilla.suse.com/935224 https://bugzilla.suse.com/935226 https://bugzilla.suse.com/935227 https://bugzilla.suse.com/935232 https://bugzilla.suse.com/935234 https://bugzilla.suse.com/935274 https://bugzilla.suse.com/935275 From sle-security-updates at lists.suse.com Fri Jul 17 03:10:59 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2015 11:10:59 +0200 (CEST) Subject: SUSE-SU-2015:1255-1: critical: Security update for flash-player Message-ID: <20150717091059.67F38320B5@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1255-1 Rating: critical References: #937752 Cross-References: CVE-2015-5122 CVE-2015-5123 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: flash-player was updated to fix two security issues. These security issues were fixed: - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752). - CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-323=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-323=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.491-96.1 flash-player-gnome-11.2.202.491-96.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.491-96.1 flash-player-gnome-11.2.202.491-96.1 References: https://www.suse.com/security/cve/CVE-2015-5122.html https://www.suse.com/security/cve/CVE-2015-5123.html https://bugzilla.suse.com/937752 From sle-security-updates at lists.suse.com Fri Jul 17 04:09:43 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2015 12:09:43 +0200 (CEST) Subject: SUSE-SU-2015:1258-1: critical: Security update for flash-player Message-ID: <20150717100943.D06FD320B5@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1258-1 Rating: critical References: #937752 Cross-References: CVE-2015-5122 CVE-2015-5123 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: flash-player was updated to fix two security issues. These security issues were fixed: - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752). - CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12002=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12002=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.491-0.11.1 flash-player-gnome-11.2.202.491-0.11.1 flash-player-kde4-11.2.202.491-0.11.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.491-0.11.1 flash-player-gnome-11.2.202.491-0.11.1 flash-player-kde4-11.2.202.491-0.11.1 References: https://www.suse.com/security/cve/CVE-2015-5122.html https://www.suse.com/security/cve/CVE-2015-5123.html https://bugzilla.suse.com/937752 From sle-security-updates at lists.suse.com Fri Jul 17 10:08:03 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2015 18:08:03 +0200 (CEST) Subject: SUSE-SU-2015:1264-1: moderate: Security update for postgresql93 Message-ID: <20150717160803.319FC320B5@maintenance.suse.de> SUSE Security Update: Security update for postgresql93 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1264-1 Rating: moderate References: #931972 #931973 #931974 Cross-References: CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: PostgreSQL was updated to the security and bugfix release 9.3.8 including 9.3.7. Security issues fixed: * CVE-2015-3165, bsc#931972: Avoid possible crash when client disconnects just before the authentication timeout expires. * CVE-2015-3166, bsc#931973: Consistently check for failure of the printf() family of functions. * CVE-2015-3167, bsc#931974: In contrib/pgcrypto, uniformly report decryption failures as "Wrong key or corrupt data" Bugs fixed: * Protect against wraparound of multixact member IDs. * Avoid failures while fsync'ing data directory during crash restart. * Fix pg_get_functiondef() to show functions' LEAKPROOF property, if set. * Allow libpq to use TLS protocol versions beyond v1. - For the full release notes, see the following two URLs http://www.postgresql.org/docs/9.3/static/release-9-3-8.html http://www.postgresql.org/docs/9.3/static/release-9-3-7.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-328=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-328=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-328=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postgresql93-devel-9.3.8-8.1 postgresql93-devel-debuginfo-9.3.8-8.1 postgresql93-libs-debugsource-9.3.8-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libecpg6-9.3.8-8.1 libecpg6-debuginfo-9.3.8-8.1 libpq5-9.3.8-8.1 libpq5-debuginfo-9.3.8-8.1 postgresql93-9.3.8-8.1 postgresql93-contrib-9.3.8-8.1 postgresql93-contrib-debuginfo-9.3.8-8.1 postgresql93-debuginfo-9.3.8-8.1 postgresql93-debugsource-9.3.8-8.1 postgresql93-libs-debugsource-9.3.8-8.1 postgresql93-server-9.3.8-8.1 postgresql93-server-debuginfo-9.3.8-8.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpq5-32bit-9.3.8-8.1 libpq5-debuginfo-32bit-9.3.8-8.1 - SUSE Linux Enterprise Server 12 (noarch): postgresql93-docs-9.3.8-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libecpg6-9.3.8-8.1 libecpg6-debuginfo-9.3.8-8.1 libpq5-32bit-9.3.8-8.1 libpq5-9.3.8-8.1 libpq5-debuginfo-32bit-9.3.8-8.1 libpq5-debuginfo-9.3.8-8.1 postgresql93-9.3.8-8.1 postgresql93-debuginfo-9.3.8-8.1 postgresql93-debugsource-9.3.8-8.1 postgresql93-libs-debugsource-9.3.8-8.1 References: https://www.suse.com/security/cve/CVE-2015-3165.html https://www.suse.com/security/cve/CVE-2015-3166.html https://www.suse.com/security/cve/CVE-2015-3167.html https://bugzilla.suse.com/931972 https://bugzilla.suse.com/931973 https://bugzilla.suse.com/931974 From sle-security-updates at lists.suse.com Fri Jul 17 12:09:40 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2015 20:09:40 +0200 (CEST) Subject: SUSE-SU-2015:1265-1: important: Security update for PHP Message-ID: <20150717180940.94417320B5@maintenance.suse.de> SUSE Security Update: Security update for PHP ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1265-1 Rating: important References: #919080 #933227 #935074 #935224 #935226 #935227 #935232 #935234 #935274 #935275 Cross-References: CVE-2015-3411 CVE-2015-3412 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: The PHP script interpreter was updated to fix various security issues: * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. * CVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type confusion after unserialize() information disclosure. Also the following bug were fixed: * fix a segmentation fault in odbc_fetch_array [bnc#935074] * fix timezone map [bnc#919080] Security Issues: * CVE-2015-3411 * CVE-2015-3412 * CVE-2015-4148 * CVE-2015-4598 * CVE-2015-4599 * CVE-2015-4600 * CVE-2015-4601 * CVE-2015-4602 * CVE-2015-4603 * CVE-2015-4643 * CVE-2015-4644 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_php53=10811 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_php53=10811 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_php53=10811 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-0.43.1 php53-imap-5.3.17-0.43.1 php53-posix-5.3.17-0.43.1 php53-readline-5.3.17-0.43.1 php53-sockets-5.3.17-0.43.1 php53-sqlite-5.3.17-0.43.1 php53-tidy-5.3.17-0.43.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_php53-5.3.17-0.43.1 php53-5.3.17-0.43.1 php53-bcmath-5.3.17-0.43.1 php53-bz2-5.3.17-0.43.1 php53-calendar-5.3.17-0.43.1 php53-ctype-5.3.17-0.43.1 php53-curl-5.3.17-0.43.1 php53-dba-5.3.17-0.43.1 php53-dom-5.3.17-0.43.1 php53-exif-5.3.17-0.43.1 php53-fastcgi-5.3.17-0.43.1 php53-fileinfo-5.3.17-0.43.1 php53-ftp-5.3.17-0.43.1 php53-gd-5.3.17-0.43.1 php53-gettext-5.3.17-0.43.1 php53-gmp-5.3.17-0.43.1 php53-iconv-5.3.17-0.43.1 php53-intl-5.3.17-0.43.1 php53-json-5.3.17-0.43.1 php53-ldap-5.3.17-0.43.1 php53-mbstring-5.3.17-0.43.1 php53-mcrypt-5.3.17-0.43.1 php53-mysql-5.3.17-0.43.1 php53-odbc-5.3.17-0.43.1 php53-openssl-5.3.17-0.43.1 php53-pcntl-5.3.17-0.43.1 php53-pdo-5.3.17-0.43.1 php53-pear-5.3.17-0.43.1 php53-pgsql-5.3.17-0.43.1 php53-pspell-5.3.17-0.43.1 php53-shmop-5.3.17-0.43.1 php53-snmp-5.3.17-0.43.1 php53-soap-5.3.17-0.43.1 php53-suhosin-5.3.17-0.43.1 php53-sysvmsg-5.3.17-0.43.1 php53-sysvsem-5.3.17-0.43.1 php53-sysvshm-5.3.17-0.43.1 php53-tokenizer-5.3.17-0.43.1 php53-wddx-5.3.17-0.43.1 php53-xmlreader-5.3.17-0.43.1 php53-xmlrpc-5.3.17-0.43.1 php53-xmlwriter-5.3.17-0.43.1 php53-xsl-5.3.17-0.43.1 php53-zip-5.3.17-0.43.1 php53-zlib-5.3.17-0.43.