From sle-security-updates at lists.suse.com Mon Apr 3 13:08:51 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Apr 2017 21:08:51 +0200 (CEST) Subject: SUSE-SU-2017:0912-1: important: Security update for the Linux Kernel Message-ID: <20170403190851.F0457FF5E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0912-1 Rating: important References: #1027565 Cross-References: CVE-2017-2636 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege escalation (bnc#1027565) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-13047=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-13047=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13047=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13047=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-97.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-97.1 kernel-default-base-3.0.101-97.1 kernel-default-devel-3.0.101-97.1 kernel-source-3.0.101-97.1 kernel-syms-3.0.101-97.1 kernel-trace-3.0.101-97.1 kernel-trace-base-3.0.101-97.1 kernel-trace-devel-3.0.101-97.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-97.1 kernel-ec2-base-3.0.101-97.1 kernel-ec2-devel-3.0.101-97.1 kernel-xen-3.0.101-97.1 kernel-xen-base-3.0.101-97.1 kernel-xen-devel-3.0.101-97.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-97.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-97.1 kernel-bigmem-base-3.0.101-97.1 kernel-bigmem-devel-3.0.101-97.1 kernel-ppc64-3.0.101-97.1 kernel-ppc64-base-3.0.101-97.1 kernel-ppc64-devel-3.0.101-97.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-97.1 kernel-pae-base-3.0.101-97.1 kernel-pae-devel-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-97.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-97.1 kernel-default-debugsource-3.0.101-97.1 kernel-trace-debuginfo-3.0.101-97.1 kernel-trace-debugsource-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-97.1 kernel-trace-devel-debuginfo-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-97.1 kernel-ec2-debugsource-3.0.101-97.1 kernel-xen-debuginfo-3.0.101-97.1 kernel-xen-debugsource-3.0.101-97.1 kernel-xen-devel-debuginfo-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-97.1 kernel-bigmem-debugsource-3.0.101-97.1 kernel-ppc64-debuginfo-3.0.101-97.1 kernel-ppc64-debugsource-3.0.101-97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-97.1 kernel-pae-debugsource-3.0.101-97.1 kernel-pae-devel-debuginfo-3.0.101-97.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://bugzilla.suse.com/1027565 From sle-security-updates at lists.suse.com Mon Apr 3 13:09:20 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Apr 2017 21:09:20 +0200 (CEST) Subject: SUSE-SU-2017:0913-1: important: Security update for the Linux Kernel Message-ID: <20170403190920.DE5C1FF5E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0913-1 Rating: important References: #1027565 Cross-References: CVE-2017-2636 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following security bug: CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege escalation (bnc#1027565) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-kernel-13048=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-kernel-13048=1 - SUSE Manager 2.1: zypper in -t patch sleman21-kernel-13048=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13048=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13048=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13048=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13048=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): kernel-bigsmp-3.0.101-0.47.99.1 kernel-bigsmp-base-3.0.101-0.47.99.1 kernel-bigsmp-devel-3.0.101-0.47.99.1 kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Manager Proxy 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.99.1 kernel-bigsmp-base-3.0.101-0.47.99.1 kernel-bigsmp-devel-3.0.101-0.47.99.1 kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Manager 2.1 (s390x x86_64): kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 - SUSE Manager 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.99.1 kernel-bigsmp-base-3.0.101-0.47.99.1 kernel-bigsmp-devel-3.0.101-0.47.99.1 kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Manager 2.1 (s390x): kernel-default-man-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.99.1 kernel-bigsmp-base-3.0.101-0.47.99.1 kernel-bigsmp-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.99.1 kernel-pae-base-3.0.101-0.47.99.1 kernel-pae-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.99.1 kernel-trace-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.99.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.99.1 kernel-default-base-3.0.101-0.47.99.1 kernel-default-devel-3.0.101-0.47.99.1 kernel-ec2-3.0.101-0.47.99.1 kernel-ec2-base-3.0.101-0.47.99.1 kernel-ec2-devel-3.0.101-0.47.99.1 kernel-pae-3.0.101-0.47.99.1 kernel-pae-base-3.0.101-0.47.99.1 kernel-pae-devel-3.0.101-0.47.99.1 kernel-source-3.0.101-0.47.99.1 kernel-syms-3.0.101-0.47.99.1 kernel-trace-3.0.101-0.47.99.1 kernel-trace-base-3.0.101-0.47.99.1 kernel-trace-devel-3.0.101-0.47.99.1 kernel-xen-3.0.101-0.47.99.1 kernel-xen-base-3.0.101-0.47.99.1 kernel-xen-devel-3.0.101-0.47.99.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.99.1 kernel-default-debugsource-3.0.101-0.47.99.1 kernel-trace-debuginfo-3.0.101-0.47.99.1 kernel-trace-debugsource-3.0.101-0.47.99.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.99.1 kernel-ec2-debugsource-3.0.101-0.47.99.1 kernel-xen-debuginfo-3.0.101-0.47.99.1 kernel-xen-debugsource-3.0.101-0.47.99.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.99.1 kernel-bigsmp-debugsource-3.0.101-0.47.99.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.99.1 kernel-pae-debugsource-3.0.101-0.47.99.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://bugzilla.suse.com/1027565 From sle-security-updates at lists.suse.com Mon Apr 3 13:09:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 3 Apr 2017 21:09:44 +0200 (CEST) Subject: SUSE-SU-2017:0914-1: important: Security update for ruby19 Message-ID: <20170403190944.65F17FF5E@maintenance.suse.de> SUSE Security Update: Security update for ruby19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0914-1 Rating: important References: #1018808 #986630 Cross-References: CVE-2016-2339 Affected Products: SUSE Studio Onsite Runner 1.3 SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ruby19 fixes the following issues: Security issue fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) Bugfixes: - fix small mistake in the backport for (bsc#986630) - HTTP Header injection in 'net/http' (bsc#986630) - make the testsuite work with our new openssl requirements Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite Runner 1.3: zypper in -t patch slestso13-ruby19-13046=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby19-13046=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite Runner 1.3 (s390x): ruby19-1.9.3.p392-0.26.1 - SUSE Studio Onsite 1.3 (x86_64): ruby19-1.9.3.p392-0.26.1 ruby19-devel-1.9.3.p392-0.26.1 ruby19-devel-extra-1.9.3.p392-0.26.1 References: https://www.suse.com/security/cve/CVE-2016-2339.html https://bugzilla.suse.com/1018808 https://bugzilla.suse.com/986630 From sle-security-updates at lists.suse.com Tue Apr 4 07:08:51 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 4 Apr 2017 15:08:51 +0200 (CEST) Subject: SUSE-SU-2017:0918-1: moderate: Security update for GraphicsMagick Message-ID: <20170404130851.13B24FFB9@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0918-1 Rating: moderate References: #1027255 Cross-References: CVE-2017-6335 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2017-6335: Heap out of bounds write issue when reading CMYKA TIFF files which claim to offer fewer samples per pixel than required (bsc#1027255). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13049=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13049=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13049=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.65.1 libGraphicsMagick2-1.2.5-4.65.