From sle-security-updates at lists.suse.com Mon Jan 4 04:11:53 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 4 Jan 2016 12:11:53 +0100 (CET) Subject: SUSE-SU-2016:0008-1: moderate: Security update for libksba Message-ID: <20160104111153.204FE320E8@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0008-1 Rating: moderate References: #926826 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libksba-1482=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-libksba-1482=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-libksba-1482=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libksba-1482=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-libksba-1482=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libksba-1482=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-libksba-1482=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libksba-1482=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libksba-1482=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libksba-devel-1.0.4-1.20.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libksba-devel-1.0.4-1.20.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libksba-1.0.4-1.20.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libksba-1.0.4-1.20.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libksba-1.0.4-1.20.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libksba-1.0.4-1.20.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libksba-1.0.4-1.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libksba-debuginfo-1.0.4-1.20.1 libksba-debugsource-1.0.4-1.20.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): libksba-debuginfo-1.0.4-1.20.1 libksba-debugsource-1.0.4-1.20.1 References: https://bugzilla.suse.com/926826 From sle-security-updates at lists.suse.com Mon Jan 4 06:11:44 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 4 Jan 2016 14:11:44 +0100 (CET) Subject: SUSE-SU-2016:0010-1: important: Security update for kvm Message-ID: <20160104131144.4BBC5320E8@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0010-1 Rating: important References: #947164 #950590 #953187 #956829 #957162 Cross-References: CVE-2015-7512 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for kvm fixes the following issues: Security issues fixed: - CVE-2015-7512: The receive packet size is now checked in the emulated pcnet driver, eliminating buffer overflow and potential security issue by malicious guest systems. (bsc#957162) - CVE-2015-8345: A infinite loop in processing command block list was fixed that could be exploit by malicious guest systems (bsc#956829). Other bugs fixed: - To assist users past the migration incompatibility discussed in bsc#950590 (restore migration compatibility with SLE11 SP3 and SLE12, at the unfortunate expense to prior SLE11 SP4 kvm release compatability when a virtio-net device is used), print a message which references the support document TID 7017048. See https://www.suse.com/support/kb/doc.php?id=7017048 - Fix cases of wrong clock values in kvmclock timekeeping (bsc#947164 and bsc#953187) - Enforce pxe rom sizes to ensure migration compatibility. (bsc#950590) - Fix kvm live migration fails between sles11 sp3 and sp4 (bsc#950590) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-12293=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-kvm-12293=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-35.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): kvm-1.4.2-35.1 References: https://www.suse.com/security/cve/CVE-2015-7512.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/947164 https://bugzilla.suse.com/950590 https://bugzilla.suse.com/953187 https://bugzilla.suse.com/956829 https://bugzilla.suse.com/957162 From sle-security-updates at lists.suse.com Mon Jan 4 06:12:54 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 4 Jan 2016 14:12:54 +0100 (CET) Subject: SUSE-SU-2016:0011-1: moderate: Security update for libmspack Message-ID: <20160104131254.65545320E8@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0011-1 Rating: moderate References: #934524 #934525 #934526 #934527 #934528 #934529 Cross-References: CVE-2014-9732 CVE-2015-4467 CVE-2015-4468 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: libmspack was updated to fix security issues. These security issues were fixed: * CVE-2014-9732: The cabd_extract function in cabd.c in libmspack did not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive (bnc#934524). * CVE-2015-4467: The chmd_init_decomp function in chmd.c in libmspack did not properly validate the reset interval, which allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file (bnc#934525). * CVE-2015-4468: Multiple integer overflows in the search_chunk function in chmd.c in libmspack allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file (bnc#934526). * CVE-2015-4469: The chmd_read_headers function in chmd.c in libmspack did not validate name lengths, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file (bnc#934526). * CVE-2015-4470: Off-by-one error in the inflate function in mszipd.c in libmspack allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive (bnc#934527). * CVE-2015-4471: Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack allowed remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive (bnc#934528). * CVE-2015-4472: Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file (bnc#934529). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-2=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-2=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-2=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-2=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-2=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-2=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmspack-debugsource-0.4-14.4 libmspack-devel-0.4-14.4 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libmspack-debugsource-0.4-14.4 libmspack-devel-0.4-14.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmspack-debugsource-0.4-14.4 libmspack0-0.4-14.4 libmspack0-debuginfo-0.4-14.4 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmspack-debugsource-0.4-14.4 libmspack0-0.4-14.4 libmspack0-debuginfo-0.4-14.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmspack-debugsource-0.4-14.4 libmspack0-0.4-14.4 libmspack0-debuginfo-0.4-14.4 - SUSE Linux Enterprise Desktop 12 (x86_64): libmspack-debugsource-0.4-14.4 libmspack0-0.4-14.4 libmspack0-debuginfo-0.4-14.4 References: https://www.suse.com/security/cve/CVE-2014-9732.html https://www.suse.com/security/cve/CVE-2015-4467.html https://www.suse.com/security/cve/CVE-2015-4468.html https://www.suse.com/security/cve/CVE-2015-4469.html https://www.suse.com/security/cve/CVE-2015-4470.html https://www.suse.com/security/cve/CVE-2015-4471.html https://www.suse.com/security/cve/CVE-2015-4472.html https://bugzilla.suse.com/934524 https://bugzilla.suse.com/934525 https://bugzilla.suse.com/934526 https://bugzilla.suse.com/934527 https://bugzilla.suse.com/934528 https://bugzilla.suse.com/934529 From sle-security-updates at lists.suse.com Tue Jan 5 07:11:07 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Jan 2016 15:11:07 +0100 (CET) Subject: SUSE-SU-2016:0020-1: important: Security update for kvm Message-ID: <20160105141107.BC7AA320E8@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0020-1 Rating: important References: #947164 #950590 #953187 #956829 #957162 Cross-References: CVE-2015-7512 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for kvm fixes the following issues: Security issues fixed: - CVE-2015-7512: The receive packet size is now checked in the emulated pcnet driver, eliminating buffer overflow and potential security issue by malicious guest systems. (bsc#957162) - CVE-2015-8345: A infinite loop in processing command block list was fixed that could be exploit by malicious guest systems (bsc#956829). Bugs fixed: - Fix cases of wrong clock values in kvmclock timekeeping (bsc#947164 and bsc#953187) - Enforce pxe rom sizes to ensure migration compatibility. (bsc#950590) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-kvm-12294=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-kvm-12294=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3 (i586 s390x x86_64): kvm-1.4.2-37.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): kvm-1.4.2-37.1 References: https://www.suse.com/security/cve/CVE-2015-7512.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/947164 https://bugzilla.suse.com/950590 https://bugzilla.suse.com/953187 https://bugzilla.suse.com/956829 https://bugzilla.suse.com/957162 From sle-security-updates at lists.suse.com Tue Jan 5 07:12:16 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Jan 2016 15:12:16 +0100 (CET) Subject: SUSE-SU-2016:0021-1: moderate: Security update for qemu Message-ID: <20160105141216.F07CA320E8@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0021-1 Rating: moderate References: #947164 #953187 #956829 #957162 Cross-References: CVE-2015-7512 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. (bsc#957162 CVE-2015-7512) - Infinite loop in processing command block list. CVE-2015-8345 (bsc#956829): Also a non-security bug fixed: - Fix cases of wrong clock values in kvmclock timekeeping (bsc#947164 and bsc#953187) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-11=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-11=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): qemu-2.0.2-48.12.1 qemu-block-curl-2.0.2-48.12.1 qemu-block-curl-debuginfo-2.0.2-48.12.1 qemu-debugsource-2.0.2-48.12.1 qemu-guest-agent-2.0.2-48.12.1 qemu-guest-agent-debuginfo-2.0.2-48.12.1 qemu-lang-2.0.2-48.12.1 qemu-tools-2.0.2-48.12.1 qemu-tools-debuginfo-2.0.2-48.12.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): qemu-kvm-2.0.2-48.12.1 - SUSE Linux Enterprise Server 12 (ppc64le): qemu-ppc-2.0.2-48.12.1 qemu-ppc-debuginfo-2.0.2-48.12.1 - SUSE Linux Enterprise Server 12 (noarch): qemu-ipxe-1.0.0-48.12.1 qemu-seabios-1.7.4-48.12.1 qemu-sgabios-8-48.12.1 qemu-vgabios-1.7.4-48.12.1 - SUSE Linux Enterprise Server 12 (x86_64): qemu-block-rbd-2.0.2-48.12.1 qemu-block-rbd-debuginfo-2.0.2-48.12.1 qemu-x86-2.0.2-48.12.1 qemu-x86-debuginfo-2.0.2-48.12.1 - SUSE Linux Enterprise Server 12 (s390x): qemu-s390-2.0.2-48.12.1 qemu-s390-debuginfo-2.0.2-48.12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): qemu-2.0.2-48.12.1 qemu-block-curl-2.0.2-48.12.1 qemu-block-curl-debuginfo-2.0.2-48.12.1 qemu-debugsource-2.0.2-48.12.1 qemu-kvm-2.0.2-48.12.1 qemu-tools-2.0.2-48.12.1 qemu-tools-debuginfo-2.0.2-48.12.1 qemu-x86-2.0.2-48.12.1 qemu-x86-debuginfo-2.0.2-48.12.1 - SUSE Linux Enterprise Desktop 12 (noarch): qemu-ipxe-1.0.0-48.12.1 qemu-seabios-1.7.4-48.12.1 qemu-sgabios-8-48.12.1 qemu-vgabios-1.7.4-48.12.1 References: https://www.suse.com/security/cve/CVE-2015-7512.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/947164 https://bugzilla.suse.com/953187 https://bugzilla.suse.com/956829 https://bugzilla.suse.com/957162 From sle-security-updates at lists.suse.com Tue Jan 5 11:12:02 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Jan 2016 19:12:02 +0100 (CET) Subject: SUSE-SU-2016:0027-1: moderate: Security update for libpng16 Message-ID: <20160105181202.E3D6C320E8@maintenance.suse.de> SUSE Security Update: Security update for libpng16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0027-1 Rating: moderate References: #954980 Cross-References: CVE-2015-8126 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-16=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-16=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-16=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-16=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-16=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-16=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpng16-compat-devel-1.6.8-11.1 libpng16-debugsource-1.6.8-11.1 libpng16-devel-1.6.8-11.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libpng16-compat-devel-1.6.8-11.1 libpng16-debugsource-1.6.8-11.1 libpng16-devel-1.6.8-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpng16-16-1.6.8-11.1 libpng16-16-debuginfo-1.6.8-11.1 libpng16-debugsource-1.6.8-11.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpng16-16-32bit-1.6.8-11.1 libpng16-16-debuginfo-32bit-1.6.8-11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libpng16-16-1.6.8-11.1 libpng16-16-debuginfo-1.6.8-11.1 libpng16-debugsource-1.6.8-11.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpng16-16-32bit-1.6.8-11.1 libpng16-16-debuginfo-32bit-1.6.8-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpng16-16-1.6.8-11.1 libpng16-16-32bit-1.6.8-11.1 libpng16-16-debuginfo-1.6.8-11.1 libpng16-16-debuginfo-32bit-1.6.8-11.1 libpng16-debugsource-1.6.8-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libpng16-16-1.6.8-11.1 libpng16-16-32bit-1.6.8-11.1 libpng16-16-debuginfo-1.6.8-11.1 libpng16-16-debuginfo-32bit-1.6.8-11.1 libpng16-debugsource-1.6.8-11.1 References: https://www.suse.com/security/cve/CVE-2015-8126.html https://bugzilla.suse.com/954980 From sle-security-updates at lists.suse.com Tue Jan 5 12:11:18 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Jan 2016 20:11:18 +0100 (CET) Subject: SUSE-SU-2016:0030-1: moderate: Security update for libxml2 Message-ID: <20160105191118.34D48320E8@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0030-1 Rating: moderate References: #928193 #951734 #951735 #956018 #956021 #956260 #957105 #957106 #957107 #957109 #957110 Cross-References: CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-20151221-12298=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-libxml2-20151221-12298=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-libxml2-20151221-12298=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-20151221-12298=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-libxml2-20151221-12298=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libxml2-20151221-12298=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-libxml2-20151221-12298=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-20151221-12298=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libxml2-20151221-12298=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.34.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.34.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.34.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.34.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libxml2-2.7.6-0.34.1 libxml2-doc-2.7.6-0.34.1 libxml2-python-2.7.6-0.34.4 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libxml2-32bit-2.7.6-0.34.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.34.1 libxml2-doc-2.7.6-0.34.1 libxml2-python-2.7.6-0.34.4 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.34.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.34.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.34.1 libxml2-doc-2.7.6-0.34.1 libxml2-python-2.7.6-0.34.4 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.34.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libxml2-x86-2.7.6-0.34.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libxml2-2.7.6-0.34.1 libxml2-python-2.7.6-0.34.4 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libxml2-32bit-2.7.6-0.34.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libxml2-2.7.6-0.34.1 libxml2-python-2.7.6-0.34.4 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libxml2-32bit-2.7.6-0.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.34.1 libxml2-debugsource-2.7.6-0.34.1 libxml2-python-debuginfo-2.7.6-0.34.4 libxml2-python-debugsource-2.7.6-0.34.4 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.34.1 libxml2-debugsource-2.7.6-0.34.1 libxml2-python-debuginfo-2.7.6-0.34.4 libxml2-python-debugsource-2.7.6-0.34.4 References: https://www.suse.com/security/cve/CVE-2015-1819.html https://www.suse.com/security/cve/CVE-2015-5312.html https://www.suse.com/security/cve/CVE-2015-7497.html https://www.suse.com/security/cve/CVE-2015-7498.html https://www.suse.com/security/cve/CVE-2015-7499.html https://www.suse.com/security/cve/CVE-2015-7500.html https://www.suse.com/security/cve/CVE-2015-7941.html https://www.suse.com/security/cve/CVE-2015-7942.html https://www.suse.com/security/cve/CVE-2015-8241.html https://www.suse.com/security/cve/CVE-2015-8242.html https://www.suse.com/security/cve/CVE-2015-8317.html https://bugzilla.suse.com/928193 https://bugzilla.suse.com/951734 https://bugzilla.suse.com/951735 https://bugzilla.suse.com/956018 https://bugzilla.suse.com/956021 https://bugzilla.suse.com/956260 https://bugzilla.suse.com/957105 https://bugzilla.suse.com/957106 https://bugzilla.suse.com/957107 https://bugzilla.suse.com/957109 https://bugzilla.suse.com/957110 From sle-security-updates at lists.suse.com Tue Jan 5 12:14:05 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 5 Jan 2016 20:14:05 +0100 (CET) Subject: SUSE-SU-2016:0032-1: important: Security update for samba Message-ID: <20160105191405.3A8A7320AA@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0032-1 Rating: important References: #295284 #773464 #901813 #912457 #913304 #934299 #948244 #949022 #958582 #958583 #958584 #958586 Cross-References: CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 8 fixes is now available. Description: This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586). - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582). - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584). - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583). Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022). - Address unrecoverable winbind failure: "key length too large" (bnc#934299). - Take resource group sids into account when caching netsamlogon data (bnc#912457). - Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend (bnc#773464). - Remove deprecated base_rid example from idmap_rid manpage (bnc#913304). - Purge printer name cache on spoolss SetPrinter change (bnc#901813). - Fix lookup of groups with "Local Domain" scope from Active Directory (bnc#948244). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-samba-12297=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-samba-12297=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ldapsmb-1.34b-45.2 libldb1-3.6.3-45.2 libsmbclient0-3.6.3-45.2 libtalloc2-3.6.3-45.2 libtdb1-3.6.3-45.2 libtevent0-3.6.3-45.2 libwbclient0-3.6.3-45.2 samba-3.6.3-45.2 samba-client-3.6.3-45.2 samba-krb-printing-3.6.3-45.2 samba-winbind-3.6.3-45.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-45.2 libtalloc2-32bit-3.6.3-45.2 libtdb1-32bit-3.6.3-45.2 libtevent0-32bit-3.6.3-45.2 libwbclient0-32bit-3.6.3-45.2 samba-32bit-3.6.3-45.2 samba-client-32bit-3.6.3-45.2 samba-winbind-32bit-3.6.3-45.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (noarch): samba-doc-3.6.3-45.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): samba-debuginfo-3.6.3-45.2 samba-debugsource-3.6.3-45.