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-0.43.1 php53-5.3.17-0.43.1 php53-bcmath-5.3.17-0.43.1 php53-bz2-5.3.17-0.43.1 php53-calendar-5.3.17-0.43.1 php53-ctype-5.3.17-0.43.1 php53-curl-5.3.17-0.43.1 php53-dba-5.3.17-0.43.1 php53-dom-5.3.17-0.43.1 php53-exif-5.3.17-0.43.1 php53-fastcgi-5.3.17-0.43.1 php53-fileinfo-5.3.17-0.43.1 php53-ftp-5.3.17-0.43.1 php53-gd-5.3.17-0.43.1 php53-gettext-5.3.17-0.43.1 php53-gmp-5.3.17-0.43.1 php53-iconv-5.3.17-0.43.1 php53-intl-5.3.17-0.43.1 php53-json-5.3.17-0.43.1 php53-ldap-5.3.17-0.43.1 php53-mbstring-5.3.17-0.43.1 php53-mcrypt-5.3.17-0.43.1 php53-mysql-5.3.17-0.43.1 php53-odbc-5.3.17-0.43.1 php53-openssl-5.3.17-0.43.1 php53-pcntl-5.3.17-0.43.1 php53-pdo-5.3.17-0.43.1 php53-pear-5.3.17-0.43.1 php53-pgsql-5.3.17-0.43.1 php53-pspell-5.3.17-0.43.1 php53-shmop-5.3.17-0.43.1 php53-snmp-5.3.17-0.43.1 php53-soap-5.3.17-0.43.1 php53-suhosin-5.3.17-0.43.1 php53-sysvmsg-5.3.17-0.43.1 php53-sysvsem-5.3.17-0.43.1 php53-sysvshm-5.3.17-0.43.1 php53-tokenizer-5.3.17-0.43.1 php53-wddx-5.3.17-0.43.1 php53-xmlreader-5.3.17-0.43.1 php53-xmlrpc-5.3.17-0.43.1 php53-xmlwriter-5.3.17-0.43.1 php53-xsl-5.3.17-0.43.1 php53-zip-5.3.17-0.43.1 php53-zlib-5.3.17-0.43.1 References: https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2015-3412.html https://www.suse.com/security/cve/CVE-2015-4148.html https://www.suse.com/security/cve/CVE-2015-4598.html https://www.suse.com/security/cve/CVE-2015-4599.html https://www.suse.com/security/cve/CVE-2015-4600.html https://www.suse.com/security/cve/CVE-2015-4601.html https://www.suse.com/security/cve/CVE-2015-4602.html https://www.suse.com/security/cve/CVE-2015-4603.html https://www.suse.com/security/cve/CVE-2015-4643.html https://www.suse.com/security/cve/CVE-2015-4644.html https://bugzilla.suse.com/919080 https://bugzilla.suse.com/933227 https://bugzilla.suse.com/935074 https://bugzilla.suse.com/935224 https://bugzilla.suse.com/935226 https://bugzilla.suse.com/935227 https://bugzilla.suse.com/935232 https://bugzilla.suse.com/935234 https://bugzilla.suse.com/935274 https://bugzilla.suse.com/935275 https://download.suse.com/patch/finder/?keywords=81cfeb3c78f7d93b7833bcf7ec9abc68 From sle-security-updates at lists.suse.com Mon Jul 20 03:08:16 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Jul 2015 11:08:16 +0200 (CEST) Subject: SUSE-SU-2015:1268-1: important: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss Message-ID: <20150720090816.CF261320B5@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1268-1 Rating: important References: #908275 #935033 #935979 Cross-References: CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-201507-12001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (ia64 ppc64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-x86-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-x86-4.10.8-0.5.1 mozilla-nss-x86-3.19.2_CKBI_1.98-0.10.1 References: https://www.suse.com/security/cve/CVE-2015-2721.html https://www.suse.com/security/cve/CVE-2015-2722.html https://www.suse.com/security/cve/CVE-2015-2724.html https://www.suse.com/security/cve/CVE-2015-2725.html https://www.suse.com/security/cve/CVE-2015-2726.html https://www.suse.com/security/cve/CVE-2015-2728.html https://www.suse.com/security/cve/CVE-2015-2730.html https://www.suse.com/security/cve/CVE-2015-2733.html https://www.suse.com/security/cve/CVE-2015-2734.html https://www.suse.com/security/cve/CVE-2015-2735.html https://www.suse.com/security/cve/CVE-2015-2736.html https://www.suse.com/security/cve/CVE-2015-2737.html https://www.suse.com/security/cve/CVE-2015-2738.html https://www.suse.com/security/cve/CVE-2015-2739.html https://www.suse.com/security/cve/CVE-2015-2740.html https://www.suse.com/security/cve/CVE-2015-2743.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/908275 https://bugzilla.suse.com/935033 https://bugzilla.suse.com/935979 From sle-security-updates at lists.suse.com Mon Jul 20 04:08:36 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Jul 2015 12:08:36 +0200 (CEST) Subject: SUSE-SU-2015:1269-1: important: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss Message-ID: <20150720100836.C42B1320B5@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1269-1 Rating: important References: #856315 #935033 #935979 Cross-References: CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-330=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-330=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-330=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-31.8.0esr-37.3 MozillaFirefox-debugsource-31.8.0esr-37.3 MozillaFirefox-devel-31.8.0esr-37.3 mozilla-nspr-debuginfo-4.10.8-3.1 mozilla-nspr-debugsource-4.10.8-3.1 mozilla-nspr-devel-4.10.8-3.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-21.1 mozilla-nss-devel-3.19.2_CKBI_1.98-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-31.8.0esr-37.3 MozillaFirefox-debuginfo-31.8.0esr-37.3 MozillaFirefox-debugsource-31.8.0esr-37.3 MozillaFirefox-translations-31.8.0esr-37.3 libfreebl3-3.19.2_CKBI_1.98-21.1 libfreebl3-debuginfo-3.19.2_CKBI_1.98-21.1 libfreebl3-hmac-3.19.2_CKBI_1.98-21.1 libsoftokn3-3.19.2_CKBI_1.98-21.1 libsoftokn3-debuginfo-3.19.2_CKBI_1.98-21.1 libsoftokn3-hmac-3.19.2_CKBI_1.98-21.1 mozilla-nspr-4.10.8-3.1 mozilla-nspr-debuginfo-4.10.8-3.1 mozilla-nspr-debugsource-4.10.8-3.1 mozilla-nss-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-21.1 mozilla-nss-tools-3.19.2_CKBI_1.98-21.1 mozilla-nss-tools-debuginfo-3.19.2_CKBI_1.98-21.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-21.1 libfreebl3-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 libfreebl3-hmac-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-hmac-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nspr-32bit-4.10.8-3.1 mozilla-nspr-debuginfo-32bit-4.10.8-3.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-31.8.0esr-37.3 MozillaFirefox-debuginfo-31.8.0esr-37.3 MozillaFirefox-debugsource-31.8.0esr-37.3 MozillaFirefox-translations-31.8.0esr-37.3 libfreebl3-3.19.2_CKBI_1.98-21.1 libfreebl3-32bit-3.19.2_CKBI_1.98-21.1 libfreebl3-debuginfo-3.19.2_CKBI_1.98-21.1 libfreebl3-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-3.19.2_CKBI_1.98-21.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-debuginfo-3.19.2_CKBI_1.98-21.1 libsoftokn3-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nspr-32bit-4.10.8-3.1 mozilla-nspr-4.10.8-3.1 mozilla-nspr-debuginfo-32bit-4.10.8-3.1 mozilla-nspr-debuginfo-4.10.8-3.1 mozilla-nspr-debugsource-4.10.8-3.1 mozilla-nss-3.19.2_CKBI_1.98-21.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-21.1 mozilla-nss-tools-3.19.2_CKBI_1.98-21.1 mozilla-nss-tools-debuginfo-3.19.2_CKBI_1.98-21.1 References: https://www.suse.com/security/cve/CVE-2015-2721.html https://www.suse.com/security/cve/CVE-2015-2722.html https://www.suse.com/security/cve/CVE-2015-2724.html https://www.suse.com/security/cve/CVE-2015-2725.html https://www.suse.com/security/cve/CVE-2015-2726.html https://www.suse.com/security/cve/CVE-2015-2728.html https://www.suse.com/security/cve/CVE-2015-2730.html https://www.suse.com/security/cve/CVE-2015-2733.html https://www.suse.com/security/cve/CVE-2015-2734.html https://www.suse.com/security/cve/CVE-2015-2735.html https://www.suse.com/security/cve/CVE-2015-2736.html https://www.suse.com/security/cve/CVE-2015-2737.html https://www.suse.com/security/cve/CVE-2015-2738.html https://www.suse.com/security/cve/CVE-2015-2739.html https://www.suse.com/security/cve/CVE-2015-2740.html https://www.suse.com/security/cve/CVE-2015-2743.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/856315 https://bugzilla.suse.com/935033 https://bugzilla.suse.com/935979 From sle-security-updates at lists.suse.com Mon Jul 20 04:09:42 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Jul 2015 12:09:42 +0200 (CEST) Subject: SUSE-SU-2015:1268-2: important: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss Message-ID: <20150720100942.3CEB5320B5@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1268-2 Rating: important References: #908275 #935033 #935979 Cross-References: CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-201507-12001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.8.0esr-0.10.1 mozilla-nspr-devel-4.10.8-0.5.1 mozilla-nss-devel-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.8.0esr-0.10.1 mozilla-nspr-devel-4.10.8-0.5.1 mozilla-nss-devel-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP4 (s390x x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libfreebl3-x86-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-x86-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-x86-4.10.8-0.5.1 mozilla-nss-x86-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-31.8.0esr-0.10.1 MozillaFirefox-debugsource-31.8.0esr-0.10.1 mozilla-nspr-debuginfo-4.10.8-0.5.1 mozilla-nspr-debugsource-4.10.8-0.5.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.10.8-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): mozilla-nspr-debuginfo-x86-4.10.8-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-31.8.0esr-0.10.1 MozillaFirefox-debugsource-31.8.0esr-0.10.1 mozilla-nspr-debuginfo-4.10.8-0.5.1 mozilla-nspr-debugsource-4.10.8-0.5.