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.65.1 libGraphicsMagick2-1.2.5-4.65.1 perl-GraphicsMagick-1.2.5-4.65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.65.1 GraphicsMagick-debugsource-1.2.5-4.65.1 References: https://www.suse.com/security/cve/CVE-2017-6335.html https://bugzilla.suse.com/1027255 From sle-security-updates at lists.suse.com Wed Apr 5 10:17:31 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Apr 2017 18:17:31 +0200 (CEST) Subject: SUSE-SU-2017:0940-1: Security update for audiofile Message-ID: <20170405161731.D08D8FF5E@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0940-1 Rating: low References: #1026978 #1026979 #1026980 #1026981 #1026982 #1026983 #1026984 #1026985 #1026986 #1026987 #1026988 #949399 Cross-References: CVE-2015-7747 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This audiofile update fixes the following issue: Security issues fixed: - CVE-2015-7747: Fixed buffer overflow issue when changing both number of channels and sample format. (bsc#949399) - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-542=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-542=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-542=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-542=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-542=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-542=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-542=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 audiofile-devel-0.3.6-10.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 audiofile-devel-0.3.6-10.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libaudiofile1-32bit-0.3.6-10.1 libaudiofile1-debuginfo-32bit-0.3.6-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libaudiofile1-32bit-0.3.6-10.1 libaudiofile1-debuginfo-32bit-0.3.6-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-32bit-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 libaudiofile1-debuginfo-32bit-0.3.6-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): audiofile-0.3.6-10.1 audiofile-debuginfo-0.3.6-10.1 audiofile-debugsource-0.3.6-10.1 libaudiofile1-0.3.6-10.1 libaudiofile1-32bit-0.3.6-10.1 libaudiofile1-debuginfo-0.3.6-10.1 libaudiofile1-debuginfo-32bit-0.3.6-10.1 References: https://www.suse.com/security/cve/CVE-2015-7747.html https://www.suse.com/security/cve/CVE-2017-6827.html https://www.suse.com/security/cve/CVE-2017-6828.html https://www.suse.com/security/cve/CVE-2017-6829.html https://www.suse.com/security/cve/CVE-2017-6830.html https://www.suse.com/security/cve/CVE-2017-6831.html https://www.suse.com/security/cve/CVE-2017-6832.html https://www.suse.com/security/cve/CVE-2017-6833.html https://www.suse.com/security/cve/CVE-2017-6834.html https://www.suse.com/security/cve/CVE-2017-6835.html https://www.suse.com/security/cve/CVE-2017-6836.html https://www.suse.com/security/cve/CVE-2017-6837.html https://www.suse.com/security/cve/CVE-2017-6838.html https://www.suse.com/security/cve/CVE-2017-6839.html https://bugzilla.suse.com/1026978 https://bugzilla.suse.com/1026979 https://bugzilla.suse.com/1026980 https://bugzilla.suse.com/1026981 https://bugzilla.suse.com/1026982 https://bugzilla.suse.com/1026983 https://bugzilla.suse.com/1026984 https://bugzilla.suse.com/1026985 https://bugzilla.suse.com/1026986 https://bugzilla.suse.com/1026987 https://bugzilla.suse.com/1026988 https://bugzilla.suse.com/949399 From sle-security-updates at lists.suse.com Wed Apr 5 13:08:05 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Apr 2017 21:08:05 +0200 (CEST) Subject: SUSE-SU-2017:0945-1: moderate: Security update for gimp Message-ID: <20170405190805.6EF1AFEA8@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0945-1 Rating: moderate References: #1025717 #1032241 Cross-References: CVE-2007-3126 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gimp fixes the following issues: This security issue was fixed: - CVE-2007-3126: Context-dependent attackers were able to cause a denial of service via an ICO file with an InfoHeader containing a Height of zero (bsc#1032241). These non-security issues were fixed: - bsc#1025717: Prefer lcms2 over lcms1 if both are available - bgo#593576: Preven crash in PDF Import filter when importing large image PDF or specifying high resolution Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-545=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-545=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-545=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gimp-lang-2.8.18-8.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gimp-2.8.18-8.1 gimp-debuginfo-2.8.18-8.1 gimp-debugsource-2.8.18-8.1 gimp-plugins-python-2.8.18-8.1 gimp-plugins-python-debuginfo-2.8.18-8.1 libgimp-2_0-0-2.8.18-8.1 libgimp-2_0-0-debuginfo-2.8.18-8.1 libgimpui-2_0-0-2.8.18-8.1 libgimpui-2_0-0-debuginfo-2.8.18-8.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gimp-debuginfo-2.8.18-8.1 gimp-debugsource-2.8.18-8.1 gimp-devel-2.8.18-8.1 gimp-devel-debuginfo-2.8.18-8.1 libgimp-2_0-0-2.8.18-8.1 libgimp-2_0-0-debuginfo-2.8.18-8.1 libgimpui-2_0-0-2.8.18-8.1 libgimpui-2_0-0-debuginfo-2.8.18-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gimp-2.8.18-8.1 gimp-debuginfo-2.8.18-8.1 gimp-debugsource-2.8.18-8.1 gimp-plugins-python-2.8.18-8.1 gimp-plugins-python-debuginfo-2.8.18-8.1 libgimp-2_0-0-2.8.18-8.1 libgimp-2_0-0-debuginfo-2.8.18-8.1 libgimpui-2_0-0-2.8.18-8.1 libgimpui-2_0-0-debuginfo-2.8.18-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gimp-lang-2.8.18-8.1 References: https://www.suse.com/security/cve/CVE-2007-3126.html https://bugzilla.suse.com/1025717 https://bugzilla.suse.com/1032241 From sle-security-updates at lists.suse.com Wed Apr 5 13:08:41 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 5 Apr 2017 21:08:41 +0200 (CEST) Subject: SUSE-SU-2017:0946-1: important: Security update for jasper Message-ID: <20170405190841.7E8D8FEA8@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0946-1 Rating: important References: #1010977 #1010979 #1011830 #1012530 #1015400 #1015993 #1018088 #1020353 #1021868 #1029497 Cross-References: CVE-2016-10251 CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec (bsc#1012530) - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment (bsc#1010977). - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2(int): Assertion 'x > 0' failed. (bsc#1010979) - CVE-2016-9560: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) (bsc#1011830) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy (bsc#1015993) - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-jasper-13051=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-jasper-13051=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-jasper-13051=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libjasper-devel-1.900.14-134.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libjasper-1.900.14-134.32.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libjasper-32bit-1.900.14-134.32.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libjasper-x86-1.900.14-134.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): jasper-debuginfo-1.900.14-134.32.1 jasper-debugsource-1.900.14-134.32.1 References: https://www.suse.com/security/cve/CVE-2016-10251.html https://www.suse.com/security/cve/CVE-2016-8654.html https://www.suse.com/security/cve/CVE-2016-9395.html https://www.suse.com/security/cve/CVE-2016-9398.html https://www.suse.com/security/cve/CVE-2016-9560.html https://www.suse.com/security/cve/CVE-2016-9583.html https://www.suse.com/security/cve/CVE-2016-9591.html https://www.suse.com/security/cve/CVE-2016-9600.html https://www.suse.com/security/cve/CVE-2017-5498.html https://www.suse.com/security/cve/CVE-2017-6850.html https://bugzilla.suse.com/1010977 https://bugzilla.suse.com/1010979 https://bugzilla.suse.com/1011830 https://bugzilla.suse.com/1012530 https://bugzilla.suse.com/1015400 https://bugzilla.suse.com/1015993 https://bugzilla.suse.com/1018088 https://bugzilla.suse.com/1020353 https://bugzilla.suse.com/1021868 https://bugzilla.suse.com/1029497 From sle-security-updates at lists.suse.com Thu Apr 6 07:10:43 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Apr 2017 15:10:43 +0200 (CEST) Subject: SUSE-SU-2017:0948-1: moderate: Security update for ruby Message-ID: <20170406131043.93EC7FEA8@maintenance.suse.de> SUSE Security Update: Security update for ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0948-1 Rating: moderate References: #926974 #959495 #986630 Cross-References: CVE-2015-1855 CVE-2015-7551 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification (bsc#926974) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) Bugfixes: - fix small mistake in the backport for (bsc#986630) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-ruby-13052=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby-13052=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ruby-13052=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ruby-13052=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ruby-13052=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-ruby-13052=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.19.1 - SUSE Studio Onsite 1.3 (x86_64): ruby-devel-1.8.7.p357-0.9.