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64): samba-debuginfo-32bit-3.6.3-45.2 References: https://www.suse.com/security/cve/CVE-2015-5252.html https://www.suse.com/security/cve/CVE-2015-5296.html https://www.suse.com/security/cve/CVE-2015-5299.html https://www.suse.com/security/cve/CVE-2015-5330.html https://bugzilla.suse.com/295284 https://bugzilla.suse.com/773464 https://bugzilla.suse.com/901813 https://bugzilla.suse.com/912457 https://bugzilla.suse.com/913304 https://bugzilla.suse.com/934299 https://bugzilla.suse.com/948244 https://bugzilla.suse.com/949022 https://bugzilla.suse.com/958582 https://bugzilla.suse.com/958583 https://bugzilla.suse.com/958584 https://bugzilla.suse.com/958586 From sle-security-updates at lists.suse.com Thu Jan 7 05:11:15 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Jan 2016 13:11:15 +0100 (CET) Subject: SUSE-SU-2016:0040-1: moderate: Security update for python-Django Message-ID: <20160107121115.29A24320E8@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0040-1 Rating: moderate References: #955412 Cross-References: CVE-2015-8213 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: - Prevent settings leak in date template filter. (bsc#955412, CVE-2015-8213) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-python-Django-12302=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): python-Django-1.6.11-13.1 References: https://www.suse.com/security/cve/CVE-2015-8213.html https://bugzilla.suse.com/955412 From sle-security-updates at lists.suse.com Thu Jan 7 06:12:06 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Jan 2016 14:12:06 +0100 (CET) Subject: SUSE-SU-2016:0041-1: moderate: Security update for libpng15 Message-ID: <20160107131206.E881E320AA@maintenance.suse.de> SUSE Security Update: Security update for libpng15 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0041-1 Rating: moderate References: #954980 Cross-References: CVE-2015-8126 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: * CVE-2015-8126 Possible buffer overflow vulnerabilities in png_get_PLTE and png_set_PLTE functions could cause a denial of service (application crash) or possibly have an unspecified impact [bsc#954980] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-33=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-33=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpng15-15-1.5.22-4.1 libpng15-15-debuginfo-1.5.22-4.1 libpng15-debugsource-1.5.22-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpng15-15-1.5.22-4.1 libpng15-15-debuginfo-1.5.22-4.1 libpng15-debugsource-1.5.22-4.1 References: https://www.suse.com/security/cve/CVE-2015-8126.html https://bugzilla.suse.com/954980 From sle-security-updates at lists.suse.com Thu Jan 7 06:15:08 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Jan 2016 14:15:08 +0100 (CET) Subject: SUSE-SU-2016:0042-1: moderate: Security update for rubygem-passenger Message-ID: <20160107131508.82E35320E8@maintenance.suse.de> SUSE Security Update: Security update for rubygem-passenger ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0042-1 Rating: moderate References: #828005 #919726 #956281 Cross-References: CVE-2013-2119 CVE-2013-4136 CVE-2015-7519 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes the following security issues: - CVE-2015-7519: Passenger is not filtering environment like apache is doing (bnc#956281) - CVE-2013-4136: Fixed security issue Passenger would reuse existing server instance directories (temporary directories) which could cause Passenger to remove or overwrite files belonging to other instances. Solution: If the server instance directory already exists, it will now be removed first in order get correct directory permissions. If the directory still exists after removal, Phusion Passenger aborts to avoid writing to a directory with unexpected permissions.(bnc#919726) - CVE-2013-2119: Fixed security issue related with incorrect temporary file usage (bnc#828005) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-rubygem-passenger-12303=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-passenger-12303=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-passenger-12303=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-passenger-3.0.14-0.14.1 rubygem-passenger-nginx-3.0.14-0.14.1 - SUSE Studio Onsite 1.3 (x86_64): rubygem-passenger-3.0.14-0.14.1 rubygem-passenger-nginx-3.0.14-0.14.1 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-passenger-3.0.14-0.14.1 rubygem-passenger-apache2-3.0.14-0.14.1 rubygem-passenger-nginx-3.0.14-0.14.1 References: https://www.suse.com/security/cve/CVE-2013-2119.html https://www.suse.com/security/cve/CVE-2013-4136.html https://www.suse.com/security/cve/CVE-2015-7519.html https://bugzilla.suse.com/828005 https://bugzilla.suse.com/919726 https://bugzilla.suse.com/956281 From sle-security-updates at lists.suse.com Thu Jan 7 07:11:33 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Jan 2016 15:11:33 +0100 (CET) Subject: SUSE-SU-2016:0043-1: moderate: Security update for subversion Message-ID: <20160107141133.36E33320E8@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0043-1 Rating: moderate References: #958300 Cross-References: CVE-2015-5343 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: CVE-2015-5343: Possible remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bnc#958300) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-34=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-34=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.10-18.2 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.10-18.2 libsvn_auth_kwallet-1-0-1.8.10-18.2 libsvn_auth_kwallet-1-0-debuginfo-1.8.10-18.2 subversion-1.8.10-18.2 subversion-debuginfo-1.8.10-18.2 subversion-debugsource-1.8.10-18.2 subversion-devel-1.8.10-18.2 subversion-perl-1.8.10-18.2 subversion-perl-debuginfo-1.8.10-18.2 subversion-python-1.8.10-18.2 subversion-python-debuginfo-1.8.10-18.2 subversion-server-1.8.10-18.2 subversion-server-debuginfo-1.8.10-18.2 subversion-tools-1.8.10-18.2 subversion-tools-debuginfo-1.8.10-18.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): subversion-bash-completion-1.8.10-18.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.10-18.2 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.10-18.2 libsvn_auth_kwallet-1-0-1.8.10-18.2 libsvn_auth_kwallet-1-0-debuginfo-1.8.10-18.2 subversion-1.8.10-18.2 subversion-debuginfo-1.8.10-18.2 subversion-debugsource-1.8.10-18.2 subversion-devel-1.8.10-18.2 subversion-perl-1.8.10-18.2 subversion-perl-debuginfo-1.8.10-18.2 subversion-python-1.8.10-18.2 subversion-python-debuginfo-1.8.10-18.2 subversion-server-1.8.10-18.2 subversion-server-debuginfo-1.8.10-18.2 subversion-tools-1.8.10-18.2 subversion-tools-debuginfo-1.8.10-18.2 - SUSE Linux Enterprise Software Development Kit 12 (noarch): subversion-bash-completion-1.8.10-18.2 References: https://www.suse.com/security/cve/CVE-2015-5343.html https://bugzilla.suse.com/958300 From sle-security-updates at lists.suse.com Thu Jan 7 07:11:54 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Jan 2016 15:11:54 +0100 (CET) Subject: SUSE-SU-2016:0044-1: moderate: Security update for python-Django Message-ID: <20160107141154.964E8320E8@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0044-1 Rating: moderate References: #937522 #937523 #941587 #955412 Cross-References: CVE-2015-5143 CVE-2015-5144 CVE-2015-5963 CVE-2015-8213 Affected Products: SUSE Enterprise Storage 2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following security issues: - (bnc#955412, CVE-2015-8213) Possible settings leak in date template filter - (bnc#937522, CVE-2015-5143) Possible denial-of-service in session store - (bnc#937523, CVE-2015-5144) Possible Header injection - (bnc#941587, CVE-2015-5963) Possible denial-of-service by filling session store via logout() Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-35=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2 (noarch): python-Django-1.6.11-3.1 References: https://www.suse.com/security/cve/CVE-2015-5143.html https://www.suse.com/security/cve/CVE-2015-5144.html https://www.suse.com/security/cve/CVE-2015-5963.html https://www.suse.com/security/cve/CVE-2015-8213.html https://bugzilla.suse.com/937522 https://bugzilla.suse.com/937523 https://bugzilla.suse.com/941587 https://bugzilla.suse.com/955412 From sle-security-updates at lists.suse.com Thu Jan 7 09:11:27 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Jan 2016 17:11:27 +0100 (CET) Subject: SUSE-SU-2016:0047-1: moderate: Security update for rubygem-activesupport-3_2 Message-ID: <20160107161127.F0845320E8@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-3_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0047-1 Rating: moderate References: #934800 Cross-References: CVE-2015-3227 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: rubygem-activesupport-3_2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3227: Possible Denial of Service attack in Active Support (bsc#934800). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-rubygem-activesupport-3_2-12304=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-activesupport-3_2-12304=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-rubygem-activesupport-3_2-12304=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-rubygem-activesupport-3_2-12304=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-activesupport-3_2-12304=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-activesupport-3_2-3.2.12-0.14.3 - SUSE Studio Onsite 1.3 (x86_64): rubygem-activesupport-3_2-3.2.12-0.14.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): rubygem-activesupport-3_2-3.2.12-0.14.3 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-activesupport-3_2-3.2.12-0.14.3 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-activesupport-3_2-3.2.12-0.14.3 References: https://www.suse.com/security/cve/CVE-2015-3227.html https://bugzilla.suse.com/934800 From sle-security-updates at lists.suse.com Thu Jan 7 09:12:44 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Jan 2016 17:12:44 +0100 (CET) Subject: SUSE-SU-2016:0049-1: moderate: Security update for libxml2 Message-ID: <20160107161244.BF87D320E8@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0049-1 Rating: moderate References: #928193 #951734 #951735 #954429 #956018 #956021 #956260 #957105 #957106 #957107 #957109 #957110 Cross-References: CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: - security update: This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-8317 Multiple out-of-bound read could lead to denial of service [bnc#956260] * CVE-2015-8035 DoS when parsing specially crafted XML document if XZ support is enabled [bnc#954429] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-38=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-38=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-38=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-38=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-38=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-38=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-13.1 libxml2-devel-2.9.1-13.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-13.1 libxml2-devel-2.9.1-13.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libxml2-2-2.9.1-13.1 libxml2-2-debuginfo-2.9.1-13.1 libxml2-debugsource-2.9.1-13.1 libxml2-tools-2.9.1-13.1 libxml2-tools-debuginfo-2.9.1-13.1 python-libxml2-2.9.1-13.1 python-libxml2-debuginfo-2.9.1-13.1 python-libxml2-debugsource-2.9.1-13.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libxml2-2-32bit-2.9.1-13.1 libxml2-2-debuginfo-32bit-2.9.1-13.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libxml2-doc-2.9.1-13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libxml2-2-2.9.1-13.1 libxml2-2-debuginfo-2.9.1-13.1 libxml2-debugsource-2.9.1-13.1 libxml2-tools-2.9.1-13.1 libxml2-tools-debuginfo-2.9.1-13.1 python-libxml2-2.9.1-13.1 python-libxml2-debuginfo-2.9.1-13.1 python-libxml2-debugsource-2.9.1-13.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libxml2-2-32bit-2.9.1-13.1 libxml2-2-debuginfo-32bit-2.9.1-13.1 - SUSE Linux Enterprise Server 12 (noarch): libxml2-doc-2.9.1-13.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libxml2-2-2.9.1-13.1 libxml2-2-32bit-2.9.1-13.1 libxml2-2-debuginfo-2.9.1-13.1 libxml2-2-debuginfo-32bit-2.9.1-13.1 libxml2-debugsource-2.9.1-13.1 libxml2-tools-2.9.1-13.1 libxml2-tools-debuginfo-2.9.1-13.1 python-libxml2-2.9.1-13.1 python-libxml2-debuginfo-2.9.1-13.1 python-libxml2-debugsource-2.9.1-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libxml2-2-2.9.1-13.1 libxml2-2-32bit-2.9.1-13.1 libxml2-2-debuginfo-2.9.1-13.1 libxml2-2-debuginfo-32bit-2.9.1-13.1 libxml2-debugsource-2.9.1-13.1 libxml2-tools-2.9.1-13.1 libxml2-tools-debuginfo-2.9.1-13.1 python-libxml2-2.9.1-13.1 python-libxml2-debuginfo-2.9.1-13.1 python-libxml2-debugsource-2.9.1-13.1 References: https://www.suse.com/security/cve/CVE-2015-1819.html https://www.suse.com/security/cve/CVE-2015-5312.html https://www.suse.com/security/cve/CVE-2015-7497.html https://www.suse.com/security/cve/CVE-2015-7498.html https://www.suse.com/security/cve/CVE-2015-7499.html https://www.suse.com/security/cve/CVE-2015-7500.html https://www.suse.com/security/cve/CVE-2015-7941.html https://www.suse.com/security/cve/CVE-2015-7942.html https://www.suse.com/security/cve/CVE-2015-8035.html https://www.suse.com/security/cve/CVE-2015-8241.html https://www.suse.com/security/cve/CVE-2015-8242.html https://www.suse.com/security/cve/CVE-2015-8317.html https://bugzilla.suse.com/928193 https://bugzilla.suse.com/951734 https://bugzilla.suse.com/951735 https://bugzilla.suse.com/954429 https://bugzilla.suse.com/956018 https://bugzilla.suse.com/956021 https://bugzilla.suse.com/956260 https://bugzilla.suse.com/957105 https://bugzilla.suse.com/957106 https://bugzilla.suse.com/957107 https://bugzilla.suse.com/957109 https://bugzilla.suse.com/957110 From sle-security-updates at lists.suse.com Thu Jan 7 09:15:02 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 7 Jan 2016 17:15:02 +0100 (CET) Subject: SUSE-SU-2016:0050-1: moderate: Security update for libpng12 Message-ID: <20160107161502.4E79C320E8@maintenance.suse.de> SUSE Security Update: Security update for libpng12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0050-1 Rating: moderate References: #954980 Cross-References: CVE-2015-8126 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-37=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-37=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-37=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-37=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-37=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-37=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpng12-compat-devel-1.2.50-13.1 libpng12-debugsource-1.2.50-13.1 libpng12-devel-1.2.50-13.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libpng12-compat-devel-1.2.50-13.1 libpng12-debugsource-1.2.50-13.1 libpng12-devel-1.2.50-13.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpng12-0-1.2.50-13.1 libpng12-0-debuginfo-1.2.50-13.1 libpng12-debugsource-1.2.50-13.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpng12-0-32bit-1.2.50-13.1 libpng12-0-debuginfo-32bit-1.2.50-13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libpng12-0-1.2.50-13.1 libpng12-0-debuginfo-1.2.50-13.1 libpng12-debugsource-1.2.50-13.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpng12-0-32bit-1.2.50-13.1 libpng12-0-debuginfo-32bit-1.2.50-13.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpng12-0-1.2.50-13.1 libpng12-0-32bit-1.2.50-13.1 libpng12-0-debuginfo-1.2.50-13.1 libpng12-0-debuginfo-32bit-1.2.50-13.1 libpng12-debugsource-1.2.50-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libpng12-0-1.2.50-13.1 libpng12-0-32bit-1.2.50-13.1 libpng12-0-debuginfo-1.2.50-13.1 libpng12-0-debuginfo-32bit-1.2.50-13.1 libpng12-debugsource-1.2.50-13.1 References: https://www.suse.com/security/cve/CVE-2015-8126.html https://bugzilla.suse.com/954980 From sle-security-updates at lists.suse.com Fri Jan 8 11:11:32 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 8 Jan 2016 19:11:32 +0100 (CET) Subject: SUSE-SU-2016:0061-1: moderate: Security update for libpng12-0 Message-ID: <20160108181132.6FCA4320B7@maintenance.suse.de> SUSE Security Update: Security update for libpng12-0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0061-1 Rating: moderate References: #954980 Cross-References: CVE-2015-8126 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - security update: This update fixes the following securit issue: * CVE-2015-8126 Multiple buffer overflows in the png_set_PLTE and png_get_PLTE functions allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact [bsc#954980] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libpng12-0-12309=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-libpng12-0-12309=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-libpng12-0-12309=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libpng12-0-12309=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-libpng12-0-12309=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libpng12-0-12309=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-libpng12-0-12309=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libpng12-0-12309=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libpng12-0-12309=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.38.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libpng12-0-1.2.31-5.38.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libpng12-0-32bit-1.2.31-5.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.38.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.38.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libpng12-0-x86-1.2.31-5.38.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.38.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.38.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libpng12-0-x86-1.2.31-5.38.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libpng12-0-1.2.31-5.38.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libpng12-0-32bit-1.2.31-5.38.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libpng12-0-1.2.31-5.38.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libpng12-0-32bit-1.2.31-5.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpng12-0-debuginfo-1.2.31-5.38.1 libpng12-0-debugsource-1.2.31-5.38.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): libpng12-0-debuginfo-1.2.31-5.38.1 libpng12-0-debugsource-1.2.31-5.38.1 References: https://www.suse.com/security/cve/CVE-2015-8126.html https://bugzilla.suse.com/954980 From sle-security-updates at lists.suse.com Mon Jan 11 12:11:24 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 11 Jan 2016 20:11:24 +0100 (CET) Subject: SUSE-SU-2016:0077-1: moderate: Security update for gnutls Message-ID: <20160111191124.80A21320E8@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0077-1 Rating: moderate References: #924828 #947271 #957568 Cross-References: CVE-2015-2806 CVE-2015-8313 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for gnutls fixes the following security issues: - CVE-2015-8313: First byte of the padding in CBC mode is not checked (bsc#957568) - CVE-2015-2806: Two-byte stack overflow in asn1_der_decoding (bsc#924828) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gnutls-12312=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-gnutls-12312=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-gnutls-12312=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gnutls-12312=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-gnutls-12312=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-gnutls-12312=1 - SUSE Linux Enterprise High Availability Extension 11-SP3: zypper in -t patch slehasp3-gnutls-12312=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-gnutls-12312=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-gnutls-12312=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gnutls-12312=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-gnutls-12312=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.60.1 libgnutls-extra-devel-2.4.1-24.39.60.1 libgnutls-extra26-2.4.1-24.39.60.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.60.1 libgnutls-extra-devel-2.4.1-24.39.60.1 libgnutls-extra26-2.4.1-24.39.60.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): gnutls-2.4.1-24.39.60.1 libgnutls-extra26-2.4.1-24.39.60.1 libgnutls26-2.4.1-24.39.60.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libgnutls26-32bit-2.4.1-24.39.60.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.60.1 libgnutls-extra26-2.4.1-24.39.60.1 libgnutls26-2.4.1-24.39.60.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.60.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libgnutls26-x86-2.4.1-24.39.60.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.60.1 libgnutls-extra26-2.4.1-24.39.60.1 libgnutls26-2.4.1-24.39.60.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.60.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libgnutls26-x86-2.4.1-24.39.60.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgnutls-extra26-2.4.1-24.39.60.1 - SUSE Linux Enterprise High Availability Extension 11-SP3 (i586 ia64 ppc64 s390x x86_64): libgnutls-extra26-2.4.1-24.39.60.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): gnutls-2.4.1-24.39.60.1 libgnutls26-2.4.1-24.39.60.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libgnutls26-32bit-2.4.1-24.39.60.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): gnutls-2.4.1-24.39.60.1 libgnutls26-2.4.1-24.39.60.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libgnutls26-32bit-2.4.1-24.39.60.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gnutls-debuginfo-2.4.1-24.39.60.1 gnutls-debugsource-2.4.1-24.39.60.