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.10.8-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): mozilla-nspr-debuginfo-x86-4.10.8-0.5.1 References: https://www.suse.com/security/cve/CVE-2015-2721.html https://www.suse.com/security/cve/CVE-2015-2722.html https://www.suse.com/security/cve/CVE-2015-2724.html https://www.suse.com/security/cve/CVE-2015-2725.html https://www.suse.com/security/cve/CVE-2015-2726.html https://www.suse.com/security/cve/CVE-2015-2728.html https://www.suse.com/security/cve/CVE-2015-2730.html https://www.suse.com/security/cve/CVE-2015-2733.html https://www.suse.com/security/cve/CVE-2015-2734.html https://www.suse.com/security/cve/CVE-2015-2735.html https://www.suse.com/security/cve/CVE-2015-2736.html https://www.suse.com/security/cve/CVE-2015-2737.html https://www.suse.com/security/cve/CVE-2015-2738.html https://www.suse.com/security/cve/CVE-2015-2739.html https://www.suse.com/security/cve/CVE-2015-2740.html https://www.suse.com/security/cve/CVE-2015-2743.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/908275 https://bugzilla.suse.com/935033 https://bugzilla.suse.com/935979 From sle-security-updates at lists.suse.com Tue Jul 21 08:08:23 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2015 16:08:23 +0200 (CEST) Subject: SUSE-SU-2015:1273-1: important: Security update for mariadb Message-ID: <20150721140823.05519320B5@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1273-1 Rating: important References: #906574 #919053 #919062 #920865 #920896 #921333 #924663 #924960 #924961 #934789 #936407 #936408 #936409 Cross-References: CVE-2014-8964 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has one errata is now available. Description: This update fixes the following security issues: * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] * CVE-2014-8964: heap buffer overflow [bnc#906574] * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] * CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) * CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) * CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) * CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) * CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-332=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-332=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-332=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libmysqlclient_r18-10.0.20-18.1 libmysqlclient_r18-32bit-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.20-18.1 libmysqlclient_r18-10.0.20-18.1 libmysqld-devel-10.0.20-18.1 libmysqld18-10.0.20-18.1 libmysqld18-debuginfo-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmysqlclient18-10.0.20-18.1 libmysqlclient18-debuginfo-10.0.20-18.1 mariadb-10.0.20-18.1 mariadb-client-10.0.20-18.1 mariadb-client-debuginfo-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 mariadb-errormessages-10.0.20-18.1 mariadb-tools-10.0.20-18.1 mariadb-tools-debuginfo-10.0.20-18.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmysqlclient18-32bit-10.0.20-18.1 libmysqlclient18-debuginfo-32bit-10.0.20-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libmysqlclient18-10.0.20-18.1 libmysqlclient18-32bit-10.0.20-18.1 libmysqlclient18-debuginfo-10.0.20-18.1 libmysqlclient18-debuginfo-32bit-10.0.20-18.1 libmysqlclient_r18-10.0.20-18.1 libmysqlclient_r18-32bit-10.0.20-18.1 mariadb-10.0.20-18.1 mariadb-client-10.0.20-18.1 mariadb-client-debuginfo-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 mariadb-errormessages-10.0.20-18.1 References: https://www.suse.com/security/cve/CVE-2014-8964.html https://www.suse.com/security/cve/CVE-2015-0433.html https://www.suse.com/security/cve/CVE-2015-0441.html https://www.suse.com/security/cve/CVE-2015-0499.html https://www.suse.com/security/cve/CVE-2015-0501.html https://www.suse.com/security/cve/CVE-2015-0505.html https://www.suse.com/security/cve/CVE-2015-2325.html https://www.suse.com/security/cve/CVE-2015-2326.html https://www.suse.com/security/cve/CVE-2015-2568.html https://www.suse.com/security/cve/CVE-2015-2571.html https://www.suse.com/security/cve/CVE-2015-2573.html https://www.suse.com/security/cve/CVE-2015-3152.html https://bugzilla.suse.com/906574 https://bugzilla.suse.com/919053 https://bugzilla.suse.com/919062 https://bugzilla.suse.com/920865 https://bugzilla.suse.com/920896 https://bugzilla.suse.com/921333 https://bugzilla.suse.com/924663 https://bugzilla.suse.com/924960 https://bugzilla.suse.com/924961 https://bugzilla.suse.com/934789 https://bugzilla.suse.com/936407 https://bugzilla.suse.com/936408 https://bugzilla.suse.com/936409 From sle-security-updates at lists.suse.com Wed Jul 22 05:08:27 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Jul 2015 13:08:27 +0200 (CEST) Subject: SUSE-SU-2015:1276-1: moderate: Security update for krb5 Message-ID: <20150722110827.A8D18320B5@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1276-1 Rating: moderate References: #910457 #910458 #918595 #928978 Cross-References: CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2015-2694 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: krb5 was updated to fix four security issues. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). - CVE-2015-2694: OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass (bsc#928978). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-335=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-335=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): krb5-debuginfo-1.12.1-16.1 krb5-debugsource-1.12.1-16.1 krb5-devel-1.12.1-16.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): krb5-1.12.1-16.1 krb5-client-1.12.1-16.1 krb5-client-debuginfo-1.12.1-16.1 krb5-debuginfo-1.12.1-16.1 krb5-debugsource-1.12.1-16.1 krb5-doc-1.12.1-16.1 krb5-plugin-kdb-ldap-1.12.1-16.1 krb5-plugin-kdb-ldap-debuginfo-1.12.1-16.1 krb5-plugin-preauth-otp-1.12.1-16.1 krb5-plugin-preauth-otp-debuginfo-1.12.1-16.1 krb5-plugin-preauth-pkinit-1.12.1-16.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-16.1 krb5-server-1.12.1-16.1 krb5-server-debuginfo-1.12.1-16.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): krb5-32bit-1.12.1-16.1 krb5-debuginfo-32bit-1.12.1-16.1 References: https://www.suse.com/security/cve/CVE-2014-5353.html https://www.suse.com/security/cve/CVE-2014-5354.html https://www.suse.com/security/cve/CVE-2014-5355.html https://www.suse.com/security/cve/CVE-2015-2694.html https://bugzilla.suse.com/910457 https://bugzilla.suse.com/910458 https://bugzilla.suse.com/918595 https://bugzilla.suse.com/928978 From sle-security-updates at lists.suse.com Wed Jul 22 10:08:22 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Jul 2015 18:08:22 +0200 (CEST) Subject: SUSE-SU-2015:1281-1: moderate: Security update for tomcat Message-ID: <20150722160822.527C3320B5@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1281-1 Rating: moderate References: #931442 Cross-References: CVE-2014-7810 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - CVE-2014-7810: Security manager bypass via EL expression (bnc#931442) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-336=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): tomcat-7.0.55-8.2 tomcat-admin-webapps-7.0.55-8.2 tomcat-docs-webapp-7.0.55-8.2 tomcat-el-2_2-api-7.0.55-8.2 tomcat-javadoc-7.0.55-8.2 tomcat-jsp-2_2-api-7.0.55-8.2 tomcat-lib-7.0.55-8.2 tomcat-servlet-3_0-api-7.0.55-8.2 tomcat-webapps-7.0.55-8.2 References: https://www.suse.com/security/cve/CVE-2014-7810.html https://bugzilla.suse.com/931442 From sle-security-updates at lists.suse.com Thu Jul 23 10:09:01 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Jul 2015 18:09:01 +0200 (CEST) Subject: SUSE-SU-2015:1282-1: moderate: Security update for krb5 Message-ID: <20150723160901.47A0427FF4@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1282-1 Rating: moderate References: #910457 #910458 #918595 Cross-References: CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-krb5-201507-12004=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-krb5-201507-12004=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-krb5-201507-12004=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-krb5-201507-12004=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-krb5-201507-12004=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-krb5-201507-12004=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-krb5-201507-12004=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-krb5-201507-12004=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): krb5-1.6.3-133.49.68.1 krb5-apps-clients-1.6.3-133.49.68.1 krb5-apps-servers-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 krb5-plugin-kdb-ldap-1.6.3-133.49.68.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.68.1 krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): krb5-doc-1.6.3-133.49.68.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.68.1 krb5-apps-clients-1.6.3-133.49.68.1 krb5-apps-servers-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 krb5-plugin-kdb-ldap-1.6.3-133.49.68.