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.19.1 ruby-doc-html-1.8.7.p357-0.9.19.1 ruby-doc-ri-1.8.7.p357-0.9.19.1 ruby-examples-1.8.7.p357-0.9.19.1 ruby-test-suite-1.8.7.p357-0.9.19.1 ruby-tk-1.8.7.p357-0.9.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.19.1 ruby-doc-html-1.8.7.p357-0.9.19.1 ruby-tk-1.8.7.p357-0.9.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ruby-debuginfo-1.8.7.p357-0.9.19.1 ruby-debugsource-1.8.7.p357-0.9.19.1 - SUSE Lifecycle Management Server 1.3 (x86_64): ruby-devel-1.8.7.p357-0.9.19.1 References: https://www.suse.com/security/cve/CVE-2015-1855.html https://www.suse.com/security/cve/CVE-2015-7551.html https://bugzilla.suse.com/926974 https://bugzilla.suse.com/959495 https://bugzilla.suse.com/986630 From sle-security-updates at lists.suse.com Thu Apr 6 07:11:55 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Apr 2017 15:11:55 +0200 (CEST) Subject: SUSE-SU-2017:0950-1: moderate: Security update for libpng15 Message-ID: <20170406131155.6F955F7CD@maintenance.suse.de> SUSE Security Update: Security update for libpng15 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0950-1 Rating: moderate References: #1017646 #958791 Cross-References: CVE-2015-8540 CVE-2016-10087 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libpng15 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-548=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-548=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-548=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-548=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-548=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpng15-15-1.5.22-9.1 libpng15-15-debuginfo-1.5.22-9.1 libpng15-debugsource-1.5.22-9.1 References: https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-10087.html https://bugzilla.suse.com/1017646 https://bugzilla.suse.com/958791 From sle-security-updates at lists.suse.com Thu Apr 6 07:12:26 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Apr 2017 15:12:26 +0200 (CEST) Subject: SUSE-SU-2017:0951-1: moderate: Security update for dracut Message-ID: <20170406131226.75A6CF7CD@maintenance.suse.de> SUSE Security Update: Security update for dracut ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0951-1 Rating: moderate References: #1005410 #1006118 #1007925 #1008340 #1008648 #1017141 #1017695 #1019938 #1020063 #1021687 #902375 Cross-References: CVE-2016-8637 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for dracut fixes the following issues: Security issues fixed: - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340) Non security issues fixed: - Remove zlib module as requirement. (bsc#1020063) - Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938) - Resolve symbolic links for -i and -k parameters. (bsc#902375) - Enhance purge-kernels script to handle kgraft patches. (bsc#1017141) - Allow booting from degraded MD arrays with systemd. (bsc#1017695) - Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687) - Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925) - Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-547=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-547=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-547=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-547=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dracut-044-108.1 dracut-debuginfo-044-108.1 dracut-debugsource-044-108.1 dracut-fips-044-108.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dracut-044-108.1 dracut-debuginfo-044-108.1 dracut-debugsource-044-108.1 dracut-fips-044-108.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dracut-044-108.1 dracut-debuginfo-044-108.1 dracut-debugsource-044-108.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): dracut-044-108.1 dracut-debuginfo-044-108.1 dracut-debugsource-044-108.1 References: https://www.suse.com/security/cve/CVE-2016-8637.html https://bugzilla.suse.com/1005410 https://bugzilla.suse.com/1006118 https://bugzilla.suse.com/1007925 https://bugzilla.suse.com/1008340 https://bugzilla.suse.com/1008648 https://bugzilla.suse.com/1017141 https://bugzilla.suse.com/1017695 https://bugzilla.suse.com/1019938 https://bugzilla.suse.com/1020063 https://bugzilla.suse.com/1021687 https://bugzilla.suse.com/902375 From sle-security-updates at lists.suse.com Thu Apr 6 10:10:22 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 6 Apr 2017 18:10:22 +0200 (CEST) Subject: SUSE-SU-2017:0953-1: moderate: Security update for jasper Message-ID: <20170406161022.4DF69F7D1@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0953-1 Rating: moderate References: #1015400 #1018088 #1020353 #1021868 #1029497 Cross-References: CVE-2016-10251 CVE-2016-9583 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-551=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-551=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-551=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-551=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-551=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-551=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-551=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper-devel-1.900.14-194.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper-devel-1.900.14-194.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libjasper1-32bit-1.900.14-194.1 libjasper1-debuginfo-32bit-1.900.14-194.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libjasper1-32bit-1.900.14-194.1 libjasper1-debuginfo-32bit-1.900.14-194.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-32bit-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 libjasper1-debuginfo-32bit-1.900.14-194.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): jasper-debuginfo-1.900.14-194.1 jasper-debugsource-1.900.14-194.1 libjasper1-1.900.14-194.1 libjasper1-32bit-1.900.14-194.1 libjasper1-debuginfo-1.900.14-194.1 libjasper1-debuginfo-32bit-1.900.14-194.1 References: https://www.suse.com/security/cve/CVE-2016-10251.html https://www.suse.com/security/cve/CVE-2016-9583.html https://www.suse.com/security/cve/CVE-2016-9600.html https://www.suse.com/security/cve/CVE-2017-5498.html https://www.suse.com/security/cve/CVE-2017-6850.html https://bugzilla.suse.com/1015400 https://bugzilla.suse.com/1018088 https://bugzilla.suse.com/1020353 https://bugzilla.suse.com/1021868 https://bugzilla.suse.com/1029497 From sle-security-updates at lists.suse.com Fri Apr 7 07:11:17 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Apr 2017 15:11:17 +0200 (CEST) Subject: SUSE-SU-2017:0962-1: Security update for gstreamer-plugins-bad Message-ID: <20170407131117.1F6EFFC53@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-bad ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0962-1 Rating: low References: #1024044 #1024068 Cross-References: CVE-2017-5843 CVE-2017-5848 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed: - CVE-2017-5843: set stream tags to NULL after unrefing (bsc#1024044). - CVE-2017-5848: rewrite PSM parsing to add bounds checking (bsc#1024068). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-554=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-554=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-554=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-554=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-bad-debuginfo-1.8.3-17.2 gstreamer-plugins-bad-debugsource-1.8.3-17.2 gstreamer-plugins-bad-devel-1.8.3-17.2 libgstinsertbin-1_0-0-1.8.3-17.2 libgstinsertbin-1_0-0-debuginfo-1.8.3-17.2 libgsturidownloader-1_0-0-1.8.3-17.2 libgsturidownloader-1_0-0-debuginfo-1.8.3-17.