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): gnutls-debuginfo-2.4.1-24.39.60.1 gnutls-debugsource-2.4.1-24.39.60.1 References: https://www.suse.com/security/cve/CVE-2015-2806.html https://www.suse.com/security/cve/CVE-2015-8313.html https://bugzilla.suse.com/924828 https://bugzilla.suse.com/947271 https://bugzilla.suse.com/957568 From sle-security-updates at lists.suse.com Tue Jan 12 07:13:22 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Jan 2016 15:13:22 +0100 (CET) Subject: SUSE-SU-2016:0082-1: moderate: Security update for rubygem-activesupport-4_1 Message-ID: <20160112141322.D36D83213D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-4_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0082-1 Rating: moderate References: #934799 #934800 Cross-References: CVE-2015-3226 CVE-2015-3227 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following security issues: - CVE-2015-3227: Possible Denial of Service attack in Active Support (bnc#934800) - CVE-2015-3226: XSS Vulnerability in ActiveSupport::JSON (bnc#934799) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-activesupport-4_1-12314=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-activesupport-4_1-4.1.9-9.2 References: https://www.suse.com/security/cve/CVE-2015-3226.html https://www.suse.com/security/cve/CVE-2015-3227.html https://bugzilla.suse.com/934799 https://bugzilla.suse.com/934800 From sle-security-updates at lists.suse.com Tue Jan 12 12:12:47 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Jan 2016 20:12:47 +0100 (CET) Subject: SUSE-SU-2016:0090-1: moderate: Security update for openldap2 Message-ID: <20160112191247.D8B903213C@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0090-1 Rating: moderate References: #945582 Cross-References: CVE-2015-6908 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openldap2-20151222-12317=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-openldap2-20151222-12317=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-openldap2-20151222-12317=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openldap2-20151222-12317=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-openldap2-20151222-12317=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openldap2-20151222-12317=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-openldap2-20151222-12317=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-openldap2-20151222-12317=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openldap2-20151222-12317=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openldap2-20151222-12317=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): openldap2-back-perl-2.4.26-0.62.2 openldap2-devel-2.4.26-0.62.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): openldap2-devel-32bit-2.4.26-0.62.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): openldap2-2.4.26-0.62.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): openldap2-back-perl-2.4.26-0.62.2 openldap2-devel-2.4.26-0.62.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): openldap2-devel-32bit-2.4.26-0.62.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): openldap2-2.4.26-0.62.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): compat-libldap-2_3-0-2.3.37-2.62.2 libldap-2_4-2-2.4.26-0.62.2 openldap2-2.4.26-0.62.2 openldap2-back-meta-2.4.26-0.62.2 openldap2-client-2.4.26-0.62.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libldap-2_4-2-32bit-2.4.26-0.62.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.62.2 libldap-2_4-2-2.4.26-0.62.2 openldap2-2.4.26-0.62.2 openldap2-back-meta-2.4.26-0.62.2 openldap2-client-2.4.26-0.62.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.62.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libldap-2_4-2-x86-2.4.26-0.62.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.62.2 libldap-2_4-2-2.4.26-0.62.2 openldap2-2.4.26-0.62.2 openldap2-back-meta-2.4.26-0.62.2 openldap2-client-2.4.26-0.62.2 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.62.2 - SUSE Linux Enterprise Server 11-SP3 (ia64): libldap-2_4-2-x86-2.4.26-0.62.2 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libldap-openssl1-2_4-2-2.4.26-0.62.3 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libldap-openssl1-2_4-2-32bit-2.4.26-0.62.3 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libldap-openssl1-2_4-2-x86-2.4.26-0.62.3 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libldap-2_4-2-2.4.26-0.62.2 openldap2-client-2.4.26-0.62.2 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libldap-2_4-2-32bit-2.4.26-0.62.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libldap-2_4-2-2.4.26-0.62.2 openldap2-client-2.4.26-0.62.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libldap-2_4-2-32bit-2.4.26-0.62.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.62.2 openldap2-client-debugsource-2.4.26-0.62.2 openldap2-debuginfo-2.4.26-0.62.2 openldap2-debugsource-2.4.26-0.62.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.62.2 openldap2-client-debugsource-2.4.26-0.62.2 openldap2-client-openssl1-debuginfo-2.4.26-0.62.3 openldap2-client-openssl1-debugsource-2.4.26-0.62.3 openldap2-debuginfo-2.4.26-0.62.2 openldap2-debugsource-2.4.26-0.62.2 References: https://www.suse.com/security/cve/CVE-2015-6908.html https://bugzilla.suse.com/945582 From sle-security-updates at lists.suse.com Tue Jan 12 14:11:07 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 12 Jan 2016 22:11:07 +0100 (CET) Subject: SUSE-SU-2016:0092-1: moderate: Security update for cups-filters Message-ID: <20160112211107.B8E073213D@maintenance.suse.de> SUSE Security Update: Security update for cups-filters ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0092-1 Rating: moderate References: #957531 Cross-References: CVE-2015-8327 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: CVE-2015-8327 adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-66=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-66=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-66=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-66=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cups-filters-1.0.58-13.1 cups-filters-cups-browsed-1.0.58-13.1 cups-filters-cups-browsed-debuginfo-1.0.58-13.1 cups-filters-debuginfo-1.0.58-13.1 cups-filters-debugsource-1.0.58-13.1 cups-filters-foomatic-rip-1.0.58-13.1 cups-filters-foomatic-rip-debuginfo-1.0.58-13.1 cups-filters-ghostscript-1.0.58-13.1 cups-filters-ghostscript-debuginfo-1.0.58-13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cups-filters-1.0.58-13.1 cups-filters-cups-browsed-1.0.58-13.1 cups-filters-cups-browsed-debuginfo-1.0.58-13.1 cups-filters-debuginfo-1.0.58-13.1 cups-filters-debugsource-1.0.58-13.1 cups-filters-foomatic-rip-1.0.58-13.1 cups-filters-foomatic-rip-debuginfo-1.0.58-13.1 cups-filters-ghostscript-1.0.58-13.1 cups-filters-ghostscript-debuginfo-1.0.58-13.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cups-filters-1.0.58-13.1 cups-filters-cups-browsed-1.0.58-13.1 cups-filters-cups-browsed-debuginfo-1.0.58-13.1 cups-filters-debuginfo-1.0.58-13.1 cups-filters-debugsource-1.0.58-13.1 cups-filters-foomatic-rip-1.0.58-13.1 cups-filters-foomatic-rip-debuginfo-1.0.58-13.1 cups-filters-ghostscript-1.0.58-13.1 cups-filters-ghostscript-debuginfo-1.0.58-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cups-filters-1.0.58-13.1 cups-filters-cups-browsed-1.0.58-13.1 cups-filters-cups-browsed-debuginfo-1.0.58-13.1 cups-filters-debuginfo-1.0.58-13.1 cups-filters-debugsource-1.0.58-13.1 cups-filters-foomatic-rip-1.0.58-13.1 cups-filters-foomatic-rip-debuginfo-1.0.58-13.1 cups-filters-ghostscript-1.0.58-13.1 cups-filters-ghostscript-debuginfo-1.0.58-13.1 References: https://www.suse.com/security/cve/CVE-2015-8327.html https://bugzilla.suse.com/957531 From sle-security-updates at lists.suse.com Wed Jan 13 09:11:21 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Jan 2016 17:11:21 +0100 (CET) Subject: SUSE-SU-2016:0101-1: moderate: Security update for openstack-glance Message-ID: <20160113161121.EE02E2BF40@maintenance.suse.de> SUSE Security Update: Security update for openstack-glance ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0101-1 Rating: moderate References: #945051 #945994 #947735 Cross-References: CVE-2015-5251 CVE-2015-5286 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for openstack-glance provides the following fixes: - Catch NotAuthenticated exception in import task. (bsc#947735, CVE-2015-5286) - Cleanup chunks for deleted image if token expired. (bsc#947735, CVE-2015-5286) - Prevent image status being directly modified via v1. (bsc#945994, CVE-2015-5251) - Fix error when downloading image status is not active. (bsc#945051) - Add ability to deactivate an image. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openstack-glance-12321=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): openstack-glance-2014.2.4.juno-14.1 python-glance-2014.2.4.juno-14.1 - SUSE OpenStack Cloud 5 (noarch): openstack-glance-doc-2014.2.4.juno-14.1 References: https://www.suse.com/security/cve/CVE-2015-5251.html https://www.suse.com/security/cve/CVE-2015-5286.html https://bugzilla.suse.com/945051 https://bugzilla.suse.com/945994 https://bugzilla.suse.com/947735 From sle-security-updates at lists.suse.com Wed Jan 13 10:14:43 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Jan 2016 18:14:43 +0100 (CET) Subject: SUSE-SU-2016:0107-1: moderate: Security update for python-rsa Message-ID: <20160113171443.F32072BF40@maintenance.suse.de> SUSE Security Update: Security update for python-rsa ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0107-1 Rating: moderate References: #960680 Cross-References: CVE-2016-1494 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-rsa fixes the following security issue: * CVE-2016-1494: Possible signature forgery via Bleichenbacher attack (bsc#960680) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-75=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-rsa-3.1.4-11.1 References: https://www.suse.com/security/cve/CVE-2016-1494.html https://bugzilla.suse.com/960680 From sle-security-updates at lists.suse.com Wed Jan 13 11:12:14 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Jan 2016 19:12:14 +0100 (CET) Subject: SUSE-SU-2016:0109-1: Security update for wireshark Message-ID: <20160113181214.3515E2BF40@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0109-1 Rating: low References: #950437 #960382 Cross-References: CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437) * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-76=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-76=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-76=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-76=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-76=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-76=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): wireshark-debuginfo-1.12.9-22.1 wireshark-debugsource-1.12.9-22.1 wireshark-devel-1.12.9-22.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): wireshark-debuginfo-1.12.9-22.1 wireshark-debugsource-1.12.9-22.1 wireshark-devel-1.12.9-22.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): wireshark-1.12.9-22.1 wireshark-debuginfo-1.12.9-22.1 wireshark-debugsource-1.12.9-22.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): wireshark-1.12.9-22.1 wireshark-debuginfo-1.12.9-22.1 wireshark-debugsource-1.12.9-22.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): wireshark-1.12.9-22.1 wireshark-debuginfo-1.12.9-22.1 wireshark-debugsource-1.12.9-22.1 - SUSE Linux Enterprise Desktop 12 (x86_64): wireshark-1.12.9-22.1 wireshark-debuginfo-1.12.9-22.1 wireshark-debugsource-1.12.9-22.1 References: https://www.suse.com/security/cve/CVE-2015-7830.html https://www.suse.com/security/cve/CVE-2015-8711.html https://www.suse.com/security/cve/CVE-2015-8712.html https://www.suse.com/security/cve/CVE-2015-8713.html https://www.suse.com/security/cve/CVE-2015-8714.html https://www.suse.com/security/cve/CVE-2015-8715.html https://www.suse.com/security/cve/CVE-2015-8716.html https://www.suse.com/security/cve/CVE-2015-8717.html https://www.suse.com/security/cve/CVE-2015-8718.html https://www.suse.com/security/cve/CVE-2015-8719.html https://www.suse.com/security/cve/CVE-2015-8720.html https://www.suse.com/security/cve/CVE-2015-8721.html https://www.suse.com/security/cve/CVE-2015-8722.html https://www.suse.com/security/cve/CVE-2015-8723.html https://www.suse.com/security/cve/CVE-2015-8724.html https://www.suse.com/security/cve/CVE-2015-8725.html https://www.suse.com/security/cve/CVE-2015-8726.html https://www.suse.com/security/cve/CVE-2015-8727.html https://www.suse.com/security/cve/CVE-2015-8728.html https://www.suse.com/security/cve/CVE-2015-8729.html https://www.suse.com/security/cve/CVE-2015-8730.html https://www.suse.com/security/cve/CVE-2015-8731.html https://www.suse.com/security/cve/CVE-2015-8732.html https://www.suse.com/security/cve/CVE-2015-8733.html https://bugzilla.suse.com/950437 https://bugzilla.suse.com/960382 From sle-security-updates at lists.suse.com Wed Jan 13 12:15:22 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Jan 2016 20:15:22 +0100 (CET) Subject: SUSE-SU-2016:0110-1: Security update for wireshark Message-ID: <20160113191522.AC09D320E8@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0110-1 Rating: low References: #950437 #960382 Cross-References: CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update contains Wireshark 1.12.9 and fixes the following issues: * CVE-2015-7830: pcapng file parser could crash while copying an interface filter (bsc#950437) * CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8712: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. * CVE-2015-8714: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. * CVE-2015-8716: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8717: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8718: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8719: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8720: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. * CVE-2015-8721: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. * CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. * CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted * CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. * CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8727: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. * CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. * CVE-2015-8729: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. * CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. * CVE-2015-8731: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. * CVE-2015-8733: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-12322=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-wireshark-12322=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-wireshark-12322=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-12322=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-wireshark-12322=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-wireshark-12322=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-wireshark-12322=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-12322=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-wireshark-12322=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-1.12.9-0.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): wireshark-1.12.9-0.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-1.12.9-0.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): wireshark-1.12.9-0.12.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): wireshark-1.12.9-0.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-1.12.9-0.12.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): wireshark-1.12.9-0.12.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): wireshark-1.12.9-0.12.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): wireshark-1.12.9-0.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-1.12.9-0.12.1 wireshark-debugsource-1.12.9-0.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-1.12.9-0.12.1 wireshark-debugsource-1.12.9-0.12.1 References: https://www.suse.com/security/cve/CVE-2015-7830.html https://www.suse.com/security/cve/CVE-2015-8711.html https://www.suse.com/security/cve/CVE-2015-8712.html https://www.suse.com/security/cve/CVE-2015-8713.html https://www.suse.com/security/cve/CVE-2015-8714.html https://www.suse.com/security/cve/CVE-2015-8715.html https://www.suse.com/security/cve/CVE-2015-8716.html https://www.suse.com/security/cve/CVE-2015-8717.html https://www.suse.com/security/cve/CVE-2015-8718.html https://www.suse.com/security/cve/CVE-2015-8719.html https://www.suse.com/security/cve/CVE-2015-8720.html https://www.suse.com/security/cve/CVE-2015-8721.html https://www.suse.com/security/cve/CVE-2015-8722.html https://www.suse.com/security/cve/CVE-2015-8723.html https://www.suse.com/security/cve/CVE-2015-8724.html https://www.suse.com/security/cve/CVE-2015-8725.html https://www.suse.com/security/cve/CVE-2015-8726.html https://www.suse.com/security/cve/CVE-2015-8727.html https://www.suse.com/security/cve/CVE-2015-8728.html https://www.suse.com/security/cve/CVE-2015-8729.html https://www.suse.com/security/cve/CVE-2015-8730.html https://www.suse.com/security/cve/CVE-2015-8731.html https://www.suse.com/security/cve/CVE-2015-8732.html https://www.suse.com/security/cve/CVE-2015-8733.html https://bugzilla.suse.com/950437 https://bugzilla.suse.com/960382 From sle-security-updates at lists.suse.com Wed Jan 13 13:12:06 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Jan 2016 21:12:06 +0100 (CET) Subject: SUSE-SU-2016:0112-1: moderate: Security update for foomatic-filters Message-ID: <20160113201206.E342A3213C@maintenance.suse.de> SUSE Security Update: Security update for foomatic-filters ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0112-1 Rating: moderate References: #957531 Cross-References: CVE-2015-8327 CVE-2015-8560 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-foomatic-filters-12324=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-foomatic-filters-12324=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-foomatic-filters-12324=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-foomatic-filters-12324=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-foomatic-filters-12324=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): foomatic-filters-3.0.2-269.39.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): foomatic-filters-3.0.2-269.39.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): foomatic-filters-3.0.2-269.39.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): foomatic-filters-3.0.2-269.39.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): foomatic-filters-3.0.2-269.39.1 References: https://www.suse.com/security/cve/CVE-2015-8327.html https://www.suse.com/security/cve/CVE-2015-8560.html https://bugzilla.suse.com/957531 From sle-security-updates at lists.suse.com Wed Jan 13 14:11:08 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 13 Jan 2016 22:11:08 +0100 (CET) Subject: SUSE-SU-2016:0113-1: important: Security update for java-1_6_0-ibm Message-ID: <20160113211108.B84A43213C@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0113-1 Rating: important References: #955131 #960286 #960402 Cross-References: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This version update for java-1_6_0-ibm to version 6.0.16.15 fixes the following issues: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 For more information please visit: http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nove mber_2015 Security Issues: * CVE-2015-4734 * CVE-2015-4803 * CVE-2015-4805 * CVE-2015-4806 * CVE-2015-4810 * CVE-2015-4835 * CVE-2015-4840 * CVE-2015-4842 * CVE-2015-4843 * CVE-2015-4844 * CVE-2015-4860 * CVE-2015-4871 * CVE-2015-4872 * CVE-2015-4882 * CVE-2015-4883 * CVE-2015-4893 * CVE-2015-4902 * CVE-2015-4903 * CVE-2015-4911 * CVE-2015-5006 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.15-0.16.1 java-1_6_0-ibm-devel-1.6.0_sr16.15-0.16.1 java-1_6_0-ibm-fonts-1.6.0_sr16.15-0.16.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.15-0.16.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr16.15-0.16.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr16.15-0.16.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.15-0.16.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.15-0.16.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.15-0.16.