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.68.1 krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): krb5-doc-1.6.3-133.49.68.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): krb5-x86-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.68.1 krb5-apps-clients-1.6.3-133.49.68.1 krb5-apps-servers-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 krb5-plugin-kdb-ldap-1.6.3-133.49.68.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.68.1 krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): krb5-doc-1.6.3-133.49.68.2 - SUSE Linux Enterprise Server 11-SP3 (ia64): krb5-x86-1.6.3-133.49.68.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): krb5-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): krb5-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.68.1 krb5-debugsource-1.6.3-133.49.68.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): krb5-debuginfo-x86-1.6.3-133.49.68.1 References: https://www.suse.com/security/cve/CVE-2014-5353.html https://www.suse.com/security/cve/CVE-2014-5354.html https://www.suse.com/security/cve/CVE-2014-5355.html https://bugzilla.suse.com/910457 https://bugzilla.suse.com/910458 https://bugzilla.suse.com/918595 From sle-security-updates at lists.suse.com Mon Jul 27 10:08:37 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Jul 2015 18:08:37 +0200 (CEST) Subject: SUSE-SU-2015:1298-1: moderate: Security update for python-setuptools Message-ID: <20150727160837.6F6B9320B5@maintenance.suse.de> SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1298-1 Rating: moderate References: #930189 Cross-References: CVE-2013-7440 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: the following issue was fixed by this update: Non-RFC6125-compliant host name matching was incorrect (CVE-2013-7440 bnc#930189) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-343=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-343=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-343=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-343=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-343=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-setuptools-1.1.7-7.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): python-setuptools-1.1.7-7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-setuptools-1.1.7-7.1 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-setuptools-1.1.7-7.1 - SUSE Enterprise Storage 1.0 (noarch): python-setuptools-1.1.7-7.1 References: https://www.suse.com/security/cve/CVE-2013-7440.html https://bugzilla.suse.com/930189 From sle-security-updates at lists.suse.com Mon Jul 27 11:08:38 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Jul 2015 19:08:38 +0200 (CEST) Subject: SUSE-SU-2015:1299-1: important: Security update for xen Message-ID: <20150727170838.BF817320B5@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1299-1 Rating: important References: #925466 #935634 #938344 Cross-References: CVE-2015-3259 CVE-2015-5154 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: xen was updated to fix two security issues. These security issues were fixed: - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). This non-security issue was fixed: - Kdump did not work in a XEN environment (bsc#925466). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-12007=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-12007=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-xen-12007=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-12007=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.2_10-5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.2_10_3.0.101_63-5.1 xen-libs-4.4.2_10-5.1 xen-tools-domU-4.4.2_10-5.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.2_10-5.1 xen-doc-html-4.4.2_10-5.1 xen-libs-32bit-4.4.2_10-5.1 xen-tools-4.4.2_10-5.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.2_10_3.0.101_63-5.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): xen-kmp-default-4.4.2_10_3.0.101_63-5.1 xen-libs-4.4.2_10-5.1 xen-tools-domU-4.4.2_10-5.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): xen-4.4.2_10-5.1 xen-doc-html-4.4.2_10-5.1 xen-libs-32bit-4.4.2_10-5.1 xen-tools-4.4.2_10-5.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586): xen-kmp-pae-4.4.2_10_3.0.101_63-5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.2_10-5.1 xen-debugsource-4.4.2_10-5.1 References: https://www.suse.com/security/cve/CVE-2015-3259.html https://www.suse.com/security/cve/CVE-2015-5154.html https://bugzilla.suse.com/925466 https://bugzilla.suse.com/935634 https://bugzilla.suse.com/938344 From sle-security-updates at lists.suse.com Mon Jul 27 14:08:21 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Jul 2015 22:08:21 +0200 (CEST) Subject: SUSE-SU-2015:1300-1: moderate: Security update for novnc Message-ID: <20150727200821.83CE9320B5@maintenance.suse.de> SUSE Security Update: Security update for novnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1300-1 Rating: moderate References: #922233 Cross-References: CVE-2013-7436 Affected Products: SUSE Cloud 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: novnc was updated to fix a session hijacking problem through insecurely set session token cookies (bnc#922233, CVE-2013-7436). Security Issues: * CVE-2013-7436 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 5: zypper in -t patch sleclo50sp3-novnc=10751 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 5 (x86_64): novnc-0.4-0.13.1 References: https://www.suse.com/security/cve/CVE-2013-7436.html https://bugzilla.suse.com/922233 https://download.suse.com/patch/finder/?keywords=06710141fb88765b2e1c8ede5db148e8 From sle-security-updates at lists.suse.com Tue Jul 28 03:09:20 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jul 2015 11:09:20 +0200 (CEST) Subject: SUSE-SU-2015:1302-1: important: Security update for xen Message-ID: <20150728090920.8D812320B5@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1302-1 Rating: important References: #925466 #935256 #935634 #938344 Cross-References: CVE-2015-3259 CVE-2015-5154 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: xen was updated to fix two security issues. These security issues were fixed: - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). These non-security issues were fixed: - Restart of xencommons service did lead to loss of xenstore data (bsc#935256). - Kdump did not work in a XEN environment (bsc#925466). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-344=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-344=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-344=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): xen-debugsource-4.4.2_08-22.5.1 xen-devel-4.4.2_08-22.5.1 - SUSE Linux Enterprise Server 12 (x86_64): xen-4.4.2_08-22.5.1 xen-debugsource-4.4.2_08-22.5.1 xen-doc-html-4.4.2_08-22.5.1 xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1 xen-kmp-default-debuginfo-4.4.2_08_k3.12.43_52.6-22.5.1 xen-libs-32bit-4.4.2_08-22.5.1 xen-libs-4.4.2_08-22.5.1 xen-libs-debuginfo-32bit-4.4.2_08-22.5.1 xen-libs-debuginfo-4.4.2_08-22.5.1 xen-tools-4.4.2_08-22.5.1 xen-tools-debuginfo-4.4.2_08-22.5.1 xen-tools-domU-4.4.2_08-22.5.1 xen-tools-domU-debuginfo-4.4.2_08-22.5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xen-4.4.2_08-22.5.1 xen-debugsource-4.4.2_08-22.5.1 xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1 xen-kmp-default-debuginfo-4.4.2_08_k3.12.43_52.6-22.5.1 xen-libs-32bit-4.4.2_08-22.5.1 xen-libs-4.4.2_08-22.5.1 xen-libs-debuginfo-32bit-4.4.2_08-22.5.1 xen-libs-debuginfo-4.4.2_08-22.5.1 References: https://www.suse.com/security/cve/CVE-2015-3259.html https://www.suse.com/security/cve/CVE-2015-5154.html https://bugzilla.suse.com/925466 https://bugzilla.suse.com/935256 https://bugzilla.suse.com/935634 https://bugzilla.suse.com/938344 From sle-security-updates at lists.suse.com Tue Jul 28 13:08:55 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jul 2015 21:08:55 +0200 (CEST) Subject: SUSE-SU-2015:1304-1: important: Security update for bind Message-ID: <20150728190855.DEF3A320B6@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1304-1 Rating: important References: #939567 Cross-References: CVE-2015-5477 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-12008=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-bind-12008=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-bind-12008=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-12008=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-bind-12008=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bind-12008=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-bind-12008=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-bind-12008=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-12008=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-12008=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64): bind-devel-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): bind-9.9.6P1-0.12.1 bind-chrootenv-9.9.6P1-0.12.1 bind-doc-9.9.6P1-0.12.1 bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.12.1 bind-chrootenv-9.9.6P1-0.12.1 bind-doc-9.9.6P1-0.12.1 bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.12.1 bind-chrootenv-9.9.6P1-0.12.1 bind-doc-9.9.6P1-0.12.1 bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): bind-libs-x86-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.12.1 bind-chrootenv-9.9.6P1-0.12.1 bind-devel-9.9.6P1-0.12.1 bind-doc-9.9.6P1-0.12.1 bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.12.1 bind-debugsource-9.9.6P1-0.