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-bad-1.8.3-17.2 gstreamer-plugins-bad-debuginfo-1.8.3-17.2 gstreamer-plugins-bad-debugsource-1.8.3-17.2 libgstadaptivedemux-1_0-0-1.8.3-17.2 libgstadaptivedemux-1_0-0-debuginfo-1.8.3-17.2 libgstbadaudio-1_0-0-1.8.3-17.2 libgstbadaudio-1_0-0-debuginfo-1.8.3-17.2 libgstbadbase-1_0-0-1.8.3-17.2 libgstbadbase-1_0-0-debuginfo-1.8.3-17.2 libgstbadvideo-1_0-0-1.8.3-17.2 libgstbadvideo-1_0-0-debuginfo-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-17.2 libgstcodecparsers-1_0-0-1.8.3-17.2 libgstcodecparsers-1_0-0-debuginfo-1.8.3-17.2 libgstgl-1_0-0-1.8.3-17.2 libgstgl-1_0-0-debuginfo-1.8.3-17.2 libgstmpegts-1_0-0-1.8.3-17.2 libgstmpegts-1_0-0-debuginfo-1.8.3-17.2 libgstphotography-1_0-0-1.8.3-17.2 libgstphotography-1_0-0-debuginfo-1.8.3-17.2 libgsturidownloader-1_0-0-1.8.3-17.2 libgsturidownloader-1_0-0-debuginfo-1.8.3-17.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-bad-lang-1.8.3-17.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-bad-1.8.3-17.2 gstreamer-plugins-bad-debuginfo-1.8.3-17.2 gstreamer-plugins-bad-debugsource-1.8.3-17.2 libgstadaptivedemux-1_0-0-1.8.3-17.2 libgstadaptivedemux-1_0-0-debuginfo-1.8.3-17.2 libgstbadaudio-1_0-0-1.8.3-17.2 libgstbadaudio-1_0-0-debuginfo-1.8.3-17.2 libgstbadbase-1_0-0-1.8.3-17.2 libgstbadbase-1_0-0-debuginfo-1.8.3-17.2 libgstbadvideo-1_0-0-1.8.3-17.2 libgstbadvideo-1_0-0-debuginfo-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-17.2 libgstcodecparsers-1_0-0-1.8.3-17.2 libgstcodecparsers-1_0-0-debuginfo-1.8.3-17.2 libgstgl-1_0-0-1.8.3-17.2 libgstgl-1_0-0-debuginfo-1.8.3-17.2 libgstmpegts-1_0-0-1.8.3-17.2 libgstmpegts-1_0-0-debuginfo-1.8.3-17.2 libgstphotography-1_0-0-1.8.3-17.2 libgstphotography-1_0-0-debuginfo-1.8.3-17.2 libgsturidownloader-1_0-0-1.8.3-17.2 libgsturidownloader-1_0-0-debuginfo-1.8.3-17.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-bad-lang-1.8.3-17.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-bad-lang-1.8.3-17.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-bad-1.8.3-17.2 gstreamer-plugins-bad-debuginfo-1.8.3-17.2 gstreamer-plugins-bad-debugsource-1.8.3-17.2 libgstadaptivedemux-1_0-0-1.8.3-17.2 libgstadaptivedemux-1_0-0-debuginfo-1.8.3-17.2 libgstbadaudio-1_0-0-1.8.3-17.2 libgstbadaudio-1_0-0-debuginfo-1.8.3-17.2 libgstbadbase-1_0-0-1.8.3-17.2 libgstbadbase-1_0-0-debuginfo-1.8.3-17.2 libgstbadvideo-1_0-0-1.8.3-17.2 libgstbadvideo-1_0-0-debuginfo-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-1.8.3-17.2 libgstbasecamerabinsrc-1_0-0-debuginfo-1.8.3-17.2 libgstcodecparsers-1_0-0-1.8.3-17.2 libgstcodecparsers-1_0-0-debuginfo-1.8.3-17.2 libgstgl-1_0-0-1.8.3-17.2 libgstgl-1_0-0-debuginfo-1.8.3-17.2 libgstmpegts-1_0-0-1.8.3-17.2 libgstmpegts-1_0-0-debuginfo-1.8.3-17.2 libgstphotography-1_0-0-1.8.3-17.2 libgstphotography-1_0-0-debuginfo-1.8.3-17.2 libgsturidownloader-1_0-0-1.8.3-17.2 libgsturidownloader-1_0-0-debuginfo-1.8.3-17.2 References: https://www.suse.com/security/cve/CVE-2017-5843.html https://www.suse.com/security/cve/CVE-2017-5848.html https://bugzilla.suse.com/1024044 https://bugzilla.suse.com/1024068 From sle-security-updates at lists.suse.com Fri Apr 7 13:08:27 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Apr 2017 21:08:27 +0200 (CEST) Subject: SUSE-SU-2017:0966-1: Security update for gstreamer Message-ID: <20170407190827.BD091FEAA@maintenance.suse.de> SUSE Security Update: Security update for gstreamer ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0966-1 Rating: low References: #1024051 Cross-References: CVE-2017-5838 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer fixes the following security issues: - A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (bsc#1024051, CVE-2017-5838) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-561=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-561=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-561=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-561=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-debuginfo-1.8.3-9.5 gstreamer-debugsource-1.8.3-9.5 gstreamer-devel-1.8.3-9.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-1.8.3-9.5 gstreamer-debuginfo-1.8.3-9.5 gstreamer-debugsource-1.8.3-9.5 gstreamer-utils-1.8.3-9.5 gstreamer-utils-debuginfo-1.8.3-9.5 libgstreamer-1_0-0-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-1.8.3-9.5 typelib-1_0-Gst-1_0-1.8.3-9.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-lang-1.8.3-9.5 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-1.8.3-9.5 gstreamer-debuginfo-1.8.3-9.5 gstreamer-debugsource-1.8.3-9.5 gstreamer-utils-1.8.3-9.5 gstreamer-utils-debuginfo-1.8.3-9.5 libgstreamer-1_0-0-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-1.8.3-9.5 typelib-1_0-Gst-1_0-1.8.3-9.5 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-lang-1.8.3-9.5 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gstreamer-debuginfo-32bit-1.8.3-9.5 libgstreamer-1_0-0-32bit-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-32bit-1.8.3-9.5 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-lang-1.8.3-9.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-1.8.3-9.5 gstreamer-debuginfo-1.8.3-9.5 gstreamer-debuginfo-32bit-1.8.3-9.5 gstreamer-debugsource-1.8.3-9.5 gstreamer-utils-1.8.3-9.5 gstreamer-utils-debuginfo-1.8.3-9.5 libgstreamer-1_0-0-1.8.3-9.5 libgstreamer-1_0-0-32bit-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-1.8.3-9.5 libgstreamer-1_0-0-debuginfo-32bit-1.8.3-9.5 typelib-1_0-Gst-1_0-1.8.3-9.5 References: https://www.suse.com/security/cve/CVE-2017-5838.html https://bugzilla.suse.com/1024051 From sle-security-updates at lists.suse.com Fri Apr 7 13:08:52 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 7 Apr 2017 21:08:52 +0200 (CEST) Subject: SUSE-SU-2017:0967-1: Security update for gstreamer Message-ID: <20170407190852.2DB69FC53@maintenance.suse.de> SUSE Security Update: Security update for gstreamer ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0967-1 Rating: low References: #1024051 Cross-References: CVE-2017-5838 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer fixes the following security issues: - A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (bsc#1024051, CVE-2017-5838) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-562=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-562=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-562=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-debuginfo-1.2.4-2.3.3 gstreamer-debugsource-1.2.4-2.3.3 gstreamer-devel-1.2.4-2.3.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-1.2.4-2.3.3 gstreamer-debuginfo-1.2.4-2.3.3 gstreamer-debugsource-1.2.4-2.3.3 gstreamer-utils-1.2.4-2.3.3 gstreamer-utils-debuginfo-1.2.4-2.3.3 libgstreamer-1_0-0-1.2.4-2.3.3 libgstreamer-1_0-0-debuginfo-1.2.4-2.3.3 typelib-1_0-Gst-1_0-1.2.4-2.3.3 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gstreamer-debuginfo-32bit-1.2.4-2.3.3 libgstreamer-1_0-0-32bit-1.2.4-2.3.3 libgstreamer-1_0-0-debuginfo-32bit-1.2.4-2.3.3 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-lang-1.2.4-2.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-1.2.4-2.3.3 gstreamer-debuginfo-1.2.4-2.3.3 gstreamer-debuginfo-32bit-1.2.4-2.3.3 gstreamer-debugsource-1.2.4-2.3.3 gstreamer-utils-1.2.4-2.3.3 gstreamer-utils-debuginfo-1.2.4-2.3.3 libgstreamer-1_0-0-1.2.4-2.3.3 libgstreamer-1_0-0-32bit-1.2.4-2.3.3 libgstreamer-1_0-0-debuginfo-1.2.4-2.3.3 libgstreamer-1_0-0-debuginfo-32bit-1.2.4-2.3.3 typelib-1_0-Gst-1_0-1.2.4-2.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-lang-1.2.4-2.3.3 References: https://www.suse.com/security/cve/CVE-2017-5838.html https://bugzilla.suse.com/1024051 From sle-security-updates at lists.suse.com Tue Apr 11 13:08:42 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 11 Apr 2017 21:08:42 +0200 (CEST) Subject: SUSE-SU-2017:0983-1: important: Security update for xen Message-ID: <20170411190842.E32D8FEAA@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0983-1 Rating: important References: #1014136 #1015348 #1022555 #1026236 #1027519 #1028235 #1029128 #1029827 #1030144 #1030442 Cross-References: CVE-2017-6505 CVE-2017-7228 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 8 fixes is now available. Description: This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). These non-security issues were fixed: - bsc#1015348: libvirtd didn't not start during boot - bsc#1014136: kdump couldn't dump a kernel on SLES12-SP2 with Xen hypervisor. - bsc#1026236: Fixed paravirtualized performance - bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add" - bsc#1029827: Forward port xenstored - bsc#1029128: Make xen to really produce xen.efi with gcc48 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-572=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-572=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-572=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64): xen-debugsource-4.7.2_02-36.1 xen-devel-4.7.2_02-36.