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.15-0.16.1 References: https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/955131 https://bugzilla.suse.com/960286 https://bugzilla.suse.com/960402 https://download.suse.com/patch/finder/?keywords=750c96f801a1b590f58f15adc3b52b3d From sle-security-updates at lists.suse.com Wed Jan 13 16:11:06 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Jan 2016 00:11:06 +0100 (CET) Subject: SUSE-SU-2016:0114-1: moderate: Security update for python-requests Message-ID: <20160113231106.BC33C3213C@maintenance.suse.de> SUSE Security Update: Security update for python-requests ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0114-1 Rating: moderate References: #922448 #929736 #961596 Cross-References: CVE-2015-2296 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Enterprise Storage 2 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: The python-requests module has been updated to version 2.8.1, which brings several fixes and enhancements: - Fix handling of cookies on redirect. Previously a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing. (bsc#922448, CVE-2015-2296) - Add support for per-host proxies. This allows the proxies dictionary to have entries of the form {'://': ''}. Host-specific proxies will be used in preference to the previously-supported scheme-specific ones, but the previous syntax will continue to work. - Update certificate bundle to match "certifi" 2015.9.6.2's weak certificate bundle. - Response.raise_for_status now prints the URL that failed as part of the exception message. - requests.utils.get_netrc_auth now takes an raise_errors kwarg, defaulting to False. When True, errors parsing .netrc files cause exceptions to be thrown. - Change to bundled projects import logic to make it easier to unbundle requests downstream. - Change the default User-Agent string to avoid leaking data on Linux: now contains only the requests version. - The json parameter to post() and friends will now only be used if neither data nor files are present, consistent with the documentation. - Empty fields in the NO_PROXY environment variable are now ignored. - Fix problem where httplib.BadStatusLine would get raised if combining stream=True with contextlib.closing. - Prevent bugs where we would attempt to return the same connection back to the connection pool twice when sending a Chunked body. - Digest Auth support is now thread safe. - Resolved several bugs involving chunked transfer encoding and response framing. - Copy a PreparedRequest's CookieJar more reliably. - Support bytearrays when passed as parameters in the "files" argument. - Avoid data duplication when creating a request with "str", "bytes", or "bytearray" input to the "files" argument. - "Connection: keep-alive" header is now sent automatically. - Support for connect timeouts. Timeout now accepts a tuple (connect, read) which is used to set individual connect and read timeouts. For a comprehensive list of changes please refer to the package's change log or the Release Notes at http://docs.python-requests.org/en/latest/community/updates/#id3 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-80=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-80=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-80=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-80=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-80=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-80=1 - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-80=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2016-80=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-requests-2.8.1-6.9.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-requests-2.8.1-6.9.1 - SUSE Linux Enterprise Server 12 (noarch): python-requests-2.8.1-6.9.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-requests-2.8.1-6.9.1 - SUSE Linux Enterprise High Availability 12 (noarch): python-requests-2.8.1-6.9.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): python-requests-2.8.1-6.9.1 - SUSE Enterprise Storage 2 (noarch): python-requests-2.8.1-6.9.1 - SUSE Enterprise Storage 1.0 (noarch): python-requests-2.8.1-6.9.1 References: https://www.suse.com/security/cve/CVE-2015-2296.html https://bugzilla.suse.com/922448 https://bugzilla.suse.com/929736 https://bugzilla.suse.com/961596 From sle-security-updates at lists.suse.com Thu Jan 14 12:11:30 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Jan 2016 20:11:30 +0100 (CET) Subject: SUSE-SU-2016:0117-1: critical: Security update for openssh-openssl1 Message-ID: <20160114191130.29A933213D@maintenance.suse.de> SUSE Security Update: Security update for openssh-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0117-1 Rating: critical References: #961642 #961645 Cross-References: CVE-2016-0777 CVE-2016-0778 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssh-openssl1 fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssh-openssl1-12327=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openssh-openssl1-6.6p1-10.1 openssh-openssl1-helpers-6.6p1-10.1 References: https://www.suse.com/security/cve/CVE-2016-0777.html https://www.suse.com/security/cve/CVE-2016-0778.html https://bugzilla.suse.com/961642 https://bugzilla.suse.com/961645 From sle-security-updates at lists.suse.com Thu Jan 14 12:12:08 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Jan 2016 20:12:08 +0100 (CET) Subject: SUSE-SU-2016:0118-1: critical: Security update for openssh Message-ID: <20160114191208.B4AA03213D@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0118-1 Rating: critical References: #961642 #961645 Cross-References: CVE-2016-0777 CVE-2016-0778 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-85=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-85=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-85=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-85=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openssh-6.6p1-33.1 openssh-askpass-gnome-6.6p1-33.1 openssh-askpass-gnome-debuginfo-6.6p1-33.1 openssh-debuginfo-6.6p1-33.1 openssh-debugsource-6.6p1-33.1 openssh-fips-6.6p1-33.1 openssh-helpers-6.6p1-33.1 openssh-helpers-debuginfo-6.6p1-33.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openssh-6.6p1-33.1 openssh-askpass-gnome-6.6p1-33.1 openssh-askpass-gnome-debuginfo-6.6p1-33.1 openssh-debuginfo-6.6p1-33.1 openssh-debugsource-6.6p1-33.1 openssh-fips-6.6p1-33.1 openssh-helpers-6.6p1-33.1 openssh-helpers-debuginfo-6.6p1-33.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): openssh-6.6p1-33.1 openssh-askpass-gnome-6.6p1-33.1 openssh-askpass-gnome-debuginfo-6.6p1-33.1 openssh-debuginfo-6.6p1-33.1 openssh-debugsource-6.6p1-33.1 openssh-helpers-6.6p1-33.1 openssh-helpers-debuginfo-6.6p1-33.1 - SUSE Linux Enterprise Desktop 12 (x86_64): openssh-6.6p1-33.1 openssh-askpass-gnome-6.6p1-33.1 openssh-askpass-gnome-debuginfo-6.6p1-33.1 openssh-debuginfo-6.6p1-33.1 openssh-debugsource-6.6p1-33.1 openssh-helpers-6.6p1-33.1 openssh-helpers-debuginfo-6.6p1-33.1 References: https://www.suse.com/security/cve/CVE-2016-0777.html https://www.suse.com/security/cve/CVE-2016-0778.html https://bugzilla.suse.com/961642 https://bugzilla.suse.com/961645 From sle-security-updates at lists.suse.com Thu Jan 14 12:12:45 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Jan 2016 20:12:45 +0100 (CET) Subject: SUSE-SU-2016:0119-1: critical: Security update for openssh Message-ID: <20160114191245.12EE23213D@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0119-1 Rating: critical References: #961642 #961645 Cross-References: CVE-2016-0777 CVE-2016-0778 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-openssh-2016011301-12325=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-openssh-2016011301-12325=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-openssh-2016011301-12325=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-2016011301-12325=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): openssh-6.2p2-0.24.1 openssh-askpass-6.2p2-0.24.1 openssh-askpass-gnome-6.2p2-0.24.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssh-6.2p2-0.24.1 openssh-askpass-6.2p2-0.24.1 openssh-askpass-gnome-6.2p2-0.24.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): openssh-6.2p2-0.24.1 openssh-askpass-6.2p2-0.24.1 openssh-askpass-gnome-6.2p2-0.24.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.2p2-0.24.3 openssh-debuginfo-6.2p2-0.24.1 openssh-debugsource-6.2p2-0.24.1 References: https://www.suse.com/security/cve/CVE-2016-0777.html https://www.suse.com/security/cve/CVE-2016-0778.html https://bugzilla.suse.com/961642 https://bugzilla.suse.com/961645 From sle-security-updates at lists.suse.com Thu Jan 14 12:13:21 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Jan 2016 20:13:21 +0100 (CET) Subject: SUSE-SU-2016:0120-1: critical: Security update for openssh Message-ID: <20160114191321.E33283213D@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0120-1 Rating: critical References: #961642 #961645 Cross-References: CVE-2016-0777 CVE-2016-0778 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-2016011302-12326=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-openssh-2016011302-12326=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-2016011302-12326=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-16.1 openssh-askpass-gnome-6.6p1-16.4 openssh-fips-6.6p1-16.1 openssh-helpers-6.6p1-16.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): openssh-6.6p1-16.1 openssh-askpass-gnome-6.6p1-16.4 openssh-helpers-6.6p1-16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-16.4 openssh-debuginfo-6.6p1-16.1 openssh-debugsource-6.6p1-16.1 References: https://www.suse.com/security/cve/CVE-2016-0777.html https://www.suse.com/security/cve/CVE-2016-0778.html https://bugzilla.suse.com/961642 https://bugzilla.suse.com/961645 From sle-security-updates at lists.suse.com Thu Jan 14 13:11:16 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 14 Jan 2016 21:11:16 +0100 (CET) Subject: SUSE-SU-2016:0121-1: moderate: Security update for mariadb Message-ID: <20160114201116.E15063213D@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0121-1 Rating: moderate References: #934401 #937258 #937343 #937787 #958789 #958790 Cross-References: CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4895 CVE-2015-4913 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements. The following CVEs have been fixed: - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 - 10.0.21: CVE-2015-4816, CVE-2015-4819, CVE-2015-4879, CVE-2015-4895 The following non-security issues have been fixed: - Fix rc.mysql-multi script to properly start instances after restart. (bsc#934401) - Fix rc.mysql-multi script to restart after crash. (bsc#937258) For a comprehensive list of changes refer to the upstream Release Notes and Change Log documents: - https://kb.askmonty.org/en/mariadb-10022-release-notes/ - https://kb.askmonty.org/en/mariadb-10021-release-notes/ - https://kb.askmonty.org/en/mariadb-10022-changelog/ - https://kb.askmonty.org/en/mariadb-10021-changelog/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-87=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-87=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-87=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-87=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libmysqlclient_r18-10.0.22-20.3.1 libmysqlclient_r18-32bit-10.0.22-20.3.1 mariadb-debuginfo-10.0.22-20.3.1 mariadb-debugsource-10.0.22-20.3.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.22-20.3.1 libmysqlclient_r18-10.0.22-20.3.1 libmysqld-devel-10.0.22-20.3.1 libmysqld18-10.0.22-20.3.1 libmysqld18-debuginfo-10.0.22-20.3.1 mariadb-debuginfo-10.0.22-20.3.1 mariadb-debugsource-10.0.22-20.3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmysqlclient18-10.0.22-20.3.1 libmysqlclient18-debuginfo-10.0.22-20.3.1 mariadb-10.0.22-20.3.1 mariadb-client-10.0.22-20.3.1 mariadb-client-debuginfo-10.0.22-20.3.1 mariadb-debuginfo-10.0.22-20.3.1 mariadb-debugsource-10.0.22-20.3.1 mariadb-errormessages-10.0.22-20.3.1 mariadb-tools-10.0.22-20.3.1 mariadb-tools-debuginfo-10.0.22-20.3.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmysqlclient18-32bit-10.0.22-20.3.1 libmysqlclient18-debuginfo-32bit-10.0.22-20.3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libmysqlclient18-10.0.22-20.3.1 libmysqlclient18-32bit-10.0.22-20.3.1 libmysqlclient18-debuginfo-10.0.22-20.3.1 libmysqlclient18-debuginfo-32bit-10.0.22-20.3.1 libmysqlclient_r18-10.0.22-20.3.1 libmysqlclient_r18-32bit-10.0.22-20.3.1 mariadb-10.0.22-20.3.1 mariadb-client-10.0.22-20.3.1 mariadb-client-debuginfo-10.0.22-20.3.1 mariadb-debuginfo-10.0.22-20.3.1 mariadb-debugsource-10.0.22-20.3.1 mariadb-errormessages-10.0.22-20.3.1 References: https://www.suse.com/security/cve/CVE-2015-4792.html https://www.suse.com/security/cve/CVE-2015-4802.html https://www.suse.com/security/cve/CVE-2015-4807.html https://www.suse.com/security/cve/CVE-2015-4815.html https://www.suse.com/security/cve/CVE-2015-4816.html https://www.suse.com/security/cve/CVE-2015-4819.html https://www.suse.com/security/cve/CVE-2015-4826.html https://www.suse.com/security/cve/CVE-2015-4830.html https://www.suse.com/security/cve/CVE-2015-4836.html https://www.suse.com/security/cve/CVE-2015-4858.html https://www.suse.com/security/cve/CVE-2015-4861.html https://www.suse.com/security/cve/CVE-2015-4870.html https://www.suse.com/security/cve/CVE-2015-4879.html https://www.suse.com/security/cve/CVE-2015-4895.html https://www.suse.com/security/cve/CVE-2015-4913.html https://bugzilla.suse.com/934401 https://bugzilla.suse.com/937258 https://bugzilla.suse.com/937343 https://bugzilla.suse.com/937787 https://bugzilla.suse.com/958789 https://bugzilla.suse.com/958790 From sle-security-updates at lists.suse.com Mon Jan 18 06:12:16 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 18 Jan 2016 14:12:16 +0100 (CET) Subject: SUSE-SU-2016:0149-1: moderate: Security update for mozilla-nss Message-ID: <20160118131216.883DB3213D@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0149-1 Rating: moderate References: #959888 Cross-References: CVE-2015-7575 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-98=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-98=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-98=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-98=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-98=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-98=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): mozilla-nss-debuginfo-3.19.2.2-32.1 mozilla-nss-debugsource-3.19.2.2-32.1 mozilla-nss-devel-3.19.2.2-32.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): mozilla-nss-debuginfo-3.19.2.2-32.1 mozilla-nss-debugsource-3.19.2.2-32.1 mozilla-nss-devel-3.19.2.2-32.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libfreebl3-3.19.2.2-32.1 libfreebl3-debuginfo-3.19.2.2-32.1 libfreebl3-hmac-3.19.2.2-32.1 libsoftokn3-3.19.2.2-32.1 libsoftokn3-debuginfo-3.19.2.2-32.1 libsoftokn3-hmac-3.19.2.2-32.1 mozilla-nss-3.19.2.2-32.1 mozilla-nss-certs-3.19.2.2-32.1 mozilla-nss-certs-debuginfo-3.19.2.2-32.1 mozilla-nss-debuginfo-3.19.2.2-32.1 mozilla-nss-debugsource-3.19.2.2-32.1 mozilla-nss-sysinit-3.19.2.2-32.1 mozilla-nss-sysinit-debuginfo-3.19.2.2-32.1 mozilla-nss-tools-3.19.2.2-32.1 mozilla-nss-tools-debuginfo-3.19.2.2-32.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libfreebl3-32bit-3.19.2.2-32.1 libfreebl3-debuginfo-32bit-3.19.2.2-32.1 libfreebl3-hmac-32bit-3.19.2.2-32.1 libsoftokn3-32bit-3.19.2.2-32.1 libsoftokn3-debuginfo-32bit-3.19.2.2-32.1 libsoftokn3-hmac-32bit-3.19.2.2-32.1 mozilla-nss-32bit-3.19.2.2-32.1 mozilla-nss-certs-32bit-3.19.2.2-32.1 mozilla-nss-certs-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-sysinit-32bit-3.19.2.2-32.1 mozilla-nss-sysinit-debuginfo-32bit-3.19.2.2-32.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libfreebl3-3.19.2.2-32.1 libfreebl3-debuginfo-3.19.2.2-32.1 libfreebl3-hmac-3.19.2.2-32.1 libsoftokn3-3.19.2.2-32.1 libsoftokn3-debuginfo-3.19.2.2-32.1 libsoftokn3-hmac-3.19.2.2-32.1 mozilla-nss-3.19.2.2-32.1 mozilla-nss-certs-3.19.2.2-32.1 mozilla-nss-certs-debuginfo-3.19.2.2-32.1 mozilla-nss-debuginfo-3.19.2.2-32.1 mozilla-nss-debugsource-3.19.2.2-32.1 mozilla-nss-sysinit-3.19.2.2-32.1 mozilla-nss-sysinit-debuginfo-3.19.2.2-32.1 mozilla-nss-tools-3.19.2.2-32.1 mozilla-nss-tools-debuginfo-3.19.2.2-32.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreebl3-32bit-3.19.2.2-32.1 libfreebl3-debuginfo-32bit-3.19.2.2-32.1 libfreebl3-hmac-32bit-3.19.2.2-32.1 libsoftokn3-32bit-3.19.2.2-32.1 libsoftokn3-debuginfo-32bit-3.19.2.2-32.1 libsoftokn3-hmac-32bit-3.19.2.2-32.1 mozilla-nss-32bit-3.19.2.2-32.1 mozilla-nss-certs-32bit-3.19.2.2-32.1 mozilla-nss-certs-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-sysinit-32bit-3.19.2.2-32.1 mozilla-nss-sysinit-debuginfo-32bit-3.19.2.2-32.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libfreebl3-3.19.2.2-32.1 libfreebl3-32bit-3.19.2.2-32.1 libfreebl3-debuginfo-3.19.2.2-32.1 libfreebl3-debuginfo-32bit-3.19.2.2-32.1 libsoftokn3-3.19.2.2-32.1 libsoftokn3-32bit-3.19.2.2-32.1 libsoftokn3-debuginfo-3.19.2.2-32.1 libsoftokn3-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-3.19.2.2-32.1 mozilla-nss-32bit-3.19.2.2-32.1 mozilla-nss-certs-3.19.2.2-32.1 mozilla-nss-certs-32bit-3.19.2.2-32.1 mozilla-nss-certs-debuginfo-3.19.2.2-32.1 mozilla-nss-certs-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-debuginfo-3.19.2.2-32.1 mozilla-nss-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-debugsource-3.19.2.2-32.1 mozilla-nss-sysinit-3.19.2.2-32.1 mozilla-nss-sysinit-32bit-3.19.2.2-32.1 mozilla-nss-sysinit-debuginfo-3.19.2.2-32.1 mozilla-nss-sysinit-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-tools-3.19.2.2-32.1 mozilla-nss-tools-debuginfo-3.19.2.2-32.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libfreebl3-3.19.2.2-32.1 libfreebl3-32bit-3.19.2.2-32.1 libfreebl3-debuginfo-3.19.2.2-32.1 libfreebl3-debuginfo-32bit-3.19.2.2-32.1 libsoftokn3-3.19.2.2-32.1 libsoftokn3-32bit-3.19.2.2-32.1 libsoftokn3-debuginfo-3.19.2.2-32.1 libsoftokn3-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-3.19.2.2-32.1 mozilla-nss-32bit-3.19.2.2-32.1 mozilla-nss-certs-3.19.2.2-32.1 mozilla-nss-certs-32bit-3.19.2.2-32.1 mozilla-nss-certs-debuginfo-3.19.2.2-32.1 mozilla-nss-certs-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-debuginfo-3.19.2.2-32.1 mozilla-nss-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-debugsource-3.19.2.2-32.1 mozilla-nss-sysinit-3.19.2.2-32.1 mozilla-nss-sysinit-32bit-3.19.2.2-32.1 mozilla-nss-sysinit-debuginfo-3.19.2.2-32.1 mozilla-nss-sysinit-debuginfo-32bit-3.19.2.2-32.1 mozilla-nss-tools-3.19.2.2-32.1 mozilla-nss-tools-debuginfo-3.19.2.2-32.1 References: https://www.suse.com/security/cve/CVE-2015-7575.html https://bugzilla.suse.com/959888 From sle-security-updates at lists.suse.com Mon Jan 18 14:13:37 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 18 Jan 2016 22:13:37 +0100 (CET) Subject: SUSE-SU-2016:0160-1: moderate: Security update for tiff Message-ID: <20160118211337.515C03213D@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0160-1 Rating: moderate References: #942690 #960341 Cross-References: CVE-2015-7554 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update to tiff 4.0.6 fixes the following issues: - CVE-2015-7554: Out-of-bounds write in the thumbnail and tiffcmp tools allowed attacker to cause a denial of service or have unspecified further impact (bsc#960341) - bsc#942690: potential out-of-bound write in NeXTDecode() (#2508) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-104=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-104=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-104=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-104=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-104=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-104=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtiff-devel-4.0.6-19.1 tiff-debuginfo-4.0.6-19.1 tiff-debugsource-4.0.6-19.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libtiff-devel-4.0.6-19.1 tiff-debuginfo-4.0.6-19.1 tiff-debugsource-4.0.6-19.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtiff5-4.0.6-19.1 libtiff5-debuginfo-4.0.6-19.1 tiff-4.0.6-19.1 tiff-debuginfo-4.0.6-19.1 tiff-debugsource-4.0.6-19.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtiff5-32bit-4.0.6-19.1 libtiff5-debuginfo-32bit-4.0.6-19.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libtiff5-4.0.6-19.1 libtiff5-debuginfo-4.0.6-19.1 tiff-4.0.6-19.1 tiff-debuginfo-4.0.6-19.1 tiff-debugsource-4.0.6-19.