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.12.1 bind-debugsource-9.9.6P1-0.12.1 References: https://www.suse.com/security/cve/CVE-2015-5477.html https://bugzilla.suse.com/939567 From sle-security-updates at lists.suse.com Tue Jul 28 13:09:26 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jul 2015 21:09:26 +0200 (CEST) Subject: SUSE-SU-2015:1305-1: important: Security update for bind Message-ID: <20150728190926.0CE35320B6@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1305-1 Rating: important References: #939567 Cross-References: CVE-2015-5477 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-346=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-346=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-346=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.6P1-23.1 bind-debugsource-9.9.6P1-23.1 bind-devel-9.9.6P1-23.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.6P1-23.1 bind-chrootenv-9.9.6P1-23.1 bind-debuginfo-9.9.6P1-23.1 bind-debugsource-9.9.6P1-23.1 bind-libs-9.9.6P1-23.1 bind-libs-debuginfo-9.9.6P1-23.1 bind-utils-9.9.6P1-23.1 bind-utils-debuginfo-9.9.6P1-23.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.6P1-23.1 bind-libs-debuginfo-32bit-9.9.6P1-23.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.6P1-23.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.6P1-23.1 bind-debugsource-9.9.6P1-23.1 bind-libs-32bit-9.9.6P1-23.1 bind-libs-9.9.6P1-23.1 bind-libs-debuginfo-32bit-9.9.6P1-23.1 bind-libs-debuginfo-9.9.6P1-23.1 bind-utils-9.9.6P1-23.1 bind-utils-debuginfo-9.9.6P1-23.1 References: https://www.suse.com/security/cve/CVE-2015-5477.html https://bugzilla.suse.com/939567 From sle-security-updates at lists.suse.com Thu Jul 30 06:08:44 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2015 14:08:44 +0200 (CEST) Subject: SUSE-SU-2015:1316-1: important: Security update for bind Message-ID: <20150730120844.7054C320B6@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1316-1 Rating: important References: #939567 Cross-References: CVE-2015-5477 Affected Products: SUSE Linux Enterprise Server 11-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-bind-12010=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 s390x x86_64): bind-9.6ESVR11W1-0.6.1 bind-chrootenv-9.6ESVR11W1-0.6.1 bind-devel-9.6ESVR11W1-0.6.1 bind-doc-9.6ESVR11W1-0.6.1 bind-libs-9.6ESVR11W1-0.6.1 bind-utils-9.6ESVR11W1-0.6.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (s390x x86_64): bind-libs-32bit-9.6ESVR11W1-0.6.1 References: https://www.suse.com/security/cve/CVE-2015-5477.html https://bugzilla.suse.com/939567 From sle-security-updates at lists.suse.com Thu Jul 30 08:12:46 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2015 16:12:46 +0200 (CEST) Subject: SUSE-SU-2015:1319-1: important: Security update for java-1_7_0-openjdk Message-ID: <20150730141246.5ECB1320B6@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1319-1 Rating: important References: #938248 Cross-References: CVE-2015-2590 CVE-2015-2596 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. * CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-352=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-352=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.85-18.2 java-1_7_0-openjdk-debuginfo-1.7.0.85-18.2 java-1_7_0-openjdk-debugsource-1.7.0.85-18.2 java-1_7_0-openjdk-demo-1.7.0.85-18.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.85-18.2 java-1_7_0-openjdk-devel-1.7.0.85-18.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.85-18.2 java-1_7_0-openjdk-headless-1.7.0.85-18.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.85-18.2 - SUSE Linux Enterprise Desktop 12 (x86_64): java-1_7_0-openjdk-1.7.0.85-18.2 java-1_7_0-openjdk-debuginfo-1.7.0.85-18.2 java-1_7_0-openjdk-debugsource-1.7.0.85-18.2 java-1_7_0-openjdk-headless-1.7.0.85-18.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.85-18.2 References: https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2596.html https://www.suse.com/security/cve/CVE-2015-2597.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2613.html https://www.suse.com/security/cve/CVE-2015-2619.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2627.html https://www.suse.com/security/cve/CVE-2015-2628.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4729.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4736.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/938248 From sle-security-updates at lists.suse.com Thu Jul 30 09:08:47 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2015 17:08:47 +0200 (CEST) Subject: SUSE-SU-2015:1320-1: important: Security update for java-1_7_0-openjdk Message-ID: <20150730150847.A40C7320B6@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1320-1 Rating: important References: #938248 Cross-References: CVE-2015-2590 CVE-2015-2596 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. * CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-java-1_7_0-openjdk-12012=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk-12012=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-java-1_7_0-openjdk-12012=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-java-1_7_0-openjdk-12012=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): java-1_7_0-openjdk-1.7.0.85-0.11.2 java-1_7_0-openjdk-demo-1.7.0.85-0.11.2 java-1_7_0-openjdk-devel-1.7.0.85-0.11.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): java-1_7_0-openjdk-1.7.0.85-0.11.2 java-1_7_0-openjdk-demo-1.7.0.85-0.11.2 java-1_7_0-openjdk-devel-1.7.0.85-0.11.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): java-1_7_0-openjdk-debuginfo-1.7.0.85-0.11.2 java-1_7_0-openjdk-debugsource-1.7.0.85-0.11.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): java-1_7_0-openjdk-debuginfo-1.7.0.85-0.11.2 java-1_7_0-openjdk-debugsource-1.7.0.85-0.11.2 References: https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2596.html https://www.suse.com/security/cve/CVE-2015-2597.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2613.html https://www.suse.com/security/cve/CVE-2015-2619.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2627.html https://www.suse.com/security/cve/CVE-2015-2628.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4729.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4736.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/938248 From sle-security-updates at lists.suse.com Thu Jul 30 10:09:56 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2015 18:09:56 +0200 (CEST) Subject: SUSE-SU-2015:1322-1: important: Security update for bind Message-ID: <20150730160956.0E084320B4@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1322-1 Rating: important References: #939567 Cross-References: CVE-2015-5477 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: bind was updated to fix one security issue: * CVE-2015-5477: Remote Denial-of-Service via TKEY queries. (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Security Issues: * CVE-2015-5477 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 9.6ESVR11P1]: bind-9.6ESVR11P1-0.14.1 bind-chrootenv-9.6ESVR11P1-0.14.1 bind-devel-9.6ESVR11P1-0.14.1 bind-doc-9.6ESVR11P1-0.14.1 bind-libs-9.6ESVR11P1-0.14.1 bind-utils-9.6ESVR11P1-0.14.