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): xen-4.7.2_02-36.1 xen-debugsource-4.7.2_02-36.1 xen-doc-html-4.7.2_02-36.1 xen-libs-32bit-4.7.2_02-36.1 xen-libs-4.7.2_02-36.1 xen-libs-debuginfo-32bit-4.7.2_02-36.1 xen-libs-debuginfo-4.7.2_02-36.1 xen-tools-4.7.2_02-36.1 xen-tools-debuginfo-4.7.2_02-36.1 xen-tools-domU-4.7.2_02-36.1 xen-tools-domU-debuginfo-4.7.2_02-36.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xen-4.7.2_02-36.1 xen-debugsource-4.7.2_02-36.1 xen-libs-32bit-4.7.2_02-36.1 xen-libs-4.7.2_02-36.1 xen-libs-debuginfo-32bit-4.7.2_02-36.1 xen-libs-debuginfo-4.7.2_02-36.1 References: https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7228.html https://bugzilla.suse.com/1014136 https://bugzilla.suse.com/1015348 https://bugzilla.suse.com/1022555 https://bugzilla.suse.com/1026236 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1029128 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1030442 From sle-security-updates at lists.suse.com Wed Apr 12 10:12:20 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 12 Apr 2017 18:12:20 +0200 (CEST) Subject: SUSE-SU-2017:0990-1: important: Security update for flash-player Message-ID: <20170412161220.5D938FC60@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0990-1 Rating: important References: #1033619 Cross-References: CVE-2017-3058 CVE-2017-3059 CVE-2017-3060 CVE-2017-3061 CVE-2017-3062 CVE-2017-3063 CVE-2017-3064 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: Adobe flash-player was updated to 25.0.0.148 to fix the following issues: - Vulnerabilities fixed as advised under APSB17-10: * Use-after-free vulnerabilities that could lead to code execution (CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063). * Resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3060, CVE-2017-3061, CVE-2017-3064). - Details: https://helpx.adobe.com/security/products/flash-player/apsb17-10.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-576=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-576=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-25.0.0.148-165.1 flash-player-gnome-25.0.0.148-165.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-25.0.0.148-165.1 flash-player-gnome-25.0.0.148-165.1 References: https://www.suse.com/security/cve/CVE-2017-3058.html https://www.suse.com/security/cve/CVE-2017-3059.html https://www.suse.com/security/cve/CVE-2017-3060.html https://www.suse.com/security/cve/CVE-2017-3061.html https://www.suse.com/security/cve/CVE-2017-3062.html https://www.suse.com/security/cve/CVE-2017-3063.html https://www.suse.com/security/cve/CVE-2017-3064.html https://bugzilla.suse.com/1033619 From sle-security-updates at lists.suse.com Wed Apr 12 22:09:36 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Apr 2017 06:09:36 +0200 (CEST) Subject: SUSE-SU-2017:0998-1: important: Security update for bind Message-ID: <20170413040936.E2DEAFC53@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0998-1 Rating: important References: #1020983 #1033466 #1033467 #1033468 #987866 #989528 Cross-References: CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for bind fixes the following issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. One additional non-security bug was fixed: The default umask was changed to 077. (bsc#1020983) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-582=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-582=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-582=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-582=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-582=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-582=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-582=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-devel-9.9.9P1-59.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-devel-9.9.9P1-59.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bind-9.9.9P1-59.1 bind-chrootenv-9.9.9P1-59.1 bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bind-doc-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): bind-9.9.9P1-59.1 bind-chrootenv-9.9.9P1-59.1 bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-59.1 bind-libs-debuginfo-32bit-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bind-doc-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bind-9.9.9P1-59.1 bind-chrootenv-9.9.9P1-59.1 bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): bind-libs-32bit-9.9.9P1-59.1 bind-libs-debuginfo-32bit-9.9.9P1-59.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bind-doc-9.9.9P1-59.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-32bit-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-32bit-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bind-debuginfo-9.9.9P1-59.1 bind-debugsource-9.9.9P1-59.1 bind-libs-32bit-9.9.9P1-59.1 bind-libs-9.9.9P1-59.1 bind-libs-debuginfo-32bit-9.9.9P1-59.1 bind-libs-debuginfo-9.9.9P1-59.1 bind-utils-9.9.9P1-59.1 bind-utils-debuginfo-9.9.9P1-59.1 References: https://www.suse.com/security/cve/CVE-2016-2775.html https://www.suse.com/security/cve/CVE-2016-6170.html https://www.suse.com/security/cve/CVE-2017-3136.html https://www.suse.com/security/cve/CVE-2017-3137.html https://www.suse.com/security/cve/CVE-2017-3138.html https://bugzilla.suse.com/1020983 https://bugzilla.suse.com/1033466 https://bugzilla.suse.com/1033467 https://bugzilla.suse.com/1033468 https://bugzilla.suse.com/987866 https://bugzilla.suse.com/989528 From sle-security-updates at lists.suse.com Wed Apr 12 22:10:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Apr 2017 06:10:58 +0200 (CEST) Subject: SUSE-SU-2017:0999-1: important: Security update for bind Message-ID: <20170413041058.0A892FC60@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0999-1 Rating: important References: #1033466 #1033467 #1033468 #987866 #989528 Cross-References: CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for bind fixes the following issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-581=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-581=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): bind-9.9.9P1-28.34.1 bind-chrootenv-9.9.9P1-28.34.1 bind-debuginfo-9.9.9P1-28.34.1 bind-debugsource-9.9.9P1-28.34.1 bind-devel-9.9.9P1-28.34.1 bind-libs-32bit-9.9.9P1-28.34.1 bind-libs-9.9.9P1-28.34.1 bind-libs-debuginfo-32bit-9.9.9P1-28.34.1 bind-libs-debuginfo-9.9.9P1-28.34.1 bind-utils-9.9.9P1-28.34.1 bind-utils-debuginfo-9.9.9P1-28.34.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): bind-doc-9.9.9P1-28.34.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.34.1 bind-chrootenv-9.9.9P1-28.34.1 bind-debuginfo-9.9.9P1-28.34.1 bind-debugsource-9.9.9P1-28.34.1 bind-devel-9.9.9P1-28.34.1 bind-libs-9.9.9P1-28.34.1 bind-libs-debuginfo-9.9.9P1-28.34.1 bind-utils-9.9.9P1-28.34.1 bind-utils-debuginfo-9.9.9P1-28.34.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.34.1 bind-libs-debuginfo-32bit-9.9.9P1-28.34.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.34.1 References: https://www.suse.com/security/cve/CVE-2016-2775.html https://www.suse.com/security/cve/CVE-2016-6170.html https://www.suse.com/security/cve/CVE-2017-3136.html https://www.suse.com/security/cve/CVE-2017-3137.html https://www.suse.com/security/cve/CVE-2017-3138.html https://bugzilla.suse.com/1033466 https://bugzilla.suse.com/1033467 https://bugzilla.suse.com/1033468 https://bugzilla.suse.com/987866 https://bugzilla.suse.com/989528 From sle-security-updates at lists.suse.com Wed Apr 12 22:11:59 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Apr 2017 06:11:59 +0200 (CEST) Subject: SUSE-SU-2017:1000-1: important: Security update for bind Message-ID: <20170413041159.17DE0FC60@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1000-1 Rating: important References: #1033466 #1033467 #1033468 #987866 #989528 Cross-References: CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for bind fixes the following security issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-13060=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-13060=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-13060=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13060=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13060=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-13060=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-13060=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13060=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-13060=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-32bit-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-32bit-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-32bit-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.44.