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libtiff5-32bit-4.0.6-19.1 libtiff5-debuginfo-32bit-4.0.6-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtiff5-32bit-4.0.6-19.1 libtiff5-4.0.6-19.1 libtiff5-debuginfo-32bit-4.0.6-19.1 libtiff5-debuginfo-4.0.6-19.1 tiff-debuginfo-4.0.6-19.1 tiff-debugsource-4.0.6-19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libtiff5-32bit-4.0.6-19.1 libtiff5-4.0.6-19.1 libtiff5-debuginfo-32bit-4.0.6-19.1 libtiff5-debuginfo-4.0.6-19.1 tiff-debuginfo-4.0.6-19.1 tiff-debugsource-4.0.6-19.1 References: https://www.suse.com/security/cve/CVE-2015-7554.html https://bugzilla.suse.com/942690 https://bugzilla.suse.com/960341 From sle-security-updates at lists.suse.com Tue Jan 19 05:11:46 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Jan 2016 13:11:46 +0100 (CET) Subject: SUSE-SU-2016:0164-1: important: Security update for samba Message-ID: <20160119121146.8D7753213D@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0164-1 Rating: important References: #295284 #912457 #934299 #936909 #948244 #949022 #953382 #958582 #958583 #958584 #958586 Cross-References: CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has 7 fixes is now available. Description: This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586) - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582) - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584) - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583) Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022) - Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382) - Ensure "Your account is disabled" message is displayed when attempting to ssh into locked account (bnc#953382) - Address unrecoverable winbind failure: "key length too large" (bnc#934299) - Take resource group sids into account when caching netsamlogon data (bnc#912457) - Fix lookup of groups with "Local Domain" scope from Active Directory (bnc#948244) - dependency issue with samba-winbind (bnc#936909) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-samba-20160113-12338=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-samba-20160113-12338=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-samba-20160113-12338=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-samba-20160113-12338=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-samba-20160113-12338=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-samba-20160113-12338=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-samba-20160113-12338=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-20160113-12338=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-20160113-12338=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-64.1 libnetapi-devel-3.6.3-64.1 libnetapi0-3.6.3-64.1 libsmbclient-devel-3.6.3-64.1 libsmbsharemodes-devel-3.6.3-64.1 libsmbsharemodes0-3.6.3-64.1 libtalloc-devel-3.6.3-64.1 libtdb-devel-3.6.3-64.1 libtevent-devel-3.6.3-64.1 libwbclient-devel-3.6.3-64.1 samba-devel-3.6.3-64.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64 ppc64 s390x x86_64): samba-test-3.6.3-64.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-64.1 libnetapi-devel-3.6.3-64.1 libnetapi0-3.6.3-64.1 libsmbclient-devel-3.6.3-64.1 libsmbsharemodes-devel-3.6.3-64.1 libsmbsharemodes0-3.6.3-64.1 libtalloc-devel-3.6.3-64.1 libtdb-devel-3.6.3-64.1 libtevent-devel-3.6.3-64.1 libwbclient-devel-3.6.3-64.1 samba-devel-3.6.3-64.1 samba-test-3.6.3-64.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): ldapsmb-1.34b-64.1 libldb1-3.6.3-64.1 libsmbclient0-3.6.3-64.1 libtalloc2-3.6.3-64.1 libtdb1-3.6.3-64.1 libtevent0-3.6.3-64.1 libwbclient0-3.6.3-64.1 samba-3.6.3-64.1 samba-client-3.6.3-64.1 samba-krb-printing-3.6.3-64.1 samba-winbind-3.6.3-64.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libsmbclient0-32bit-3.6.3-64.1 libtalloc2-32bit-3.6.3-64.1 libtdb1-32bit-3.6.3-64.1 libtevent0-32bit-3.6.3-64.1 libwbclient0-32bit-3.6.3-64.1 samba-32bit-3.6.3-64.1 samba-client-32bit-3.6.3-64.1 samba-winbind-32bit-3.6.3-64.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): samba-doc-3.6.3-64.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-64.1 libldb1-3.6.3-64.1 libsmbclient0-3.6.3-64.1 libtalloc2-3.6.3-64.1 libtdb1-3.6.3-64.1 libtevent0-3.6.3-64.1 libwbclient0-3.6.3-64.1 samba-3.6.3-64.1 samba-client-3.6.3-64.1 samba-krb-printing-3.6.3-64.1 samba-winbind-3.6.3-64.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-64.1 libtalloc2-32bit-3.6.3-64.1 libtdb1-32bit-3.6.3-64.1 libtevent0-32bit-3.6.3-64.1 libwbclient0-32bit-3.6.3-64.1 samba-32bit-3.6.3-64.1 samba-client-32bit-3.6.3-64.1 samba-winbind-32bit-3.6.3-64.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): samba-doc-3.6.3-64.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsmbclient0-x86-3.6.3-64.1 libtalloc2-x86-3.6.3-64.1 libtdb1-x86-3.6.3-64.1 libtevent0-x86-3.6.3-64.1 libwbclient0-x86-3.6.3-64.1 samba-client-x86-3.6.3-64.1 samba-winbind-x86-3.6.3-64.1 samba-x86-3.6.3-64.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-64.1 libldb1-3.6.3-64.1 libsmbclient0-3.6.3-64.1 libtalloc2-3.6.3-64.1 libtdb1-3.6.3-64.1 libtevent0-3.6.3-64.1 libwbclient0-3.6.3-64.1 samba-3.6.3-64.1 samba-client-3.6.3-64.1 samba-krb-printing-3.6.3-64.1 samba-winbind-3.6.3-64.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-64.1 libtalloc2-32bit-3.6.3-64.1 libtdb1-32bit-3.6.3-64.1 libtevent0-32bit-3.6.3-64.1 libwbclient0-32bit-3.6.3-64.1 samba-32bit-3.6.3-64.1 samba-client-32bit-3.6.3-64.1 samba-winbind-32bit-3.6.3-64.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): samba-doc-3.6.3-64.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libsmbclient0-x86-3.6.3-64.1 libtalloc2-x86-3.6.3-64.1 libtdb1-x86-3.6.3-64.1 libwbclient0-x86-3.6.3-64.1 samba-client-x86-3.6.3-64.1 samba-winbind-x86-3.6.3-64.1 samba-x86-3.6.3-64.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libldb1-3.6.3-64.1 libsmbclient0-3.6.3-64.1 libtalloc2-3.6.3-64.1 libtdb1-3.6.3-64.1 libtevent0-3.6.3-64.1 libwbclient0-3.6.3-64.1 samba-3.6.3-64.1 samba-client-3.6.3-64.1 samba-krb-printing-3.6.3-64.1 samba-winbind-3.6.3-64.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libldb1-32bit-3.6.3-64.1 libsmbclient0-32bit-3.6.3-64.1 libtalloc2-32bit-3.6.3-64.1 libtdb1-32bit-3.6.3-64.1 libtevent0-32bit-3.6.3-64.1 libwbclient0-32bit-3.6.3-64.1 samba-32bit-3.6.3-64.1 samba-client-32bit-3.6.3-64.1 samba-winbind-32bit-3.6.3-64.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): samba-doc-3.6.3-64.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libldb1-3.6.3-64.1 libsmbclient0-3.6.3-64.1 libtalloc2-3.6.3-64.1 libtdb1-3.6.3-64.1 libtevent0-3.6.3-64.1 libwbclient0-3.6.3-64.1 samba-3.6.3-64.1 samba-client-3.6.3-64.1 samba-krb-printing-3.6.3-64.1 samba-winbind-3.6.3-64.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libldb1-32bit-3.6.3-64.1 libsmbclient0-32bit-3.6.3-64.1 libtalloc2-32bit-3.6.3-64.1 libtdb1-32bit-3.6.3-64.1 libtevent0-32bit-3.6.3-64.1 libwbclient0-32bit-3.6.3-64.1 samba-32bit-3.6.3-64.1 samba-client-32bit-3.6.3-64.1 samba-winbind-32bit-3.6.3-64.1 - SUSE Linux Enterprise Desktop 11-SP3 (noarch): samba-doc-3.6.3-64.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-64.1 samba-debugsource-3.6.3-64.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-64.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): samba-debuginfo-x86-3.6.3-64.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-64.1 samba-debugsource-3.6.3-64.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x): samba-debuginfo-32bit-3.6.3-64.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): samba-debuginfo-x86-3.6.3-64.1 References: https://www.suse.com/security/cve/CVE-2015-5252.html https://www.suse.com/security/cve/CVE-2015-5296.html https://www.suse.com/security/cve/CVE-2015-5299.html https://www.suse.com/security/cve/CVE-2015-5330.html https://bugzilla.suse.com/295284 https://bugzilla.suse.com/912457 https://bugzilla.suse.com/934299 https://bugzilla.suse.com/936909 https://bugzilla.suse.com/948244 https://bugzilla.suse.com/949022 https://bugzilla.suse.com/953382 https://bugzilla.suse.com/958582 https://bugzilla.suse.com/958583 https://bugzilla.suse.com/958584 https://bugzilla.suse.com/958586 From sle-security-updates at lists.suse.com Tue Jan 19 06:12:52 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 19 Jan 2016 14:12:52 +0100 (CET) Subject: SUSE-SU-2016:0168-1: important: Security update for the Linux Kernel Message-ID: <20160119131252.AF1EE3213D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0168-1 Rating: important References: #758040 #902606 #924919 #935087 #937261 #943959 #945649 #949440 #951155 #951199 #951392 #951615 #951638 #952579 #952976 #956708 #956801 #956876 #957395 #957546 #957988 #957990 #958463 #958504 #958510 #958647 #958886 #958951 #959190 #959364 #959399 #959436 #959705 #960300 Cross-References: CVE-2015-7550 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988). - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399). The following non-security bugs were fixed: - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261). - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - Re-add copy_page_vector_to_user() - Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705). - Refresh patches.xen/xen3-patch-3.9 (bsc#951155). - Update patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction -.patch (bnc#935087, bnc#945649, bnc#951615). - bcache: Add btree_insert_node() (bnc#951638). - bcache: Add explicit keylist arg to btree_insert() (bnc#951638). - bcache: Clean up keylist code (bnc#951638). - bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638). - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638). - bcache: Convert try_wait to wait_queue_head_t (bnc#951638). - bcache: Explicitly track btree node's parent (bnc#951638). - bcache: Fix a bug when detaching (bsc#951638). - bcache: Fix a lockdep splat in an error path (bnc#951638). - bcache: Fix a shutdown bug (bsc#951638). - bcache: Fix more early shutdown bugs (bsc#951638). - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - bcache: Insert multiple keys at a time (bnc#951638). - bcache: Refactor journalling flow control (bnc#951638). - bcache: Refactor request_write() (bnc#951638). - bcache: Use blkdev_issue_discard() (bnc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: kill closure locking usage (bnc#951638). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#902606). - btrfs: Add qgroup tracing (bnc#935087, bnc#945649). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647). - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300). - btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649). - btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649). - btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649). - btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649). - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087, bnc#945649). - btrfs: fix order by which delayed references are run (bnc#949440). - btrfs: fix qgroup sanity tests (bnc#951615). - btrfs: fix race waiting for qgroup rescan worker (bnc#960300). - btrfs: fix regression running delayed references when using qgroups (bnc#951615). - btrfs: fix regression when running delayed references (bnc#951615). - btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649). - btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649). - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300). - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649). - btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649). - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300). - btrfs: qgroup: exit the rescan worker during umount (bnc#960300). - btrfs: qgroup: fix quota disable during rescan (bnc#960300). - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087, bnc#945649). - btrfs: remove transaction from send (bnc#935087, bnc#945649). - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649). - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#957395). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - drm: Allocate new master object when client becomes master (bsc#956876, bsc#956801). - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - ipv6: fix tunnel error handling (bsc#952579). - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - mm/mempolicy.c: convert the shared_policy lock to a rwlock (bnc#959436). - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959). - pm, hinernate: use put_page in release_swap_writer (bnc#943959). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#957395). - udp: properly support MSG_PEEK with truncated buffers (bsc#951199 bsc#959364). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#957546). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-107=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-107=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-107=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-107=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-107=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-107=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.51-52.34.1 kernel-default-debugsource-3.12.51-52.34.1 kernel-default-extra-3.12.51-52.34.1 kernel-default-extra-debuginfo-3.12.51-52.34.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.51-52.34.1 kernel-obs-build-debugsource-3.12.51-52.34.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.51-52.34.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.51-52.34.1 kernel-default-base-3.12.51-52.34.1 kernel-default-base-debuginfo-3.12.51-52.34.1 kernel-default-debuginfo-3.12.51-52.34.1 kernel-default-debugsource-3.12.51-52.34.1 kernel-default-devel-3.12.51-52.34.1 kernel-syms-3.12.51-52.34.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.51-52.34.1 kernel-xen-base-3.12.51-52.34.1 kernel-xen-base-debuginfo-3.12.51-52.34.1 kernel-xen-debuginfo-3.12.51-52.34.1 kernel-xen-debugsource-3.12.51-52.34.1 kernel-xen-devel-3.12.51-52.34.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.51-52.34.1 kernel-macros-3.12.51-52.34.1 kernel-source-3.12.51-52.34.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.51-52.34.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.51-52.34.1 kernel-ec2-debuginfo-3.12.51-52.34.1 kernel-ec2-debugsource-3.12.51-52.34.1 kernel-ec2-devel-3.12.51-52.34.1 kernel-ec2-extra-3.12.51-52.34.1 kernel-ec2-extra-debuginfo-3.12.51-52.34.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-52_34-default-1-2.1 kgraft-patch-3_12_51-52_34-xen-1-2.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.51-52.34.1 kernel-default-debuginfo-3.12.51-52.34.1 kernel-default-debugsource-3.12.51-52.34.1 kernel-default-devel-3.12.51-52.34.1 kernel-default-extra-3.12.51-52.34.1 kernel-default-extra-debuginfo-3.12.51-52.34.1 kernel-syms-3.12.51-52.34.1 kernel-xen-3.12.51-52.34.1 kernel-xen-debuginfo-3.12.51-52.34.1 kernel-xen-debugsource-3.12.51-52.34.1 kernel-xen-devel-3.12.51-52.34.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.51-52.34.1 kernel-macros-3.12.51-52.34.1 kernel-source-3.12.51-52.34.1 References: https://www.suse.com/security/cve/CVE-2015-7550.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8543.html https://www.suse.com/security/cve/CVE-2015-8550.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8569.html https://www.suse.com/security/cve/CVE-2015-8575.html https://bugzilla.suse.com/758040 https://bugzilla.suse.com/902606 https://bugzilla.suse.com/924919 https://bugzilla.suse.com/935087 https://bugzilla.suse.com/937261 https://bugzilla.suse.com/943959 https://bugzilla.suse.com/945649 https://bugzilla.suse.com/949440 https://bugzilla.suse.com/951155 https://bugzilla.suse.com/951199 https://bugzilla.suse.com/951392 https://bugzilla.suse.com/951615 https://bugzilla.suse.com/951638 https://bugzilla.suse.com/952579 https://bugzilla.suse.com/952976 https://bugzilla.suse.com/956708 https://bugzilla.suse.com/956801 https://bugzilla.suse.com/956876 https://bugzilla.suse.com/957395 https://bugzilla.suse.com/957546 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/958504 https://bugzilla.suse.com/958510 https://bugzilla.suse.com/958647 https://bugzilla.suse.com/958886 https://bugzilla.suse.com/958951 https://bugzilla.suse.com/959190 https://bugzilla.suse.com/959364 https://bugzilla.suse.com/959399 https://bugzilla.suse.com/959436 https://bugzilla.suse.com/959705 https://bugzilla.suse.com/960300 From sle-security-updates at lists.suse.com Tue Jan 19 16:11:06 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jan 2016 00:11:06 +0100 (CET) Subject: SUSE-SU-2016:0173-1: moderate: Security update for rsync Message-ID: <20160119231107.01A4A3213D@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0173-1 Rating: moderate References: #898513 #900914 #915410 #922710 Cross-References: CVE-2014-8242 CVE-2014-9512 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for rsync fixes two security issues and two non-security bugs. The following vulnerabilities were fixed: - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914) - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410) The following non-security bugs were fixed: - bsc#922710: Prevent rsyncd from spamming the log when trying to register SLP. - bsc#898513: slp support broke rsync usage. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-113=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-113=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-113=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-113=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): rsync-3.1.0-6.1 rsync-debuginfo-3.1.0-6.1 rsync-debugsource-3.1.0-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): rsync-3.1.0-6.1 rsync-debuginfo-3.1.0-6.1 rsync-debugsource-3.1.0-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): rsync-3.1.0-6.1 rsync-debuginfo-3.1.0-6.1 rsync-debugsource-3.1.0-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): rsync-3.1.0-6.1 rsync-debuginfo-3.1.0-6.1 rsync-debugsource-3.1.0-6.1 References: https://www.suse.com/security/cve/CVE-2014-8242.html https://www.suse.com/security/cve/CVE-2014-9512.html https://bugzilla.suse.com/898513 https://bugzilla.suse.com/900914 https://bugzilla.suse.com/915410 https://bugzilla.suse.com/922710 From sle-security-updates at lists.suse.com Tue Jan 19 16:12:05 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jan 2016 00:12:05 +0100 (CET) Subject: SUSE-SU-2016:0174-1: important: Security update for bind Message-ID: <20160119231205.D795F3213D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0174-1 Rating: important References: #962189 Cross-References: CVE-2015-8704 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-114=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-114=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-114=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bind-debuginfo-9.9.6P1-35.1 bind-debugsource-9.9.6P1-35.1 bind-devel-9.9.6P1-35.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bind-9.9.6P1-35.1 bind-chrootenv-9.9.6P1-35.1 bind-debuginfo-9.9.6P1-35.1 bind-debugsource-9.9.6P1-35.1 bind-libs-9.9.6P1-35.1 bind-libs-debuginfo-9.9.6P1-35.1 bind-utils-9.9.6P1-35.1 bind-utils-debuginfo-9.9.6P1-35.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): bind-libs-32bit-9.9.6P1-35.1 bind-libs-debuginfo-32bit-9.9.6P1-35.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bind-doc-9.9.6P1-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bind-debuginfo-9.9.6P1-35.1 bind-debugsource-9.9.6P1-35.1 bind-libs-32bit-9.9.6P1-35.1 bind-libs-9.9.6P1-35.1 bind-libs-debuginfo-32bit-9.9.6P1-35.1 bind-libs-debuginfo-9.9.6P1-35.1 bind-utils-9.9.6P1-35.1 bind-utils-debuginfo-9.9.6P1-35.1 References: https://www.suse.com/security/cve/CVE-2015-8704.html https://bugzilla.suse.com/962189 From sle-security-updates at lists.suse.com Wed Jan 20 05:11:50 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jan 2016 13:11:50 +0100 (CET) Subject: SUSE-SU-2016:0176-1: moderate: Security update for rsync Message-ID: <20160120121150.22CB23213D@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0176-1 Rating: moderate References: #900914 #915410 Cross-References: CVE-2014-8242 CVE-2014-9512 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rsync fixes two security issues: - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914) - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-rsync-12344=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-rsync-12344=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-rsync-12344=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-rsync-12344=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-rsync-12344=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-rsync-12344=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-rsync-12344=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): rsync-3.0.4-2.49.