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 9.6ESVR11P1]: bind-libs-32bit-9.6ESVR11P1-0.14.1 References: https://www.suse.com/security/cve/CVE-2015-5477.html https://bugzilla.suse.com/939567 https://download.suse.com/patch/finder/?keywords=fe704ff20633640972645403977f8036 From sle-security-updates at lists.suse.com Fri Jul 31 02:08:46 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jul 2015 10:08:46 +0200 (CEST) Subject: SUSE-SU-2015:1324-1: important: Security update for the SUSE Linux Enterprise 12 kernel Message-ID: <20150731080846.13B45320B7@maintenance.suse.de> SUSE Security Update: Security update for the SUSE Linux Enterprise 12 kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1324-1 Rating: important References: #854817 #854824 #858727 #866911 #867362 #895814 #903279 #907092 #908491 #915183 #917630 #918618 #921430 #924071 #924526 #926369 #926953 #927455 #927697 #927786 #928131 #929475 #929696 #929879 #929974 #930092 #930399 #930579 #930599 #930972 #931124 #931403 #931538 #931620 #931860 #931988 #932348 #932793 #932897 #932898 #932899 #932900 #932967 #933117 #933429 #933637 #933896 #933904 #933907 #934160 #935083 #935085 #935088 #935174 #935542 #935881 #935918 #936012 #936423 #936445 #936446 #936502 #936556 #936831 #936875 #937032 #937087 #937609 #937612 #937613 #937616 #938022 #938023 #938024 Cross-References: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-1805 CVE-2015-3212 CVE-2015-4036 CVE-2015-4167 CVE-2015-4692 CVE-2015-5364 CVE-2015-5366 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 63 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive various security and bugfixes. These features were added: - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support (bsc#854824). - mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (bsc#854817). Following security bugs were fixed: - CVE-2015-1805: iov overrun for failed atomic copy could have lead to DoS or privilege escalation (bsc#933429). - CVE-2015-3212: A race condition in the way the Linux kernel handled lists of associations in SCTP sockets could have lead to list corruption and kernel panics (bsc#936502). - CVE-2015-4036: DoS via memory corruption in vhost/scsi driver (bsc#931988). - CVE-2015-4167: Linux kernel built with the UDF file system(CONFIG_UDF_FS) support was vulnerable to a crash. It occurred while fetching inode information from a corrupted/malicious udf file system image (bsc#933907). - CVE-2015-4692: DoS via NULL pointer dereference in kvm_apic_has_events function (bsc#935542). - CVE-2015-5364: Remote DoS via flood of UDP packets with invalid checksums (bsc#936831). - CVE-2015-5366: Remote DoS of EPOLLET epoll applications via flood of UDP packets with invalid checksums (bsc#936831). Security issues already fixed in the previous update but not referenced by CVE: - CVE-2014-9728: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9729: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9730: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9731: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to information leakage (bsc#933896). The following non-security bugs were fixed: - ALSA: hda - add codec ID for Skylake display audio codec (bsc#936556). - ALSA: hda/hdmi - apply Haswell fix-ups to Skylake display codec (bsc#936556). - ALSA: hda_controller: Separate stream_tag for input and output streams (bsc#936556). - ALSA: hda_intel: add AZX_DCAPS_I915_POWERWELL for SKL and BSW (bsc#936556). - ALSA: hda_intel: apply the Seperate stream_tag for Skylake (bsc#936556). - ALSA: hda_intel: apply the Seperate stream_tag for Sunrise Point (bsc#936556). - Btrfs: Handle unaligned length in extent_same (bsc#937609). - Btrfs: add missing inode item update in fallocate() (bsc#938023). - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#936445). - Btrfs: do not update mtime/ctime on deduped inodes (bsc#937616). - Btrfs: fix block group ->space_info null pointer dereference (bsc#935088). - Btrfs: fix clone / extent-same deadlocks (bsc#937612). - Btrfs: fix deadlock with extent-same and readpage (bsc#937612). - Btrfs: fix fsync data loss after append write (bsc#936446). - Btrfs: fix hang during inode eviction due to concurrent readahead (bsc#935085). - Btrfs: fix memory leak in the extent_same ioctl (bsc#937613). - Btrfs: fix race when reusing stale extent buffers that leads to BUG_ON (bsc#926369). - Btrfs: fix use after free when close_ctree frees the orphan_rsv (bsc#938022). - Btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609). - Btrfs: provide super_operations->inode_get_dev (bsc#927455). - Drivers: hv: balloon: check if ha_region_mutex was acquired in MEM_CANCEL_ONLINE case. - Drivers: hv: fcopy: process deferred messages when we complete the transaction. - Drivers: hv: fcopy: rename fcopy_work -> fcopy_timeout_work. - Drivers: hv: fcopy: set .owner reference for file operations. - Drivers: hv: fcopy: switch to using the hvutil_device_state state machine. - Drivers: hv: hv_balloon: correctly handle num_pages>INT_MAX case. - Drivers: hv: hv_balloon: correctly handle val.freeram lower than num_pages case. - Drivers: hv: hv_balloon: do not lose memory when onlining order is not natural. - Drivers: hv: hv_balloon: do not online pages in offline blocks. - Drivers: hv: hv_balloon: eliminate jumps in piecewiese linear floor function. - Drivers: hv: hv_balloon: eliminate the trylock path in acquire/release_region_mutex. - Drivers: hv: hv_balloon: keep locks balanced on add_memory() failure. - Drivers: hv: hv_balloon: refuse to balloon below the floor. - Drivers: hv: hv_balloon: report offline pages as being used. - Drivers: hv: hv_balloon: survive ballooning request with num_pages=0. - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - Drivers: hv: kvp: rename kvp_work -> kvp_timeout_work. - Drivers: hv: kvp: reset kvp_context. - Drivers: hv: kvp: switch to using the hvutil_device_state state machine. - Drivers: hv: util: Fix a bug in the KVP code. reapply upstream change ontop of v3.12-stable change - Drivers: hv: util: On device remove, close the channel after de-initializing the service. - Drivers: hv: util: introduce hv_utils_transport abstraction. - Drivers: hv: util: introduce state machine for util drivers. - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - Drivers: hv: vmbus: Add device and vendor ID to vmbus devices. - Drivers: hv: vmbus: Add support for VMBus panic notifier handler (bsc#934160). - Drivers: hv: vmbus: Add support for the NetworkDirect GUID. - Drivers: hv: vmbus: Correcting truncation error for constant HV_CRASH_CTL_CRASH_NOTIFY (bsc#934160). - Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl(). - Drivers: hv: vmbus: Fix a bug in rescind processing in vmbus_close_internal(). - Drivers: hv: vmbus: Fix a siganlling host signalling issue. - Drivers: hv: vmbus: Get rid of some unnecessary messages. - Drivers: hv: vmbus: Get rid of some unused definitions. - Drivers: hv: vmbus: Handle both rescind and offer messages in the same context. - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - Drivers: hv: vmbus: Introduce a function to remove a rescinded offer. - Drivers: hv: vmbus: Perform device register in the per-channel work element. - Drivers: hv: vmbus: Permit sending of packets without payload. - Drivers: hv: vmbus: Properly handle child device remove. - Drivers: hv: vmbus: Remove the channel from the channel list(s) on failure. - Drivers: hv: vmbus: Suport an API to send packet with additional control. - Drivers: hv: vmbus: Suport an API to send pagebuffers with additional control. - Drivers: hv: vmbus: Teardown clockevent devices on module unload. - Drivers: hv: vmbus: Teardown synthetic interrupt controllers on module unload. - Drivers: hv: vmbus: Use a round-robin algorithm for picking the outgoing channel. - Drivers: hv: vmbus: Use the vp_index map even for channels bound to CPU 0. - Drivers: hv: vmbus: avoid double kfree for device_obj. - Drivers: hv: vmbus: briefly comment num_sc and next_oc. - Drivers: hv: vmbus: decrease num_sc on subchannel removal. - Drivers: hv: vmbus: distribute subchannels among all vcpus. - Drivers: hv: vmbus: do cleanup on all vmbus_open() failure paths. - Drivers: hv: vmbus: introduce vmbus_acpi_remove. - Drivers: hv: vmbus: kill tasklets on module unload. - Drivers: hv: vmbus: move init_vp_index() call to vmbus_process_offer(). - Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors. - Drivers: hv: vmbus: rename channel work queues. - Drivers: hv: vmbus: teardown hv_vmbus_con workqueue and vmbus_connection pages on shutdown. - Drivers: hv: vmbus: unify calls to percpu_channel_enq(). - Drivers: hv: vmbus: unregister panic notifier on module unload. - Drivers: hv: vmbus:Update preferred vmbus protocol version to windows 10. - Drivers: hv: vss: process deferred messages when we complete the transaction. - Drivers: hv: vss: switch to using the hvutil_device_state state machine. - Enable CONFIG_BRIDGE_NF_EBTABLES on s390x (bsc#936012) - Fix connection reuse when sk_error_report is used (bsc#930972). - GHES: Carve out error queueing in a separate function (bsc#917630). - GHES: Carve out the panic functionality (bsc#917630). - GHES: Elliminate double-loop in the NMI handler (bsc#917630). - GHES: Make NMI handler have a single reader (bsc#917630). - GHES: Panic right after detection (bsc#917630). - IB/mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach (bsc#918618). - Initialize hv_netvsc_packet->xmit_more to avoid transfer stalls - KVM: PPC: BOOK3S: HV: CMA: Reserve cma region only in hypervisor mode (bsc#908491). - KVM: s390: virtio-ccw: Handle command rejects (bsc#931860). - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696). - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696). - PCI: pciehp: Add hotplug_lock to serialize hotplug events (bsc#866911). - Revert "MODSIGN: loading keys from db when SecureBoot disabled". This reverts commit b45412d4, because it breaks legacy boot. - SUNRPC: Report connection error values to rpc_tasks on the pending queue (bsc#930972). - Update s390x kabi files with netfilter change (bsc#936012) - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bsc#932348). - cpufreq: pcc: Enable autoload of pcc-cpufreq for ACPI processors (bsc#933117). - dmapi: fix value from newer Linux strnlen_user() (bsc#932897). - drm/i915/hsw: Fix workaround for server AUX channel clock divisor (bsc#935918). - drm/i915: Evict CS TLBs between batches (bsc#935918). - drm/i915: Fix DDC probe for passive adapters (bsc#935918). - drm/i915: Handle failure to kick out a conflicting fb driver (bsc#935918). - drm/i915: drop WaSetupGtModeTdRowDispatch:snb (bsc#935918). - drm/i915: save/restore GMBUS freq across suspend/resume on gen4 (bsc#935918). - edd: support original Phoenix EDD 3.0 information (bsc#929974). - ext4: fix over-defensive complaint after journal abort (bsc#935174). - fs/cifs: Fix corrupt SMB2 ioctl requests (bsc#931124). - ftrace: add oco handling patch (bsc#924526). - ftrace: allow architectures to specify ftrace compile options (bsc#924526). - ftrace: let notrace function attribute disable hotpatching if necessary (bsc#924526). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bsc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bsc#930092). - hv: channel: match var type to return type of wait_for_completion. - hv: do not schedule new works in vmbus_onoffer()/vmbus_onoffer_rescind(). - hv: hv_balloon: match var type to return type of wait_for_completion. - hv: hv_util: move vmbus_open() to a later place. - hv: hypervvssd: call endmntent before call setmntent again. - hv: no rmmod for hv_vmbus and hv_utils. - hv: remove the per-channel workqueue. - hv: run non-blocking message handlers in the dispatch tasklet. - hv: vmbus: missing curly braces in vmbus_process_offer(). - hv: vmbus_free_channels(): remove the redundant free_channel(). - hv: vmbus_open(): reset the channel state on ENOMEM. - hv: vmbus_post_msg: retry the hypercall on some transient errors. - hv_netvsc: Allocate the receive buffer from the correct NUMA node. - hv_netvsc: Allocate the sendbuf in a NUMA aware way. - hv_netvsc: Clean up two unused variables. - hv_netvsc: Cleanup the test for freeing skb when we use sendbuf mechanism. - hv_netvsc: Define a macro RNDIS_AND_PPI_SIZE. - hv_netvsc: Eliminate memory allocation in the packet send path. - hv_netvsc: Fix a bug in netvsc_start_xmit(). - hv_netvsc: Fix the packet free when it is in skb headroom. - hv_netvsc: Implement batching in send buffer. - hv_netvsc: Implement partial copy into send buffer. - hv_netvsc: Use the xmit_more skb flag to optimize signaling the host. - hv_netvsc: change member name of struct netvsc_stats. - hv_netvsc: introduce netif-msg into netvsc module. - hv_netvsc: remove unused variable in netvsc_send(). - hv_netvsc: remove vmbus_are_subchannels_present() in rndis_filter_device_add(). - hv_netvsc: try linearizing big SKBs before dropping them. - hv_netvsc: use per_cpu stats to calculate TX/RX data. - hv_netvsc: use single existing drop path in netvsc_start_xmit. - hv_vmbus: Add gradually increased delay for retries in vmbus_post_msg(). - hyperv: Implement netvsc_get_channels() ethool op. - hyperv: hyperv_fb: match wait_for_completion_timeout return type. - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935881). - ipr: Increase default adapter init stage change timeout (bsc#930579). - ipv6: do not delete previously existing ECMP routes if add fails (bsc#930399). - ipv6: fix ECMP route replacement (bsc#930399). - jbd2: improve error messages for inconsistent journal heads (bsc#935174). - jbd2: revise KERN_EMERG error messages (bsc#935174). - kabi/severities: Add s390 symbols allowed to change in bsc#931860 - kabi: only use sops->get_inode_dev with proper fsflag. - kernel: add panic_on_warn. - kexec: allocate the kexec control page with KEXEC_CONTROL_MEMORY_GFP (bsc#928131). - kgr: fix redirection on s390x arch (bsc#903279). - kgr: move kgr_task_in_progress() to sched.h. - kgr: send a fake signal to all blocking tasks. - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bsc#926953). - libata: Blacklist queued TRIM on all Samsung 800-series (bsc#930599). - mei: bus: () can be static. - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bsc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bsc#931620). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bsc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bsc#931620). - net/mlx4_en: Call register_netdevice in the proper location (bsc#858727). - net/mlx4_en: Do not attempt to TX offload the outer UDP checksum for VXLAN (bsc#858727). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: introduce netdev_alloc_pcpu_stats() for drivers. - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netdev: set __percpu attribute on netdev_alloc_pcpu_stats. - netdev_alloc_pcpu_stats: use less common iterator variable. - netfilter: xt_NFQUEUE: fix --queue-bypass regression (bsc#935083) - ovl: default permissions (bsc#924071). - ovl: move s_stack_depth . - powerpc/perf/hv-24x7: use kmem_cache instead of aligned stack allocations (bsc#931403). - powerpc/pseries: Correct cpu affinity for dlpar added cpus (bsc#932967). - powerpc: Add VM_FAULT_HWPOISON handling to powerpc page fault handler (bsc#929475). - powerpc: Fill in si_addr_lsb siginfo field (bsc#929475). - powerpc: Simplify do_sigbus (bsc#929475). - reiserfs: Fix use after free in journal teardown (bsc#927697). - rtlwifi: rtl8192cu: Fix kernel deadlock (bsc#927786). - s390/airq: add support for irq ranges (bsc#931860). - s390/airq: silence lockdep warning (bsc#931860). - s390/compat,signal: change return values to -EFAULT (bsc#929879). - s390/ftrace: hotpatch support for function tracing (bsc#924526). - s390/irq: improve displayed interrupt order in /proc/interrupts (bsc#931860). - s390/kernel: use stnsm 255 instead of stosm 0 (bsc#929879). - s390/kgr: reorganize kgr infrastructure in entry64.S. - s390/mm: align 64-bit PIE binaries to 4GB (bsc#929879). - s390/mm: limit STACK_RND_MASK for compat tasks (bsc#929879). - s390/rwlock: add missing local_irq_restore calls (bsc#929879). - s390/sclp_vt220: Fix kernel panic due to early terminal input (bsc#931860). - s390/smp: only send external call ipi if needed (bsc#929879). - s390/spinlock,rwlock: always to a load-and-test first (bsc#929879). - s390/spinlock: cleanup spinlock code (bsc#929879). - s390/spinlock: optimize spin_unlock code (bsc#929879). - s390/spinlock: optimize spinlock code sequence (bsc#929879). - s390/spinlock: refactor arch_spin_lock_wait[_flags] (bsc#929879). - s390/time: use stck clock fast for do_account_vtime (bsc#929879). - s390: Remove zfcpdump NR_CPUS dependency (bsc#929879). - s390: add z13 code generation support (bsc#929879). - s390: avoid z13 cache aliasing (bsc#929879). - s390: fix control register update (bsc#929879). - s390: optimize control register update (bsc#929879). - s390: z13 base performance (bsc#929879). - sched: fix __sched_setscheduler() vs load balancing race (bsc#921430) - scsi: retry MODE SENSE on unit attention (bsc#895814). - scsi_dh_alua: Recheck state on unit attention (bsc#895814). - scsi_dh_alua: fixup crash in alua_rtpg_work() (bsc#895814). - scsi_dh_alua: parse device id instead of target id (bsc#895814). - scsi_dh_alua: recheck RTPG in regular intervals (bsc#895814). - scsi_dh_alua: update all port states (bsc#895814). - sd: always retry READ CAPACITY for ALUA state transition (bsc#895814). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - supported.conf: add btrfs to kernel-$flavor-base (bsc#933637) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bsc#938024). - vTPM: set virtual device before passing to ibmvtpm_reset_crq (bsc#937087). - vfs: add super_operations->get_inode_dev (bsc#927455). - virtio-ccw: virtio-ccw adapter interrupt support (bsc#931860). - virtio-rng: do not crash if virtqueue is broken (bsc#931860). - virtio: fail adding buffer on broken queues (bsc#931860). - virtio: virtio_break_device() to mark all virtqueues broken (bsc#931860). - virtio_blk: verify if queue is broken after virtqueue_get_buf() (bsc#931860). - virtio_ccw: fix hang in set offline processing (bsc#931860). - virtio_ccw: fix vcdev pointer handling issues (bsc#931860). - virtio_ccw: introduce device_lost in virtio_ccw_device (bsc#931860). - virtio_net: do not crash if virtqueue is broken (bsc#931860). - virtio_net: verify if queue is broken after virtqueue_get_buf() (bsc#931860). - virtio_ring: adapt to notify() returning bool (bsc#931860). - virtio_ring: add new function virtqueue_is_broken() (bsc#931860). - virtio_ring: change host notification API (bsc#931860). - virtio_ring: let virtqueue_{kick()/notify()} return a bool (bsc#931860). - virtio_ring: plug kmemleak false positive (bsc#931860). - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding spinlock (bsc#931860). - virtio_scsi: verify if queue is broken after virtqueue_get_buf() (bsc#931860). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bsc#907092). - x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing (bsc#907092). - x86/kgr: move kgr infrastructure from asm to C. - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - xfrm: release dst_orig in case of error in xfrm_lookup() (bsc#932793). - xfs: Skip dirty pages in ->releasepage (bsc#915183). - xfs: fix xfs_setattr for DMAPI (bsc#932900). - xfs_dmapi: fix transaction ilocks (bsc#932899). - xfs_dmapi: fix value from newer Linux strnlen_user() (bsc#932897). - xfs_dmapi: xfs_dm_rdwr() uses dir file ops not file's ops (bsc#932898). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-356=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-356=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-356=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-356=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-356=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-356=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.44-52.10.1 kernel-default-debugsource-3.12.44-52.10.1 kernel-default-extra-3.12.44-52.10.1 kernel-default-extra-debuginfo-3.12.44-52.10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.44-52.10.1 kernel-obs-build-debugsource-3.12.44-52.10.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.44-52.10.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.44-52.10.1 kernel-default-base-3.12.44-52.10.1 kernel-default-base-debuginfo-3.12.44-52.10.1 kernel-default-debuginfo-3.12.44-52.10.1 kernel-default-debugsource-3.12.44-52.10.1 kernel-default-devel-3.12.44-52.10.1 kernel-syms-3.12.44-52.10.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.44-52.10.1 kernel-xen-base-3.12.44-52.10.1 kernel-xen-base-debuginfo-3.12.44-52.10.1 kernel-xen-debuginfo-3.12.44-52.10.1 kernel-xen-debugsource-3.12.44-52.10.1 kernel-xen-devel-3.12.44-52.10.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.44-52.10.1 kernel-macros-3.12.44-52.10.1 kernel-source-3.12.44-52.10.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.44-52.10.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.44-52.10.1 kernel-ec2-debuginfo-3.12.44-52.10.1 kernel-ec2-debugsource-3.12.44-52.10.1 kernel-ec2-devel-3.12.44-52.10.1 kernel-ec2-extra-3.12.44-52.10.1 kernel-ec2-extra-debuginfo-3.12.44-52.10.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_44-52_10-default-1-2.1 kgraft-patch-3_12_44-52_10-xen-1-2.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.44-52.10.1 kernel-default-debuginfo-3.12.44-52.10.1 kernel-default-debugsource-3.12.44-52.10.1 kernel-default-devel-3.12.44-52.10.1 kernel-default-extra-3.12.44-52.10.1 kernel-default-extra-debuginfo-3.12.44-52.10.1 kernel-syms-3.12.44-52.10.1 kernel-xen-3.12.44-52.10.1 kernel-xen-debuginfo-3.12.44-52.10.1 kernel-xen-debugsource-3.12.44-52.10.1 kernel-xen-devel-3.12.44-52.10.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.44-52.10.1 kernel-macros-3.12.44-52.10.1 kernel-source-3.12.44-52.10.1 References: https://www.suse.com/security/cve/CVE-2014-9728.html https://www.suse.com/security/cve/CVE-2014-9729.html https://www.suse.com/security/cve/CVE-2014-9730.html https://www.suse.com/security/cve/CVE-2014-9731.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-3212.html https://www.suse.com/security/cve/CVE-2015-4036.html https://www.suse.com/security/cve/CVE-2015-4167.html https://www.suse.com/security/cve/CVE-2015-4692.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://bugzilla.suse.com/854817 https://bugzilla.suse.com/854824 https://bugzilla.suse.com/858727 https://bugzilla.suse.com/866911 https://bugzilla.suse.com/867362 https://bugzilla.suse.com/895814 https://bugzilla.suse.com/903279 https://bugzilla.suse.com/907092 https://bugzilla.suse.com/908491 https://bugzilla.suse.com/915183 https://bugzilla.suse.com/917630 https://bugzilla.suse.com/918618 https://bugzilla.suse.com/921430 https://bugzilla.suse.com/924071 https://bugzilla.suse.com/924526 https://bugzilla.suse.com/926369 https://bugzilla.suse.com/926953 https://bugzilla.suse.com/927455 https://bugzilla.suse.com/927697 https://bugzilla.suse.com/927786 https://bugzilla.suse.com/928131 https://bugzilla.suse.com/929475 https://bugzilla.suse.com/929696 https://bugzilla.suse.com/929879 https://bugzilla.suse.com/929974 https://bugzilla.suse.com/930092 https://bugzilla.suse.com/930399 https://bugzilla.suse.com/930579 https://bugzilla.suse.com/930599 https://bugzilla.suse.com/930972 https://bugzilla.suse.com/931124 https://bugzilla.suse.com/931403 https://bugzilla.suse.com/931538 https://bugzilla.suse.com/931620 https://bugzilla.suse.com/931860 https://bugzilla.suse.com/931988 https://bugzilla.suse.com/932348 https://bugzilla.suse.com/932793 https://bugzilla.suse.com/932897 https://bugzilla.suse.com/932898 https://bugzilla.suse.com/932899 https://bugzilla.suse.com/932900 https://bugzilla.suse.com/932967 https://bugzilla.suse.com/933117 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933637 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/934160 https://bugzilla.suse.com/935083 https://bugzilla.suse.com/935085 https://bugzilla.suse.com/935088 https://bugzilla.suse.com/935174 https://bugzilla.suse.com/935542 https://bugzilla.suse.com/935881 https://bugzilla.suse.com/935918 https://bugzilla.suse.com/936012 https://bugzilla.suse.com/936423 https://bugzilla.suse.com/936445 https://bugzilla.suse.com/936446 https://bugzilla.suse.com/936502 https://bugzilla.suse.com/936556 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937087 https://bugzilla.suse.com/937609 https://bugzilla.suse.com/937612 https://bugzilla.suse.com/937613 https://bugzilla.suse.com/937616 https://bugzilla.suse.com/938022 https://bugzilla.suse.com/938023 https://bugzilla.suse.com/938024 From sle-security-updates at lists.suse.com Fri Jul 31 08:08:48 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jul 2015 16:08:48 +0200 (CEST) Subject: SUSE-SU-2015:1329-1: important: Security update for java-1_7_1-ibm Message-ID: <20150731140848.0F565320B7@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1329-1 Rating: important References: #935540 #938895 Cross-References: CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: IBM Java was updated to 7.1-3.10 to fix several security issues. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-12013=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-12013=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.10-3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.10-3.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.10-3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.10-3.1 java-1_7_1-ibm-plugin-1.7.1_sr3.10-3.1 References: https://www.suse.com/security/cve/CVE-2015-1931.html https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2613.html https://www.suse.com/security/cve/CVE-2015-2619.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4729.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/935540 https://bugzilla.suse.com/938895 From sle-security-updates at lists.suse.com Fri Jul 31 08:11:03 2015 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jul 2015 16:11:03 +0200 (CEST) Subject: SUSE-SU-2015:1331-1: important: Security update for java-1_7_1-ibm Message-ID: <20150731141103.63488320B7@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1331-1 Rating: important References: #935540 #938895 Cross-References: CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: IBM Java was updated to 7.1-3.10 to fix several security issues. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-359=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-359=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.10-14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.10-14.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1 - SUSE Linux Enterprise Server 12 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1 java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1 References: https://www.suse.com/security/cve/CVE-2015-1931.html https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2613.html https://www.suse.com/security/cve/CVE-2015-2619.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4729.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/935540 https://bugzilla.suse.com/938895