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.44.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.44.1 bind-chrootenv-9.9.6P1-0.44.1 bind-devel-9.9.6P1-0.44.1 bind-doc-9.9.6P1-0.44.1 bind-libs-9.9.6P1-0.44.1 bind-utils-9.9.6P1-0.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.44.1 bind-debugsource-9.9.6P1-0.44.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.44.1 bind-debugsource-9.9.6P1-0.44.1 References: https://www.suse.com/security/cve/CVE-2016-2775.html https://www.suse.com/security/cve/CVE-2016-6170.html https://www.suse.com/security/cve/CVE-2017-3136.html https://www.suse.com/security/cve/CVE-2017-3137.html https://www.suse.com/security/cve/CVE-2017-3138.html https://bugzilla.suse.com/1033466 https://bugzilla.suse.com/1033467 https://bugzilla.suse.com/1033468 https://bugzilla.suse.com/987866 https://bugzilla.suse.com/989528 From sle-security-updates at lists.suse.com Thu Apr 13 07:09:43 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:09:43 +0200 (CEST) Subject: SUSE-SU-2017:1003-1: Security update for gstreamer-0_10-plugins-base Message-ID: <20170413130943.3E806FEAA@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1003-1 Rating: low References: #1024076 #1024079 Cross-References: CVE-2017-5837 CVE-2017-5844 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-586=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-586=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-586=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-586=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-0_10-plugins-base-0.10.36-17.13 gstreamer-0_10-plugins-base-debuginfo-0.10.36-17.13 gstreamer-0_10-plugins-base-debugsource-0.10.36-17.13 libgstapp-0_10-0-0.10.36-17.13 libgstapp-0_10-0-debuginfo-0.10.36-17.13 libgstinterfaces-0_10-0-0.10.36-17.13 libgstinterfaces-0_10-0-debuginfo-0.10.36-17.13 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-17.13 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.36-17.13 gstreamer-0_10-plugins-base-debugsource-0.10.36-17.13 gstreamer-0_10-plugins-base-devel-0.10.36-17.13 typelib-1_0-GstApp-0_10-0.10.36-17.13 typelib-1_0-GstInterfaces-0_10-0.10.36-17.13 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-17.13 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-17.13 gstreamer-0_10-plugins-base-debugsource-0.10.36-17.13 libgstapp-0_10-0-32bit-0.10.36-17.13 libgstapp-0_10-0-debuginfo-32bit-0.10.36-17.13 libgstinterfaces-0_10-0-32bit-0.10.36-17.13 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-17.13 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-17.13 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-0_10-plugins-base-0.10.36-17.13 gstreamer-0_10-plugins-base-32bit-0.10.36-17.13 gstreamer-0_10-plugins-base-debuginfo-0.10.36-17.13 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-17.13 gstreamer-0_10-plugins-base-debugsource-0.10.36-17.13 libgstapp-0_10-0-0.10.36-17.13 libgstapp-0_10-0-32bit-0.10.36-17.13 libgstapp-0_10-0-debuginfo-0.10.36-17.13 libgstapp-0_10-0-debuginfo-32bit-0.10.36-17.13 libgstinterfaces-0_10-0-0.10.36-17.13 libgstinterfaces-0_10-0-32bit-0.10.36-17.13 libgstinterfaces-0_10-0-debuginfo-0.10.36-17.13 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-17.13 References: https://www.suse.com/security/cve/CVE-2017-5837.html https://www.suse.com/security/cve/CVE-2017-5844.html https://bugzilla.suse.com/1024076 https://bugzilla.suse.com/1024079 From sle-security-updates at lists.suse.com Thu Apr 13 07:10:18 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:10:18 +0200 (CEST) Subject: SUSE-SU-2017:1004-1: Security update for gstreamer-plugins-good Message-ID: <20170413131018.08E10FC53@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1004-1 Rating: low References: #1024014 #1024017 #1024034 Cross-References: CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198) - A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199) - A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-588=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-588=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-good-1.2.4-2.9.1 gstreamer-plugins-good-debuginfo-1.2.4-2.9.1 gstreamer-plugins-good-debugsource-1.2.4-2.9.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-plugins-good-lang-1.2.4-2.9.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-plugins-good-lang-1.2.4-2.9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-plugins-good-1.2.4-2.9.1 gstreamer-plugins-good-debuginfo-1.2.4-2.9.1 gstreamer-plugins-good-debugsource-1.2.4-2.9.1 References: https://www.suse.com/security/cve/CVE-2016-10198.html https://www.suse.com/security/cve/CVE-2016-10199.html https://www.suse.com/security/cve/CVE-2017-5840.html https://bugzilla.suse.com/1024014 https://bugzilla.suse.com/1024017 https://bugzilla.suse.com/1024034 From sle-security-updates at lists.suse.com Thu Apr 13 07:12:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:12:40 +0200 (CEST) Subject: SUSE-SU-2017:1008-1: moderate: Security update for sblim-sfcb Message-ID: <20170413131240.50FB0FC53@maintenance.suse.de> SUSE Security Update: Security update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1008-1 Rating: moderate References: #1008130 #1012814 #923349 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for sblim-sfcb fixes the following issues: Feature enhancements: - A seperate sblim-sfcb-openssl1 package was added to the SECURITY Module. (fate#322032/bsc#1012814) This package can be installed additionaly, and the SysV Init script will pick the openssl1 variant on the next start, offering TLS 1.2 support on the WBEM SSL socket. Bugfixes: - Add sslNoSSLv3 and sslNoTLSv1 configuration options (bsc#923349, bsc#1008130) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sblim-sfcb-13061=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-sblim-sfcb-13061=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sblim-sfcb-13061=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-1.3.11-0.28.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-openssl1-1.3.11-0.28.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-debuginfo-1.3.11-0.28.1 sblim-sfcb-debugsource-1.3.11-0.28.1 References: https://bugzilla.suse.com/1008130 https://bugzilla.suse.com/1012814 https://bugzilla.suse.com/923349 From sle-security-updates at lists.suse.com Thu Apr 13 07:13:47 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:13:47 +0200 (CEST) Subject: SUSE-SU-2017:1010-1: Security update for gstreamer-plugins-good Message-ID: <20170413131347.8FE02FC53@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1010-1 Rating: low References: #1024014 #1024017 #1024030 #1024034 #1024062 Cross-References: CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198) - A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199) - A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840) - A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (bsc#1024030, CVE-2017-5841) - A crafted avi file could have caused an invalid read access resulting in denial of service (bsc#1024062, CVE-2017-5845) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-587=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-587=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-587=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-good-1.8.3-12.12 gstreamer-plugins-good-debuginfo-1.8.3-12.12 gstreamer-plugins-good-debugsource-1.8.3-12.12 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-12.12 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-good-1.8.3-12.12 gstreamer-plugins-good-debuginfo-1.8.3-12.12 gstreamer-plugins-good-debugsource-1.8.3-12.12 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-12.12 