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsync-3.0.4-2.49.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): rsync-3.0.4-2.49.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): rsync-3.0.4-2.49.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): rsync-3.0.4-2.49.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsync-debuginfo-3.0.4-2.49.1 rsync-debugsource-3.0.4-2.49.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): rsync-debuginfo-3.0.4-2.49.1 rsync-debugsource-3.0.4-2.49.1 References: https://www.suse.com/security/cve/CVE-2014-8242.html https://www.suse.com/security/cve/CVE-2014-9512.html https://bugzilla.suse.com/900914 https://bugzilla.suse.com/915410 From sle-security-updates at lists.suse.com Wed Jan 20 09:11:42 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jan 2016 17:11:42 +0100 (CET) Subject: SUSE-SU-2016:0178-1: moderate: Security update for libxml2 Message-ID: <20160120161142.D6A583213D@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0178-1 Rating: moderate References: #960674 Cross-References: CVE-2015-8710 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-117=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-117=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-117=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-117=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-117=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-117=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-17.1 libxml2-devel-2.9.1-17.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-17.1 libxml2-devel-2.9.1-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libxml2-2-2.9.1-17.1 libxml2-2-debuginfo-2.9.1-17.1 libxml2-debugsource-2.9.1-17.1 libxml2-tools-2.9.1-17.1 libxml2-tools-debuginfo-2.9.1-17.1 python-libxml2-2.9.1-17.1 python-libxml2-debuginfo-2.9.1-17.1 python-libxml2-debugsource-2.9.1-17.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libxml2-2-32bit-2.9.1-17.1 libxml2-2-debuginfo-32bit-2.9.1-17.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libxml2-doc-2.9.1-17.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libxml2-2-2.9.1-17.1 libxml2-2-debuginfo-2.9.1-17.1 libxml2-debugsource-2.9.1-17.1 libxml2-tools-2.9.1-17.1 libxml2-tools-debuginfo-2.9.1-17.1 python-libxml2-2.9.1-17.1 python-libxml2-debuginfo-2.9.1-17.1 python-libxml2-debugsource-2.9.1-17.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libxml2-2-32bit-2.9.1-17.1 libxml2-2-debuginfo-32bit-2.9.1-17.1 - SUSE Linux Enterprise Server 12 (noarch): libxml2-doc-2.9.1-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libxml2-2-2.9.1-17.1 libxml2-2-32bit-2.9.1-17.1 libxml2-2-debuginfo-2.9.1-17.1 libxml2-2-debuginfo-32bit-2.9.1-17.1 libxml2-debugsource-2.9.1-17.1 libxml2-tools-2.9.1-17.1 libxml2-tools-debuginfo-2.9.1-17.1 python-libxml2-2.9.1-17.1 python-libxml2-debuginfo-2.9.1-17.1 python-libxml2-debugsource-2.9.1-17.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libxml2-2-2.9.1-17.1 libxml2-2-32bit-2.9.1-17.1 libxml2-2-debuginfo-2.9.1-17.1 libxml2-2-debuginfo-32bit-2.9.1-17.1 libxml2-debugsource-2.9.1-17.1 libxml2-tools-2.9.1-17.1 libxml2-tools-debuginfo-2.9.1-17.1 python-libxml2-2.9.1-17.1 python-libxml2-debuginfo-2.9.1-17.1 python-libxml2-debugsource-2.9.1-17.1 References: https://www.suse.com/security/cve/CVE-2015-8710.html https://bugzilla.suse.com/960674 From sle-security-updates at lists.suse.com Wed Jan 20 10:11:18 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jan 2016 18:11:18 +0100 (CET) Subject: SUSE-SU-2016:0180-1: important: Security update for bind Message-ID: <20160120171118.6C9F33213D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0180-1 Rating: important References: #962189 Cross-References: CVE-2015-8704 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-118=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-118=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-118=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.6P1-28.9.1 bind-debugsource-9.9.6P1-28.9.1 bind-devel-9.9.6P1-28.9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.6P1-28.9.1 bind-chrootenv-9.9.6P1-28.9.1 bind-debuginfo-9.9.6P1-28.9.1 bind-debugsource-9.9.6P1-28.9.1 bind-libs-9.9.6P1-28.9.1 bind-libs-debuginfo-9.9.6P1-28.9.1 bind-utils-9.9.6P1-28.9.1 bind-utils-debuginfo-9.9.6P1-28.9.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.6P1-28.9.1 bind-libs-debuginfo-32bit-9.9.6P1-28.9.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.6P1-28.9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.6P1-28.9.1 bind-debugsource-9.9.6P1-28.9.1 bind-libs-32bit-9.9.6P1-28.9.1 bind-libs-9.9.6P1-28.9.1 bind-libs-debuginfo-32bit-9.9.6P1-28.9.1 bind-libs-debuginfo-9.9.6P1-28.9.1 bind-utils-9.9.6P1-28.9.1 bind-utils-debuginfo-9.9.6P1-28.9.1 References: https://www.suse.com/security/cve/CVE-2015-8704.html https://bugzilla.suse.com/962189 From sle-security-updates at lists.suse.com Wed Jan 20 13:11:27 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 20 Jan 2016 21:11:27 +0100 (CET) Subject: SUSE-SU-2016:0186-1: important: Security update for the Linux Kernel Message-ID: <20160120201128.068633213D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0186-1 Rating: important References: #962075 Cross-References: CVE-2016-0728 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive a security fix. Following security bug was fixed: - A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075, CVE-2016-0728). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-124=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-124=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-124=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-124=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-124=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-124=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.51-60.25.1 kernel-default-debugsource-3.12.51-60.25.1 kernel-default-extra-3.12.51-60.25.1 kernel-default-extra-debuginfo-3.12.51-60.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.51-60.25.1 kernel-obs-build-debugsource-3.12.51-60.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.51-60.25.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.51-60.25.1 kernel-default-base-3.12.51-60.25.1 kernel-default-base-debuginfo-3.12.51-60.25.1 kernel-default-debuginfo-3.12.51-60.25.1 kernel-default-debugsource-3.12.51-60.25.1 kernel-default-devel-3.12.51-60.25.1 kernel-syms-3.12.51-60.25.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.51-60.25.1 kernel-xen-base-3.12.51-60.25.1 kernel-xen-base-debuginfo-3.12.51-60.25.1 kernel-xen-debuginfo-3.12.51-60.25.1 kernel-xen-debugsource-3.12.51-60.25.1 kernel-xen-devel-3.12.51-60.25.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.51-60.25.1 kernel-macros-3.12.51-60.25.1 kernel-source-3.12.51-60.25.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.51-60.25.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.51-60.25.1 kernel-ec2-debuginfo-3.12.51-60.25.1 kernel-ec2-debugsource-3.12.51-60.25.1 kernel-ec2-devel-3.12.51-60.25.1 kernel-ec2-extra-3.12.51-60.25.1 kernel-ec2-extra-debuginfo-3.12.51-60.25.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_25-default-1-2.2 kgraft-patch-3_12_51-60_25-xen-1-2.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.51-60.25.1 kernel-default-debuginfo-3.12.51-60.25.1 kernel-default-debugsource-3.12.51-60.25.1 kernel-default-devel-3.12.51-60.25.1 kernel-default-extra-3.12.51-60.25.1 kernel-default-extra-debuginfo-3.12.51-60.25.1 kernel-syms-3.12.51-60.25.1 kernel-xen-3.12.51-60.25.1 kernel-xen-debuginfo-3.12.51-60.25.1 kernel-xen-debugsource-3.12.51-60.25.1 kernel-xen-devel-3.12.51-60.25.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.51-60.25.1 kernel-macros-3.12.51-60.25.1 kernel-source-3.12.51-60.25.1 References: https://www.suse.com/security/cve/CVE-2016-0728.html https://bugzilla.suse.com/962075 From sle-security-updates at lists.suse.com Thu Jan 21 09:12:45 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 21 Jan 2016 17:12:45 +0100 (CET) Subject: SUSE-SU-2016:0187-1: moderate: Security update for libxml2 Message-ID: <20160121161245.66F2B3213D@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0187-1 Rating: moderate References: #960674 Cross-References: CVE-2015-8710 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application (bsc#960674) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-20160113-12347=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-libxml2-20160113-12347=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-libxml2-20160113-12347=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-20160113-12347=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-libxml2-20160113-12347=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libxml2-20160113-12347=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-libxml2-20160113-12347=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-20160113-12347=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libxml2-20160113-12347=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.37.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.37.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.37.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.37.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libxml2-2.7.6-0.37.1 libxml2-doc-2.7.6-0.37.1 libxml2-python-2.7.6-0.37.4 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libxml2-32bit-2.7.6-0.37.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.37.1 libxml2-doc-2.7.6-0.37.1 libxml2-python-2.7.6-0.37.4 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.37.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.37.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.37.1 libxml2-doc-2.7.6-0.37.1 libxml2-python-2.7.6-0.37.4 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.37.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libxml2-x86-2.7.6-0.37.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libxml2-2.7.6-0.37.1 libxml2-python-2.7.6-0.37.4 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libxml2-32bit-2.7.6-0.37.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libxml2-2.7.6-0.37.1 libxml2-python-2.7.6-0.37.4 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libxml2-32bit-2.7.6-0.37.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.37.1 libxml2-debugsource-2.7.6-0.37.1 libxml2-python-debuginfo-2.7.6-0.37.4 libxml2-python-debugsource-2.7.6-0.37.4 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.37.1 libxml2-debugsource-2.7.6-0.37.1 libxml2-python-debuginfo-2.7.6-0.37.4 libxml2-python-debugsource-2.7.6-0.37.4 References: https://www.suse.com/security/cve/CVE-2015-8710.html https://bugzilla.suse.com/960674 From sle-security-updates at lists.suse.com Thu Jan 21 09:13:46 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 21 Jan 2016 17:13:46 +0100 (CET) Subject: SUSE-SU-2016:0189-1: moderate: Security update for mozilla-nss Message-ID: <20160121161346.58BFA3213D@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0189-1 Rating: moderate References: #959888 Cross-References: CVE-2015-7575 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mozilla-nss-12348=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-mozilla-nss-12348=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-mozilla-nss-12348=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mozilla-nss-12348=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-mozilla-nss-12348=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mozilla-nss-12348=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-mozilla-nss-12348=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-nss-12348=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-nss-12348=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mozilla-nss-devel-3.19.2.2-22.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): mozilla-nss-devel-3.19.2.2-22.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libfreebl3-3.19.2.2-22.1 libsoftokn3-3.19.2.2-22.1 mozilla-nss-3.19.2.2-22.1 mozilla-nss-tools-3.19.2.2-22.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libfreebl3-32bit-3.19.2.2-22.1 libsoftokn3-32bit-3.19.2.2-22.1 mozilla-nss-32bit-3.19.2.2-22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libfreebl3-3.19.2.2-22.1 libsoftokn3-3.19.2.2-22.1 mozilla-nss-3.19.2.2-22.1 mozilla-nss-tools-3.19.2.2-22.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libfreebl3-32bit-3.19.2.2-22.1 libsoftokn3-32bit-3.19.2.2-22.1 mozilla-nss-32bit-3.19.2.2-22.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.19.2.2-22.1 libsoftokn3-x86-3.19.2.2-22.1 mozilla-nss-x86-3.19.2.2-22.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libfreebl3-3.19.2.2-22.1 libsoftokn3-3.19.2.2-22.1 mozilla-nss-3.19.2.2-22.1 mozilla-nss-tools-3.19.2.2-22.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libfreebl3-32bit-3.19.2.2-22.1 libsoftokn3-32bit-3.19.2.2-22.1 mozilla-nss-32bit-3.19.2.2-22.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libfreebl3-x86-3.19.2.2-22.1 libsoftokn3-x86-3.19.2.2-22.1 mozilla-nss-x86-3.19.2.2-22.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libfreebl3-3.19.2.2-22.1 libsoftokn3-3.19.2.2-22.1 mozilla-nss-3.19.2.2-22.1 mozilla-nss-tools-3.19.2.2-22.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libfreebl3-32bit-3.19.2.2-22.1 libsoftokn3-32bit-3.19.2.2-22.1 mozilla-nss-32bit-3.19.2.2-22.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libfreebl3-3.19.2.2-22.1 libsoftokn3-3.19.2.2-22.1 mozilla-nss-3.19.2.2-22.1 mozilla-nss-tools-3.19.2.2-22.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libfreebl3-32bit-3.19.2.2-22.1 libsoftokn3-32bit-3.19.2.2-22.1 mozilla-nss-32bit-3.19.2.2-22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mozilla-nss-debuginfo-3.19.2.2-22.1 mozilla-nss-debugsource-3.19.2.2-22.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): mozilla-nss-debuginfo-3.19.2.2-22.1 mozilla-nss-debugsource-3.19.2.2-22.1 References: https://www.suse.com/security/cve/CVE-2015-7575.html https://bugzilla.suse.com/959888 From sle-security-updates at lists.suse.com Thu Jan 21 13:11:42 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 21 Jan 2016 21:11:42 +0100 (CET) Subject: SUSE-SU-2016:0192-1: moderate: Security update for giflib Message-ID: <20160121201142.BC9553213D@maintenance.suse.de> SUSE Security Update: Security update for giflib ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0192-1 Rating: moderate References: #960319 Cross-References: CVE-2015-7555 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-giflib-12353=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-giflib-12353=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-giflib-12353=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-giflib-12353=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-giflib-12353=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-giflib-12353=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-giflib-12353=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-giflib-12353=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-giflib-12353=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): giflib-devel-4.1.6-13.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): giflib-devel-32bit-4.1.6-13.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): giflib-devel-4.1.6-13.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): giflib-devel-32bit-4.1.6-13.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): giflib-4.1.6-13.1 giflib-progs-4.1.6-13.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): giflib-32bit-4.1.6-13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): giflib-4.1.6-13.1 giflib-progs-4.1.6-13.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): giflib-32bit-4.1.6-13.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): giflib-x86-4.1.6-13.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): giflib-4.1.6-13.1 giflib-progs-4.1.6-13.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): giflib-32bit-4.1.6-13.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): giflib-x86-4.1.6-13.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): giflib-4.1.6-13.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): giflib-32bit-4.1.6-13.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): giflib-4.1.6-13.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): giflib-32bit-4.1.6-13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): giflib-debuginfo-4.1.6-13.1 giflib-debugsource-4.1.6-13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): giflib-debuginfo-32bit-4.1.6-13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): giflib-debuginfo-x86-4.1.6-13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): giflib-debuginfo-4.1.6-13.1 giflib-debugsource-4.1.6-13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): giflib-debuginfo-32bit-4.1.6-13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): giflib-debuginfo-x86-4.1.6-13.1 References: https://www.suse.com/security/cve/CVE-2015-7555.html https://bugzilla.suse.com/960319 From sle-security-updates at lists.suse.com Fri Jan 22 07:12:26 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 22 Jan 2016 15:12:26 +0100 (CET) Subject: SUSE-SU-2016:0200-1: important: Security update for bind Message-ID: <20160122141226.D62573213D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0200-1 Rating: important References: #962189 Cross-References: CVE-2015-8704 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-12354=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-bind-12354=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-bind-12354=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-12354=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-bind-12354=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bind-12354=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-bind-12354=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-bind-12354=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-12354=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-12354=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-bind-12354=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.22.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.22.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.22.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64): bind-devel-32bit-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): bind-9.9.6P1-0.22.1 bind-chrootenv-9.9.6P1-0.22.1 bind-doc-9.9.6P1-0.22.1 bind-libs-9.9.6P1-0.22.1 bind-utils-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.22.1 bind-chrootenv-9.9.6P1-0.22.1 bind-doc-9.9.6P1-0.22.1 bind-libs-9.9.6P1-0.22.1 bind-utils-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.22.1 bind-chrootenv-9.9.6P1-0.22.1 bind-doc-9.9.6P1-0.22.1 bind-libs-9.9.6P1-0.22.1 bind-utils-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): bind-libs-x86-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.22.1 bind-chrootenv-9.9.6P1-0.22.1 bind-devel-9.9.6P1-0.22.1 bind-doc-9.9.6P1-0.22.1 bind-libs-9.9.6P1-0.22.1 bind-utils-9.9.6P1-0.22.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.22.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): bind-libs-9.9.6P1-0.22.1 bind-utils-9.9.6P1-0.22.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): bind-libs-32bit-9.9.6P1-0.22.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): bind-libs-9.9.6P1-0.22.1 bind-utils-9.9.6P1-0.22.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.22.1 bind-debugsource-9.9.6P1-0.22.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.22.1 bind-debugsource-9.9.6P1-0.22.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.22.1 bind-debugsource-9.9.6P1-0.22.1 References: https://www.suse.com/security/cve/CVE-2015-8704.html https://bugzilla.suse.com/962189 From sle-security-updates at lists.suse.com Fri Jan 22 07:13:30 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 22 Jan 2016 15:13:30 +0100 (CET) Subject: SUSE-SU-2016:0202-1: moderate: Security update for giflib Message-ID: <20160122141330.B04673213D@maintenance.suse.de> SUSE Security Update: Security update for giflib ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0202-1 Rating: moderate References: #949160 #960319 Cross-References: CVE-2015-7555 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for giflib fixes the following issues: - CVE-2015-7555: Heap overflow in giffix (bsc#960319) - bsc#949160: Fix a memory leak Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-136=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-136=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-136=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-136=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-136=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-136=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): giflib-debugsource-5.0.5-7.1 giflib-devel-5.0.5-7.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): giflib-debugsource-5.0.5-7.1 giflib-devel-5.0.5-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): giflib-debugsource-5.0.5-7.1 giflib-progs-5.0.5-7.1 giflib-progs-debuginfo-5.0.5-7.1 libgif6-5.0.5-7.1 libgif6-debuginfo-5.0.5-7.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgif6-32bit-5.0.5-7.1 libgif6-debuginfo-32bit-5.0.5-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): giflib-debugsource-5.0.5-7.1 giflib-progs-5.0.5-7.1 giflib-progs-debuginfo-5.0.5-7.1 libgif6-5.0.5-7.1 libgif6-debuginfo-5.0.5-7.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgif6-32bit-5.0.5-7.1 libgif6-debuginfo-32bit-5.0.5-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): giflib-debugsource-5.0.5-7.1 libgif6-32bit-5.0.5-7.1 libgif6-5.0.5-7.1 libgif6-debuginfo-32bit-5.0.5-7.1 libgif6-debuginfo-5.0.5-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): giflib-debugsource-5.0.5-7.1 libgif6-32bit-5.0.5-7.1 libgif6-5.0.5-7.1 libgif6-debuginfo-32bit-5.0.5-7.1 libgif6-debuginfo-5.0.5-7.1 References: https://www.suse.com/security/cve/CVE-2015-7555.html https://bugzilla.suse.com/949160 https://bugzilla.suse.com/960319 From sle-security-updates at lists.suse.com Fri Jan 22 10:12:29 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 22 Jan 2016 18:12:29 +0100 (CET) Subject: SUSE-SU-2016:0205-1: important: Security update for the Linux Kernel Message-ID: <20160122171229.A28133213D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0205-1 Rating: important References: #962075 Cross-References: CVE-2016-0728 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive a security fix. Following security bug was fixed: - A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075, CVE-2016-0728). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-137=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-137=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-137=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-137=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-137=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-137=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.51-52.39.1 kernel-default-debugsource-3.12.51-52.39.1 kernel-default-extra-3.12.51-52.39.1 kernel-default-extra-debuginfo-3.12.51-52.39.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.51-52.39.1 kernel-obs-build-debugsource-3.12.51-52.39.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.51-52.39.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.51-52.39.1 kernel-default-base-3.12.51-52.39.1 kernel-default-base-debuginfo-3.12.51-52.39.1 kernel-default-debuginfo-3.12.51-52.39.1 kernel-default-debugsource-3.12.51-52.39.1 kernel-default-devel-3.12.51-52.39.1 kernel-syms-3.12.51-52.39.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.51-52.39.1 kernel-xen-base-3.12.51-52.39.1 kernel-xen-base-debuginfo-3.12.51-52.39.1 kernel-xen-debuginfo-3.12.51-52.39.1 kernel-xen-debugsource-3.12.51-52.39.1 kernel-xen-devel-3.12.51-52.39.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.51-52.39.1 kernel-macros-3.12.51-52.39.1 kernel-source-3.12.51-52.39.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.51-52.39.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.51-52.39.1 kernel-ec2-debuginfo-3.12.51-52.39.1 kernel-ec2-debugsource-3.12.51-52.39.1 kernel-ec2-devel-3.12.51-52.39.1 kernel-ec2-extra-3.12.51-52.39.1 kernel-ec2-extra-debuginfo-3.12.51-52.39.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-52_39-default-1-2.3 kgraft-patch-3_12_51-52_39-xen-1-2.3 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.51-52.39.1 kernel-default-debuginfo-3.12.51-52.39.1 kernel-default-debugsource-3.12.51-52.39.1 kernel-default-devel-3.12.51-52.39.1 kernel-default-extra-3.12.51-52.39.1 kernel-default-extra-debuginfo-3.12.51-52.39.1 kernel-syms-3.12.51-52.39.1 kernel-xen-3.12.51-52.39.1 kernel-xen-debuginfo-3.12.51-52.39.1 kernel-xen-debugsource-3.12.51-52.39.1 kernel-xen-devel-3.12.51-52.39.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.51-52.39.1 kernel-macros-3.12.51-52.39.1 kernel-source-3.12.51-52.39.1 References: https://www.suse.com/security/cve/CVE-2016-0728.html https://bugzilla.suse.com/962075 From sle-security-updates at lists.suse.com Mon Jan 25 05:12:04 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Jan 2016 13:12:04 +0100 (CET) Subject: SUSE-SU-2016:0224-1: important: Security update for openldap2 Message-ID: <20160125121204.38CFA3213D@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0224-1 Rating: important References: #937766 #945582 #955210 Cross-References: CVE-2015-4000 CVE-2015-6908 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following security issues: - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582) - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766) It also fixes the following non-security bugs: - bsc#955210: Unresponsive LDAP host lookups in IPv6 environment This update adds the following functionality: - fate#319300: SHA2 password hashing module that can be loaded on-demand. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-139=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-139=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-139=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-139=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-139=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-139=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-139=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-139=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.13.4 openldap2-back-perl-debuginfo-2.4.41-18.13.4 openldap2-client-debuginfo-2.4.41-18.13.1 openldap2-client-debugsource-2.4.41-18.13.1 openldap2-debuginfo-2.4.41-18.13.4 openldap2-debugsource-2.4.41-18.13.4 openldap2-devel-2.4.41-18.13.1 openldap2-devel-static-2.4.41-18.13.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.13.4 openldap2-back-perl-debuginfo-2.4.41-18.13.4 openldap2-client-debuginfo-2.4.41-18.13.1 openldap2-client-debugsource-2.4.41-18.13.1 openldap2-debuginfo-2.4.41-18.13.4 openldap2-debugsource-2.4.41-18.13.4 openldap2-devel-2.4.41-18.13.1 openldap2-devel-static-2.4.41-18.13.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): compat-libldap-2_3-0-2.3.37-18.13.4 compat-libldap-2_3-0-debuginfo-2.3.37-18.13.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.13.1 libldap-2_4-2-debuginfo-2.4.41-18.13.1 openldap2-2.4.41-18.13.4 openldap2-back-meta-2.4.41-18.13.4 openldap2-back-meta-debuginfo-2.4.41-18.13.4 openldap2-client-2.4.41-18.13.1 openldap2-client-debuginfo-2.4.41-18.13.1 openldap2-client-debugsource-2.4.41-18.13.1 openldap2-debuginfo-2.4.41-18.13.4 openldap2-debugsource-2.4.41-18.13.4 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.13.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.13.1 libldap-2_4-2-debuginfo-2.4.41-18.13.1 openldap2-2.4.41-18.13.4 openldap2-back-meta-2.4.41-18.13.4 openldap2-back-meta-debuginfo-2.4.41-18.13.4 openldap2-client-2.4.41-18.13.1 openldap2-client-debuginfo-2.4.41-18.13.1 openldap2-client-debugsource-2.4.41-18.13.1 openldap2-debuginfo-2.4.41-18.13.4 openldap2-debugsource-2.4.41-18.13.4 - SUSE Linux Enterprise Server 12 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.13.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.13.1 - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): compat-libldap-2_3-0-2.3.37-18.13.4 compat-libldap-2_3-0-debuginfo-2.3.37-18.13.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libldap-2_4-2-2.4.41-18.13.1 libldap-2_4-2-32bit-2.4.41-18.13.1 libldap-2_4-2-debuginfo-2.4.41-18.13.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.13.1 openldap2-client-2.4.41-18.13.1 openldap2-client-debuginfo-2.4.41-18.13.1 openldap2-client-debugsource-2.4.41-18.13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libldap-2_4-2-2.4.41-18.13.1 libldap-2_4-2-32bit-2.4.41-18.13.1 libldap-2_4-2-debuginfo-2.4.41-18.13.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.13.1 openldap2-client-2.4.41-18.13.1 openldap2-client-debuginfo-2.4.41-18.13.1 openldap2-client-debugsource-2.4.41-18.13.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-6908.html https://bugzilla.suse.com/937766 https://bugzilla.suse.com/945582 https://bugzilla.suse.com/955210 From sle-security-updates at lists.suse.com Mon Jan 25 05:13:00 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Jan 2016 13:13:00 +0100 (CET) Subject: SUSE-SU-2016:0225-1: moderate: Security update for gdk-pixbuf Message-ID: <20160125121300.46CCD3213D@maintenance.suse.de> SUSE Security Update: Security update for gdk-pixbuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0225-1 Rating: moderate References: #958963 #960155 Cross-References: CVE-2015-7552 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gdk-pixbuf fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issue was fixed: - bsc#960155: fix a possible divide by zero Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-140=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-140=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-140=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-140=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-140=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-140=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.30.6-10.1 gdk-pixbuf-devel-2.30.6-10.1 gdk-pixbuf-devel-debuginfo-2.30.6-10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.30.6-10.1 gdk-pixbuf-devel-2.30.6-10.1 gdk-pixbuf-devel-debuginfo-2.30.6-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.30.6-10.1 gdk-pixbuf-query-loaders-2.30.6-10.1 gdk-pixbuf-query-loaders-debuginfo-2.30.6-10.1 libgdk_pixbuf-2_0-0-2.30.6-10.1 libgdk_pixbuf-2_0-0-debuginfo-2.30.6-10.1 typelib-1_0-GdkPixbuf-2_0-2.30.6-10.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gdk-pixbuf-query-loaders-32bit-2.30.6-10.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-10.1 libgdk_pixbuf-2_0-0-32bit-2.30.6-10.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-10.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gdk-pixbuf-lang-2.30.6-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.30.6-10.1 gdk-pixbuf-query-loaders-2.30.6-10.1 gdk-pixbuf-query-loaders-debuginfo-2.30.6-10.1 libgdk_pixbuf-2_0-0-2.30.6-10.1 libgdk_pixbuf-2_0-0-debuginfo-2.30.6-10.1 typelib-1_0-GdkPixbuf-2_0-2.30.6-10.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): gdk-pixbuf-query-loaders-32bit-2.30.6-10.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-10.1 libgdk_pixbuf-2_0-0-32bit-2.30.6-10.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-10.1 - SUSE Linux Enterprise Server 12 (noarch): gdk-pixbuf-lang-2.30.6-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gdk-pixbuf-debugsource-2.30.6-10.1 gdk-pixbuf-query-loaders-2.30.6-10.1 gdk-pixbuf-query-loaders-32bit-2.30.6-10.1 gdk-pixbuf-query-loaders-debuginfo-2.30.6-10.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-10.1 libgdk_pixbuf-2_0-0-2.30.6-10.1 libgdk_pixbuf-2_0-0-32bit-2.30.6-10.1 libgdk_pixbuf-2_0-0-debuginfo-2.30.6-10.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-10.1 typelib-1_0-GdkPixbuf-2_0-2.30.6-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gdk-pixbuf-lang-2.30.6-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gdk-pixbuf-debugsource-2.30.6-10.1 gdk-pixbuf-query-loaders-2.30.6-10.1 gdk-pixbuf-query-loaders-32bit-2.30.6-10.1 gdk-pixbuf-query-loaders-debuginfo-2.30.6-10.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-10.1 libgdk_pixbuf-2_0-0-2.30.6-10.1 libgdk_pixbuf-2_0-0-32bit-2.30.6-10.1 libgdk_pixbuf-2_0-0-debuginfo-2.30.6-10.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-10.1 typelib-1_0-GdkPixbuf-2_0-2.30.6-10.1 - SUSE Linux Enterprise Desktop 12 (noarch): gdk-pixbuf-lang-2.30.6-10.1 References: https://www.suse.com/security/cve/CVE-2015-7552.html https://bugzilla.suse.com/958963 https://bugzilla.suse.com/960155 From sle-security-updates at lists.suse.com Mon Jan 25 07:11:46 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Jan 2016 15:11:46 +0100 (CET) Subject: SUSE-SU-2016:0227-1: important: Security update for bind Message-ID: <20160125141146.07AC13213D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0227-1 Rating: important References: #939567 #944066 #958861 #962189 Cross-References: CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 CVE-2015-8704 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: This update for bind fixes the following issues: * CVE-2015-8000: Remote denial of service by mis-parsing incoming responses. (bsc#958861) * CVE-2015-5722: DoS against servers performing validation on DNSSEC-signed records. (bsc#944066) * CVE-2015-5477: DoS against authoritative and recursive servers. * CVE-2015-8704: Specific APL data could trigger a crash. (bsc#962189) Security Issues: * CVE-2015-8000 * CVE-2015-5722 * CVE-2015-5477 * CVE-2015-8704 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 9.6ESVR11P1]: bind-9.6ESVR11P1-0.18.1 bind-chrootenv-9.6ESVR11P1-0.18.1 bind-devel-9.6ESVR11P1-0.18.1 bind-doc-9.6ESVR11P1-0.18.1 bind-libs-9.6ESVR11P1-0.18.1 bind-utils-9.6ESVR11P1-0.18.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 9.6ESVR11P1]: bind-libs-32bit-9.6ESVR11P1-0.18.1 References: https://www.suse.com/security/cve/CVE-2015-5477.html https://www.suse.com/security/cve/CVE-2015-5722.html https://www.suse.com/security/cve/CVE-2015-8000.html https://www.suse.com/security/cve/CVE-2015-8704.html https://bugzilla.suse.com/939567 https://bugzilla.suse.com/944066 https://bugzilla.suse.com/958861 https://bugzilla.suse.com/962189 https://download.suse.com/patch/finder/?keywords=6c9cd85bd7aa9140126fe2cf192d0ac0 From sle-security-updates at lists.suse.com Mon Jan 25 07:12:46 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Jan 2016 15:12:46 +0100 (CET) Subject: SUSE-SU-2016:0228-1: moderate: Security update for apache-commons-collections Message-ID: <20160125141246.EF4763213D@maintenance.suse.de> SUSE Security Update: Security update for apache-commons-collections ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0228-1 Rating: moderate References: #954102 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update to apache-commons-collections 3.2.2 fixes the following security issues: * bsc#954102: code execution by unserialization Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-142=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-142=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): apache-commons-collections-3.2.2-6.1 apache-commons-collections-javadoc-3.2.2-6.1 - SUSE Linux Enterprise Server 12 (noarch): apache-commons-collections-3.2.2-6.1 apache-commons-collections-javadoc-3.2.2-6.1 References: https://bugzilla.suse.com/954102 From sle-security-updates at lists.suse.com Mon Jan 25 13:12:28 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Jan 2016 21:12:28 +0100 (CET) Subject: SUSE-SU-2016:0241-1: moderate: Security update for ecryptfs-utils Message-ID: <20160125201228.DD7F23213D@maintenance.suse.de> SUSE Security Update: Security update for ecryptfs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0241-1 Rating: moderate References: #920160 #962052 Cross-References: CVE-2014-9687 CVE-2016-1572 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052) - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-153=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-153=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-153=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-153=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ecryptfs-utils-103-7.1 ecryptfs-utils-debuginfo-103-7.1 ecryptfs-utils-debugsource-103-7.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): ecryptfs-utils-32bit-103-7.1 ecryptfs-utils-debuginfo-32bit-103-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ecryptfs-utils-103-7.1 ecryptfs-utils-debuginfo-103-7.1 ecryptfs-utils-debugsource-103-7.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): ecryptfs-utils-32bit-103-7.1 ecryptfs-utils-debuginfo-32bit-103-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ecryptfs-utils-103-7.1 ecryptfs-utils-32bit-103-7.1 ecryptfs-utils-debuginfo-103-7.1 ecryptfs-utils-debuginfo-32bit-103-7.1 ecryptfs-utils-debugsource-103-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ecryptfs-utils-103-7.1 ecryptfs-utils-32bit-103-7.1 ecryptfs-utils-debuginfo-103-7.1 ecryptfs-utils-debuginfo-32bit-103-7.1 ecryptfs-utils-debugsource-103-7.1 References: https://www.suse.com/security/cve/CVE-2014-9687.html https://www.suse.com/security/cve/CVE-2016-1572.html https://bugzilla.suse.com/920160 https://bugzilla.suse.com/962052 From sle-security-updates at lists.suse.com Mon Jan 25 13:13:05 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 25 Jan 2016 21:13:05 +0100 (CET) Subject: SUSE-SU-2016:0242-1: moderate: Security update for jakarta-commons-collections Message-ID: <20160125201305.EDC013213D@maintenance.suse.de> SUSE Security Update: Security update for jakarta-commons-collections ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0242-1 Rating: moderate References: #954102 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update to jakarta-commons-collections 3.2.2 fixes the following security issues: * bsc#954102 code-execution by unserialization Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-jakarta-commons-collections-12365=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-jakarta-commons-collections-12365=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-jakarta-commons-collections-12365=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): jakarta-commons-collections-3.2.2-88.36.1 jakarta-commons-collections-javadoc-3.2.2-88.36.1 jakarta-commons-collections-tomcat5-3.2.2-88.36.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): jakarta-commons-collections-3.2.2-88.36.1 jakarta-commons-collections-javadoc-3.2.2-88.36.1 jakarta-commons-collections-tomcat5-3.2.2-88.36.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): jakarta-commons-collections-3.2.2-88.36.1 jakarta-commons-collections-javadoc-3.2.2-88.36.1 jakarta-commons-collections-tomcat5-3.2.2-88.36.1 References: https://bugzilla.suse.com/954102 From sle-security-updates at lists.suse.com Wed Jan 27 07:13:38 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 27 Jan 2016 15:13:38 +0100 (CET) Subject: SUSE-SU-2016:0256-1: critical: Security update for java-1_8_0-openjdk Message-ID: <20160127141338.DD4B93213F@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0256-1 Rating: critical References: #960996 #962743 Cross-References: CVE-2015-7575 CVE-2015-8126 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. (bsc#962743) The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-160=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-160=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.72-3.2 java-1_8_0-openjdk-debuginfo-1.8.0.72-3.2 java-1_8_0-openjdk-debugsource-1.8.0.72-3.2 java-1_8_0-openjdk-demo-1.8.0.72-3.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.72-3.2 java-1_8_0-openjdk-devel-1.8.0.72-3.2 java-1_8_0-openjdk-headless-1.8.0.72-3.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.72-3.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.72-3.2 java-1_8_0-openjdk-debuginfo-1.8.0.72-3.2 java-1_8_0-openjdk-debugsource-1.8.0.72-3.2 java-1_8_0-openjdk-headless-1.8.0.72-3.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.72-3.2 References: https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0475.