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-good-1.8.3-12.12 gstreamer-plugins-good-debuginfo-1.8.3-12.12 gstreamer-plugins-good-debugsource-1.8.3-12.12 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-good-lang-1.8.3-12.12 References: https://www.suse.com/security/cve/CVE-2016-10198.html https://www.suse.com/security/cve/CVE-2016-10199.html https://www.suse.com/security/cve/CVE-2017-5840.html https://www.suse.com/security/cve/CVE-2017-5841.html https://www.suse.com/security/cve/CVE-2017-5845.html https://bugzilla.suse.com/1024014 https://bugzilla.suse.com/1024017 https://bugzilla.suse.com/1024030 https://bugzilla.suse.com/1024034 https://bugzilla.suse.com/1024062 From sle-security-updates at lists.suse.com Thu Apr 13 07:15:04 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 13 Apr 2017 15:15:04 +0200 (CEST) Subject: SUSE-SU-2017:1012-1: Security update for gstreamer-0_10-plugins-base Message-ID: <20170413131504.6B796FEAA@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1012-1 Rating: low References: #1024076 #1024079 Cross-References: CVE-2017-5837 CVE-2017-5844 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-585=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-585=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-585=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-585=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gstreamer-0_10-plugins-base-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debuginfo-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debugsource-0.10.36-11.6.9 libgstapp-0_10-0-0.10.36-11.6.9 libgstapp-0_10-0-debuginfo-0.10.36-11.6.9 libgstinterfaces-0_10-0-0.10.36-11.6.9 libgstinterfaces-0_10-0-debuginfo-0.10.36-11.6.9 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-11.6.9 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debugsource-0.10.36-11.6.9 gstreamer-0_10-plugins-base-devel-0.10.36-11.6.9 typelib-1_0-GstApp-0_10-0.10.36-11.6.9 typelib-1_0-GstInterfaces-0_10-0.10.36-11.6.9 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-11.6.9 libgstapp-0_10-0-32bit-0.10.36-11.6.9 libgstapp-0_10-0-debuginfo-32bit-0.10.36-11.6.9 libgstinterfaces-0_10-0-32bit-0.10.36-11.6.9 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-11.6.9 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-0_10-plugins-base-0.10.36-11.6.9 gstreamer-0_10-plugins-base-32bit-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debuginfo-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-11.6.9 gstreamer-0_10-plugins-base-debugsource-0.10.36-11.6.9 libgstapp-0_10-0-0.10.36-11.6.9 libgstapp-0_10-0-32bit-0.10.36-11.6.9 libgstapp-0_10-0-debuginfo-0.10.36-11.6.9 libgstapp-0_10-0-debuginfo-32bit-0.10.36-11.6.9 libgstinterfaces-0_10-0-0.10.36-11.6.9 libgstinterfaces-0_10-0-32bit-0.10.36-11.6.9 libgstinterfaces-0_10-0-debuginfo-0.10.36-11.6.9 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-11.6.9 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-11.6.9 References: https://www.suse.com/security/cve/CVE-2017-5837.html https://www.suse.com/security/cve/CVE-2017-5844.html https://bugzilla.suse.com/1024076 https://bugzilla.suse.com/1024079 From sle-security-updates at lists.suse.com Mon Apr 17 22:09:36 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 06:09:36 +0200 (CEST) Subject: SUSE-SU-2017:1027-1: important: Security update for bind Message-ID: <20170418040936.F0371FEAF@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1027-1 Rating: important References: #1034162 Cross-References: CVE-2017-3137 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - A regression in the fix for CVE-2017-3137 caused an assert in name.c (bsc#1034162) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-13063=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-13063=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-13063=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13063=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13063=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-13063=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-13063=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13063=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-13063=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-32bit-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-32bit-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-32bit-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.47.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.47.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.47.1 bind-chrootenv-9.9.6P1-0.47.1 bind-devel-9.9.6P1-0.47.1 bind-doc-9.9.6P1-0.47.1 bind-libs-9.9.6P1-0.47.1 bind-utils-9.9.6P1-0.47.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.47.1 bind-debugsource-9.9.6P1-0.47.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.47.1 bind-debugsource-9.9.6P1-0.47.1 References: https://www.suse.com/security/cve/CVE-2017-3137.html https://bugzilla.suse.com/1034162 From sle-security-updates at lists.suse.com Tue Apr 18 04:11:18 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 12:11:18 +0200 (CEST) Subject: SUSE-SU-2017:1030-1: moderate: Security update for libsndfile Message-ID: <20170418101118.D8F24FEAD@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1030-1 Rating: moderate References: #1033054 #1033914 #1033915 Cross-References: CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: - CVE-2017-7585,CVE-2017-7741,CVE-2017-7742: Some stack-based buffer overflows via a specially crafted FLAC file were fixed (error in the "flac_buffer_copy()" function) (bsc#1033054, bsc#1033914, bsc#1033915). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libsndfile-13064=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libsndfile-13064=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libsndfile-13064=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-devel-1.0.20-2.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-1.0.20-2.13.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsndfile-32bit-1.0.20-2.13.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsndfile-x86-1.0.20-2.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-debuginfo-1.0.20-2.13.1 libsndfile-debugsource-1.0.20-2.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libsndfile-debuginfo-32bit-1.0.20-2.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libsndfile-debuginfo-x86-1.0.20-2.13.1 References: https://www.suse.com/security/cve/CVE-2017-7585.html https://www.suse.com/security/cve/CVE-2017-7741.html https://www.suse.com/security/cve/CVE-2017-7742.html https://bugzilla.suse.com/1033054 https://bugzilla.suse.com/1033914 https://bugzilla.suse.com/1033915 From sle-security-updates at lists.suse.com Tue Apr 18 07:08:42 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:08:42 +0200 (CEST) Subject: SUSE-SU-2017:1039-1: Security update for gstreamer-plugins-base Message-ID: <20170418130842.6CDF0FEAF@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1039-1 Rating: low References: #1024041 #1024047 #1024076 #1024079 Cross-References: CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gstreamer-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) - A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839) - A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-605=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-605=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-605=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-605=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-605=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debuginfo-32bit-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 libgstfft-1_0-0-32bit-1.8.3-12.11 libgstfft-1_0-0-debuginfo-32bit-1.8.3-12.11 typelib-1_0-GstAudio-1_0-1.8.3-12.11 typelib-1_0-GstPbutils-1_0-1.8.3-12.11 typelib-1_0-GstTag-1_0-1.8.3-12.11 typelib-1_0-GstVideo-1_0-1.8.3-12.11 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 gstreamer-plugins-base-devel-1.8.3-12.11 typelib-1_0-GstAllocators-1_0-1.8.3-12.11 typelib-1_0-GstApp-1_0-1.8.3-12.11 typelib-1_0-GstAudio-1_0-1.8.3-12.11 typelib-1_0-GstFft-1_0-1.8.3-12.11 typelib-1_0-GstPbutils-1_0-1.8.3-12.11 typelib-1_0-GstRtp-1_0-1.8.3-12.11 typelib-1_0-GstRtsp-1_0-1.8.3-12.11 typelib-1_0-GstSdp-1_0-1.8.3-12.11 typelib-1_0-GstTag-1_0-1.8.3-12.11 typelib-1_0-GstVideo-1_0-1.8.3-12.11 