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960996 https://bugzilla.suse.com/962743 From sle-security-updates at lists.suse.com Wed Jan 27 08:11:59 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 27 Jan 2016 16:11:59 +0100 (CET) Subject: SUSE-SU-2016:0257-1: moderate: Security update for mono-core Message-ID: <20160127151159.462E23213F@maintenance.suse.de> SUSE Security Update: Security update for mono-core ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0257-1 Rating: moderate References: #739119 #958097 Cross-References: CVE-2009-0689 CVE-2012-3543 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: mono-core was updated to fix the following vulnerabilities: - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mono-core-12369=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-mono-core-12369=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-mono-core-12369=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mono-core-12369=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-mono-core-12369=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mono-core-12369=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bytefx-data-mysql-2.6.7-0.16.1 mono-data-firebird-2.6.7-0.16.1 mono-data-oracle-2.6.7-0.16.1 mono-data-sybase-2.6.7-0.16.1 mono-devel-2.6.7-0.16.1 mono-extras-2.6.7-0.16.1 mono-jscript-2.6.7-0.16.1 mono-wcf-2.6.7-0.16.1 mono-winfxcore-2.6.7-0.16.1 monodoc-core-2.6.7-0.16.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): mono-core-2.6.7-0.16.1 mono-data-2.6.7-0.16.1 mono-data-postgresql-2.6.7-0.16.1 mono-data-sqlite-2.6.7-0.16.1 mono-locale-extras-2.6.7-0.16.1 mono-nunit-2.6.7-0.16.1 mono-web-2.6.7-0.16.1 mono-winforms-2.6.7-0.16.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x): bytefx-data-mysql-2.6.7-0.16.1 mono-data-firebird-2.6.7-0.16.1 mono-data-oracle-2.6.7-0.16.1 mono-data-sybase-2.6.7-0.16.1 mono-devel-2.6.7-0.16.1 mono-extras-2.6.7-0.16.1 mono-jscript-2.6.7-0.16.1 mono-wcf-2.6.7-0.16.1 mono-winfxcore-2.6.7-0.16.1 monodoc-core-2.6.7-0.16.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64): mono-core-2.6.7-0.16.1 mono-data-2.6.7-0.16.1 mono-data-postgresql-2.6.7-0.16.1 mono-data-sqlite-2.6.7-0.16.1 mono-locale-extras-2.6.7-0.16.1 mono-nunit-2.6.7-0.16.1 mono-web-2.6.7-0.16.1 mono-winforms-2.6.7-0.16.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): mono-core-2.6.7-0.16.1 mono-data-2.6.7-0.16.1 mono-data-postgresql-2.6.7-0.16.1 mono-data-sqlite-2.6.7-0.16.1 mono-locale-extras-2.6.7-0.16.1 mono-nunit-2.6.7-0.16.1 mono-web-2.6.7-0.16.1 mono-winforms-2.6.7-0.16.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mono-core-2.6.7-0.16.1 mono-data-2.6.7-0.16.1 mono-data-postgresql-2.6.7-0.16.1 mono-data-sqlite-2.6.7-0.16.1 mono-locale-extras-2.6.7-0.16.1 mono-nunit-2.6.7-0.16.1 mono-web-2.6.7-0.16.1 mono-winforms-2.6.7-0.16.1 - SUSE Linux Enterprise Server 11-SP3 (ia64 ppc64 s390x): mono-core-2.6.7-0.16.1 mono-data-2.6.7-0.16.1 mono-data-postgresql-2.6.7-0.16.1 mono-data-sqlite-2.6.7-0.16.1 mono-locale-extras-2.6.7-0.16.1 mono-nunit-2.6.7-0.16.1 mono-web-2.6.7-0.16.1 mono-winforms-2.6.7-0.16.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): bytefx-data-mysql-2.6.7-0.16.1 ibm-data-db2-2.6.7-0.16.1 mono-core-2.6.7-0.16.1 mono-data-2.6.7-0.16.1 mono-data-firebird-2.6.7-0.16.1 mono-data-oracle-2.6.7-0.16.1 mono-data-postgresql-2.6.7-0.16.1 mono-data-sqlite-2.6.7-0.16.1 mono-data-sybase-2.6.7-0.16.1 mono-devel-2.6.7-0.16.1 mono-extras-2.6.7-0.16.1 mono-jscript-2.6.7-0.16.1 mono-locale-extras-2.6.7-0.16.1 mono-nunit-2.6.7-0.16.1 mono-wcf-2.6.7-0.16.1 mono-web-2.6.7-0.16.1 mono-winforms-2.6.7-0.16.1 monodoc-core-2.6.7-0.16.1 References: https://www.suse.com/security/cve/CVE-2009-0689.html https://www.suse.com/security/cve/CVE-2012-3543.html https://bugzilla.suse.com/739119 https://bugzilla.suse.com/958097 From sle-security-updates at lists.suse.com Wed Jan 27 11:12:35 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 27 Jan 2016 19:12:35 +0100 (CET) Subject: SUSE-SU-2016:0262-1: important: Security update for openldap2 Message-ID: <20160127181235.D27AB3213F@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0262-1 Rating: important References: #937766 #945582 Cross-References: CVE-2015-4000 CVE-2015-6908 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following security issues: - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582) - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openldap2-20160114-12372=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): openldap2-devel-2.4.26-0.17.23.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-6908.html https://bugzilla.suse.com/937766 https://bugzilla.suse.com/945582 From sle-security-updates at lists.suse.com Wed Jan 27 13:12:12 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 27 Jan 2016 21:12:12 +0100 (CET) Subject: SUSE-SU-2016:0265-1: critical: Security update for java-1_7_0-openjdk Message-ID: <20160127201212.737893213F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0265-1 Rating: critical References: #939523 #960996 #962743 Cross-References: CVE-2015-4871 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions The following bugs were fixed: - bsc#939523: java-1_7_0-openjdk-headless had X dependencies, move libjavagtk to full package Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-169=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-169=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-169=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-169=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.95-24.2 java-1_7_0-openjdk-debuginfo-1.7.0.95-24.2 java-1_7_0-openjdk-debugsource-1.7.0.95-24.2 java-1_7_0-openjdk-demo-1.7.0.95-24.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.95-24.2 java-1_7_0-openjdk-devel-1.7.0.95-24.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.95-24.2 java-1_7_0-openjdk-headless-1.7.0.95-24.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.95-24.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.95-24.2 java-1_7_0-openjdk-debuginfo-1.7.0.95-24.2 java-1_7_0-openjdk-debugsource-1.7.0.95-24.2 java-1_7_0-openjdk-demo-1.7.0.95-24.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.95-24.2 java-1_7_0-openjdk-devel-1.7.0.95-24.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.95-24.2 java-1_7_0-openjdk-headless-1.7.0.95-24.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.95-24.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.95-24.2 java-1_7_0-openjdk-debuginfo-1.7.0.95-24.2 java-1_7_0-openjdk-debugsource-1.7.0.95-24.2 java-1_7_0-openjdk-headless-1.7.0.95-24.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.95-24.2 - SUSE Linux Enterprise Desktop 12 (x86_64): java-1_7_0-openjdk-1.7.0.95-24.2 java-1_7_0-openjdk-debuginfo-1.7.0.95-24.2 java-1_7_0-openjdk-debugsource-1.7.0.95-24.2 java-1_7_0-openjdk-headless-1.7.0.95-24.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.95-24.2 References: https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/939523 https://bugzilla.suse.com/960996 https://bugzilla.suse.com/962743 From sle-security-updates at lists.suse.com Wed Jan 27 13:13:14 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 27 Jan 2016 21:13:14 +0100 (CET) Subject: SUSE-SU-2016:0267-1: moderate: Security update for rubygem-mail-2_4 Message-ID: <20160127201314.DAB313213F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-mail-2_4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0267-1 Rating: moderate References: #959129 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for rubygem-mail-2_4 fixes the following issues: * bsc#959129: SMTP Injection via recipient email addresses Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-rubygem-mail-2_4-12373=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-mail-2_4-12373=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-rubygem-mail-2_4-12373=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-mail-2_4-12373=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-mail-2_4-2.4.4-0.10.2 - SUSE Studio Onsite 1.3 (x86_64): rubygem-mail-2_4-2.4.4-0.10.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): rubygem-mail-2_4-2.4.4-0.10.2 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-mail-2_4-2.4.4-0.10.2 References: https://bugzilla.suse.com/959129 From sle-security-updates at lists.suse.com Wed Jan 27 13:14:11 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 27 Jan 2016 21:14:11 +0100 (CET) Subject: SUSE-SU-2016:0269-1: critical: Security update for java-1_7_0-openjdk Message-ID: <20160127201411.5737B3213F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0269-1 Rating: critical References: #960996 #962743 Cross-References: CVE-2015-4871 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. (bsc#962743) - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 (SLOTH) (bsc#960996) - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT component, addressed by same fix - CVE-2016-0402: Vulnerability in the Networking component related to URL processing - CVE-2016-0448: Vulnerability in the JMX comonent related to attribute processing - CVE-2016-0466: Vulnerability in the JAXP component, related to limits - CVE-2016-0483: Vulnerability in the AWT component related to image decoding - CVE-2016-0494: Vulnerability in 2D component related to font actions Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-java-1_7_0-openjdk-12374=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk-12374=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-java-1_7_0-openjdk-12374=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-java-1_7_0-openjdk-12374=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): java-1_7_0-openjdk-1.7.0.95-0.17.2 java-1_7_0-openjdk-demo-1.7.0.95-0.17.2 java-1_7_0-openjdk-devel-1.7.0.95-0.17.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): java-1_7_0-openjdk-1.7.0.95-0.17.2 java-1_7_0-openjdk-demo-1.7.0.95-0.17.2 java-1_7_0-openjdk-devel-1.7.0.95-0.17.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): java-1_7_0-openjdk-debuginfo-1.7.0.95-0.17.2 java-1_7_0-openjdk-debugsource-1.7.0.95-0.17.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): java-1_7_0-openjdk-debuginfo-1.7.0.95-0.17.2 java-1_7_0-openjdk-debugsource-1.7.0.95-0.17.2 References: https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960996 https://bugzilla.suse.com/962743 From sle-security-updates at lists.suse.com Fri Jan 29 08:11:57 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 29 Jan 2016 16:11:57 +0100 (CET) Subject: SUSE-SU-2016:0282-1: moderate: Security update for gdk2 Message-ID: <20160129151157.150BA27FB4@maintenance.suse.de> SUSE Security Update: Security update for gdk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0282-1 Rating: moderate References: #958963 #960155 Cross-References: CVE-2015-7552 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gdk2 fixes the following security issues: - CVE-2015-7552: various overflows, including heap overflow in flipping bmp files (bsc#958963) The following non-security issues were fixed: - bsc#960155: fix a possible divide by zero Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gtk2-12376=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-gtk2-12376=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-gtk2-12376=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gtk2-12376=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-gtk2-12376=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-gtk2-12376=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-gtk2-12376=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gtk2-12376=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-devel-2.18.9-0.39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): gtk2-devel-32bit-2.18.9-0.39.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): gtk2-devel-2.18.9-0.39.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64): gtk2-devel-32bit-2.18.9-0.39.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): gtk2-2.18.9-0.39.1 gtk2-doc-2.18.9-0.39.1 gtk2-lang-2.18.9-0.39.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): gtk2-32bit-2.18.9-0.39.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-2.18.9-0.39.1 gtk2-doc-2.18.9-0.39.1 gtk2-lang-2.18.9-0.39.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gtk2-32bit-2.18.9-0.39.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): gtk2-x86-2.18.9-0.39.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): gtk2-2.18.9-0.39.1 gtk2-doc-2.18.9-0.39.1 gtk2-lang-2.18.9-0.39.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): gtk2-32bit-2.18.9-0.39.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): gtk2-x86-2.18.9-0.39.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): gtk2-2.18.9-0.39.1 gtk2-lang-2.18.9-0.39.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): gtk2-32bit-2.18.9-0.39.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): gtk2-2.18.9-0.39.1 gtk2-lang-2.18.9-0.39.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): gtk2-32bit-2.18.9-0.39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-debuginfo-2.18.9-0.39.1 gtk2-debugsource-2.18.9-0.39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): gtk2-debuginfo-32bit-2.18.9-0.39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gtk2-debuginfo-x86-2.18.9-0.39.1 References: https://www.suse.com/security/cve/CVE-2015-7552.html https://bugzilla.suse.com/958963 https://bugzilla.suse.com/960155 From sle-security-updates at lists.suse.com Fri Jan 29 08:13:08 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 29 Jan 2016 16:13:08 +0100 (CET) Subject: SUSE-SU-2016:0284-1: moderate: Security update for php5 Message-ID: <20160129151308.9DC3D28010@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0284-1 Rating: moderate References: #949961 #962057 Cross-References: CVE-2015-7803 CVE-2016-1903 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php5 fixes the following issues: - CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service (DoS) [bsc#949961] - CVE-2016-1903: Specially crafted image files could could allow remote attackers read unspecified memory when rotating images [bsc#962057] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-174=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-174=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-174=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-42.2 php5-debugsource-5.5.14-42.2 php5-devel-5.5.14-42.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-42.2 php5-debugsource-5.5.14-42.2 php5-devel-5.5.14-42.2 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-42.2 apache2-mod_php5-debuginfo-5.5.14-42.2 php5-5.5.14-42.2 php5-bcmath-5.5.14-42.2 php5-bcmath-debuginfo-5.5.14-42.2 php5-bz2-5.5.14-42.2 php5-bz2-debuginfo-5.5.14-42.2 php5-calendar-5.5.14-42.2 php5-calendar-debuginfo-5.5.14-42.2 php5-ctype-5.5.14-42.2 php5-ctype-debuginfo-5.5.14-42.2 php5-curl-5.5.14-42.2 php5-curl-debuginfo-5.5.14-42.2 php5-dba-5.5.14-42.2 php5-dba-debuginfo-5.5.14-42.2 php5-debuginfo-5.5.14-42.2 php5-debugsource-5.5.14-42.2 php5-dom-5.5.14-42.2 php5-dom-debuginfo-5.5.14-42.2 php5-enchant-5.5.14-42.2 php5-enchant-debuginfo-5.5.14-42.2 php5-exif-5.5.14-42.2 php5-exif-debuginfo-5.5.14-42.2 php5-fastcgi-5.5.14-42.2 php5-fastcgi-debuginfo-5.5.14-42.2 php5-fileinfo-5.5.14-42.2 php5-fileinfo-debuginfo-5.5.14-42.2 php5-fpm-5.5.14-42.2 php5-fpm-debuginfo-5.5.14-42.2 php5-ftp-5.5.14-42.2 php5-ftp-debuginfo-5.5.14-42.2 php5-gd-5.5.14-42.2 php5-gd-debuginfo-5.5.14-42.2 php5-gettext-5.5.14-42.2 php5-gettext-debuginfo-5.5.14-42.2 php5-gmp-5.5.14-42.2 php5-gmp-debuginfo-5.5.14-42.2 php5-iconv-5.5.14-42.2 php5-iconv-debuginfo-5.5.14-42.2 php5-intl-5.5.14-42.2 php5-intl-debuginfo-5.5.14-42.2 php5-json-5.5.14-42.2 php5-json-debuginfo-5.5.14-42.2 php5-ldap-5.5.14-42.2 php5-ldap-debuginfo-5.5.14-42.2 php5-mbstring-5.5.14-42.2 php5-mbstring-debuginfo-5.5.14-42.2 php5-mcrypt-5.5.14-42.2 php5-mcrypt-debuginfo-5.5.14-42.2 php5-mysql-5.5.14-42.2 php5-mysql-debuginfo-5.5.14-42.2 php5-odbc-5.5.14-42.2 php5-odbc-debuginfo-5.5.14-42.2 php5-opcache-5.5.14-42.2 php5-opcache-debuginfo-5.5.14-42.2 php5-openssl-5.5.14-42.2 php5-openssl-debuginfo-5.5.14-42.2 php5-pcntl-5.5.14-42.2 php5-pcntl-debuginfo-5.5.14-42.2 php5-pdo-5.5.14-42.2 php5-pdo-debuginfo-5.5.14-42.2 php5-pgsql-5.5.14-42.2 php5-pgsql-debuginfo-5.5.14-42.2 php5-posix-5.5.14-42.2 php5-posix-debuginfo-5.5.14-42.2 php5-pspell-5.5.14-42.2 php5-pspell-debuginfo-5.5.14-42.2 php5-shmop-5.5.14-42.2 php5-shmop-debuginfo-5.5.14-42.2 php5-snmp-5.5.14-42.2 php5-snmp-debuginfo-5.5.14-42.2 php5-soap-5.5.14-42.2 php5-soap-debuginfo-5.5.14-42.2 php5-sockets-5.5.14-42.2 php5-sockets-debuginfo-5.5.14-42.2 php5-sqlite-5.5.14-42.2 php5-sqlite-debuginfo-5.5.14-42.2 php5-suhosin-5.5.14-42.2 php5-suhosin-debuginfo-5.5.14-42.2 php5-sysvmsg-5.5.14-42.2 php5-sysvmsg-debuginfo-5.5.14-42.2 php5-sysvsem-5.5.14-42.2 php5-sysvsem-debuginfo-5.5.14-42.2 php5-sysvshm-5.5.14-42.2 php5-sysvshm-debuginfo-5.5.14-42.2 php5-tokenizer-5.5.14-42.2 php5-tokenizer-debuginfo-5.5.14-42.2 php5-wddx-5.5.14-42.2 php5-wddx-debuginfo-5.5.14-42.2 php5-xmlreader-5.5.14-42.2 php5-xmlreader-debuginfo-5.5.14-42.2 php5-xmlrpc-5.5.14-42.2 php5-xmlrpc-debuginfo-5.5.14-42.2 php5-xmlwriter-5.5.14-42.2 php5-xmlwriter-debuginfo-5.5.14-42.2 php5-xsl-5.5.14-42.2 php5-xsl-debuginfo-5.5.14-42.2 php5-zip-5.5.14-42.2 php5-zip-debuginfo-5.5.14-42.2 php5-zlib-5.5.14-42.2 php5-zlib-debuginfo-5.5.14-42.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-42.2 References: https://www.suse.com/security/cve/CVE-2015-7803.html https://www.suse.com/security/cve/CVE-2016-1903.html https://bugzilla.suse.com/949961 https://bugzilla.suse.com/962057 From sle-security-updates at lists.suse.com Sat Jan 30 16:11:47 2016 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 31 Jan 2016 00:11:47 +0100 (CET) Subject: SUSE-SU-2016:0290-1: moderate: Security update for ecryptfs-utils Message-ID: <20160130231147.A8B843213F@maintenance.suse.de> SUSE Security Update: Security update for ecryptfs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0290-1 Rating: moderate References: #920160 #962052 Cross-References: CVE-2014-9687 CVE-2016-1572 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems (bsc#962052) - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks (bsc#920160) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-ecryptfs-utils-12379=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ecryptfs-utils-12379=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-ecryptfs-utils-12379=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-ecryptfs-utils-12379=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-ecryptfs-utils-12379=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ecryptfs-utils-12379=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ecryptfs-utils-12379=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): ecryptfs-utils-61-1.35.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): ecryptfs-utils-32bit-61-1.35.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ecryptfs-utils-61-1.35.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): ecryptfs-utils-32bit-61-1.35.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): ecryptfs-utils-x86-61-1.35.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): ecryptfs-utils-61-1.35.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): ecryptfs-utils-32bit-61-1.35.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): ecryptfs-utils-x86-61-1.35.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): ecryptfs-utils-61-1.35.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): ecryptfs-utils-32bit-61-1.35.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): ecryptfs-utils-61-1.35.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): ecryptfs-utils-32bit-61-1.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ecryptfs-utils-debuginfo-61-1.35.1 ecryptfs-utils-debugsource-61-1.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 x86_64): ecryptfs-utils-debuginfo-32bit-61-1.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): ecryptfs-utils-debuginfo-x86-61-1.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): ecryptfs-utils-debuginfo-61-1.35.1 ecryptfs-utils-debugsource-61-1.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 x86_64): ecryptfs-utils-debuginfo-32bit-61-1.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): ecryptfs-utils-debuginfo-x86-61-1.35.1 References: https://www.suse.com/security/cve/CVE-2014-9687.html https://www.suse.com/security/cve/CVE-2016-1572.html https://bugzilla.suse.com/920160 https://bugzilla.suse.com/962052