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-base-1.8.3-12.11 gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 libgstallocators-1_0-0-1.8.3-12.11 libgstallocators-1_0-0-debuginfo-1.8.3-12.11 libgstapp-1_0-0-1.8.3-12.11 libgstapp-1_0-0-debuginfo-1.8.3-12.11 libgstaudio-1_0-0-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-1.8.3-12.11 libgstfft-1_0-0-1.8.3-12.11 libgstfft-1_0-0-debuginfo-1.8.3-12.11 libgstpbutils-1_0-0-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-1.8.3-12.11 libgstriff-1_0-0-1.8.3-12.11 libgstriff-1_0-0-debuginfo-1.8.3-12.11 libgstrtp-1_0-0-1.8.3-12.11 libgstrtp-1_0-0-debuginfo-1.8.3-12.11 libgstrtsp-1_0-0-1.8.3-12.11 libgstrtsp-1_0-0-debuginfo-1.8.3-12.11 libgstsdp-1_0-0-1.8.3-12.11 libgstsdp-1_0-0-debuginfo-1.8.3-12.11 libgsttag-1_0-0-1.8.3-12.11 libgsttag-1_0-0-debuginfo-1.8.3-12.11 libgstvideo-1_0-0-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-1.8.3-12.11 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-12.11 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-base-1.8.3-12.11 gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 libgstallocators-1_0-0-1.8.3-12.11 libgstallocators-1_0-0-debuginfo-1.8.3-12.11 libgstapp-1_0-0-1.8.3-12.11 libgstapp-1_0-0-debuginfo-1.8.3-12.11 libgstaudio-1_0-0-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-1.8.3-12.11 libgstfft-1_0-0-1.8.3-12.11 libgstfft-1_0-0-debuginfo-1.8.3-12.11 libgstpbutils-1_0-0-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-1.8.3-12.11 libgstriff-1_0-0-1.8.3-12.11 libgstriff-1_0-0-debuginfo-1.8.3-12.11 libgstrtp-1_0-0-1.8.3-12.11 libgstrtp-1_0-0-debuginfo-1.8.3-12.11 libgstrtsp-1_0-0-1.8.3-12.11 libgstrtsp-1_0-0-debuginfo-1.8.3-12.11 libgstsdp-1_0-0-1.8.3-12.11 libgstsdp-1_0-0-debuginfo-1.8.3-12.11 libgsttag-1_0-0-1.8.3-12.11 libgsttag-1_0-0-debuginfo-1.8.3-12.11 libgstvideo-1_0-0-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-1.8.3-12.11 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gstreamer-plugins-base-debuginfo-32bit-1.8.3-12.11 libgstapp-1_0-0-32bit-1.8.3-12.11 libgstapp-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstaudio-1_0-0-32bit-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstpbutils-1_0-0-32bit-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-12.11 libgsttag-1_0-0-32bit-1.8.3-12.11 libgsttag-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstvideo-1_0-0-32bit-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-12.11 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-12.11 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-base-1.8.3-12.11 gstreamer-plugins-base-debuginfo-1.8.3-12.11 gstreamer-plugins-base-debuginfo-32bit-1.8.3-12.11 gstreamer-plugins-base-debugsource-1.8.3-12.11 libgstallocators-1_0-0-1.8.3-12.11 libgstallocators-1_0-0-debuginfo-1.8.3-12.11 libgstapp-1_0-0-1.8.3-12.11 libgstapp-1_0-0-32bit-1.8.3-12.11 libgstapp-1_0-0-debuginfo-1.8.3-12.11 libgstapp-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstaudio-1_0-0-1.8.3-12.11 libgstaudio-1_0-0-32bit-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-1.8.3-12.11 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstfft-1_0-0-1.8.3-12.11 libgstfft-1_0-0-32bit-1.8.3-12.11 libgstfft-1_0-0-debuginfo-1.8.3-12.11 libgstfft-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstpbutils-1_0-0-1.8.3-12.11 libgstpbutils-1_0-0-32bit-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-1.8.3-12.11 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstriff-1_0-0-1.8.3-12.11 libgstriff-1_0-0-debuginfo-1.8.3-12.11 libgstrtp-1_0-0-1.8.3-12.11 libgstrtp-1_0-0-debuginfo-1.8.3-12.11 libgstrtsp-1_0-0-1.8.3-12.11 libgstrtsp-1_0-0-debuginfo-1.8.3-12.11 libgstsdp-1_0-0-1.8.3-12.11 libgstsdp-1_0-0-debuginfo-1.8.3-12.11 libgsttag-1_0-0-1.8.3-12.11 libgsttag-1_0-0-32bit-1.8.3-12.11 libgsttag-1_0-0-debuginfo-1.8.3-12.11 libgsttag-1_0-0-debuginfo-32bit-1.8.3-12.11 libgstvideo-1_0-0-1.8.3-12.11 libgstvideo-1_0-0-32bit-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-1.8.3-12.11 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-12.11 typelib-1_0-GstAudio-1_0-1.8.3-12.11 typelib-1_0-GstPbutils-1_0-1.8.3-12.11 typelib-1_0-GstTag-1_0-1.8.3-12.11 typelib-1_0-GstVideo-1_0-1.8.3-12.11 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-12.11 References: https://www.suse.com/security/cve/CVE-2017-5837.html https://www.suse.com/security/cve/CVE-2017-5839.html https://www.suse.com/security/cve/CVE-2017-5842.html https://www.suse.com/security/cve/CVE-2017-5844.html https://bugzilla.suse.com/1024041 https://bugzilla.suse.com/1024047 https://bugzilla.suse.com/1024076 https://bugzilla.suse.com/1024079 From sle-security-updates at lists.suse.com Tue Apr 18 07:09:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:09:40 +0200 (CEST) Subject: SUSE-SU-2017:1040-1: moderate: Security update for libsndfile Message-ID: <20170418130940.38C43FEAF@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1040-1 Rating: moderate References: #1033053 #1033054 #1033914 #1033915 Cross-References: CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libsndfile fixes the following security issues: - CVE-2017-7586: A stack-based buffer overflow via a specially crafted FLAC file was fixed (error in the "header_read()" function) (bsc#1033053) - CVE-2017-7585,CVE-2017-7741, CVE-2017-7742: Several stack-based buffer overflows via a specially crafted FLAC file (error in the "flac_buffer_copy()" function) were fixed (bsc#1033054,bsc#1033915,bsc#1033914). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-607=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-607=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-607=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-607=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-607=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-607=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-607=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile-devel-1.0.25-28.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile-devel-1.0.25-28.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsndfile1-32bit-1.0.25-28.1 libsndfile1-debuginfo-32bit-1.0.25-28.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libsndfile1-32bit-1.0.25-28.1 libsndfile1-debuginfo-32bit-1.0.25-28.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-32bit-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 libsndfile1-debuginfo-32bit-1.0.25-28.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsndfile-debugsource-1.0.25-28.1 libsndfile1-1.0.25-28.1 libsndfile1-32bit-1.0.25-28.1 libsndfile1-debuginfo-1.0.25-28.1 libsndfile1-debuginfo-32bit-1.0.25-28.1 References: https://www.suse.com/security/cve/CVE-2017-7585.html https://www.suse.com/security/cve/CVE-2017-7586.html https://www.suse.com/security/cve/CVE-2017-7741.html https://www.suse.com/security/cve/CVE-2017-7742.html https://bugzilla.suse.com/1033053 https://bugzilla.suse.com/1033054 https://bugzilla.suse.com/1033914 https://bugzilla.suse.com/1033915 From sle-security-updates at lists.suse.com Tue Apr 18 07:10:35 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:10:35 +0200 (CEST) Subject: SUSE-SU-2017:1041-1: Security update for gstreamer-plugins-base Message-ID: <20170418131035.08342FEAA@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1041-1 Rating: low References: #1024041 #1024047 #1024076 #1024079 Cross-References: CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gstreamer-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) - A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839) - A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-606=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-606=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-606=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-606=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-606=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gstreamer-plugins-base-debuginfo-1.2.4-2.6.8 gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.6.8 gstreamer-plugins-base-debugsource-1.2.4-2.6.8 libgstfft-1_0-0-32bit-1.2.4-2.6.8 libgstfft-1_0-0-debuginfo-32bit-1.2.4-2.6.8 typelib-1_0-GstAudio-1_0-1.2.4-2.6.8 typelib-1_0-GstPbutils-1_0-1.2.4-2.6.8 typelib-1_0-GstTag-1_0-1.2.4-2.6.8 typelib-1_0-GstVideo-1_0-1.2.4-2.6.8 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-GstRiff-1_0-1.2.4-2.6.8 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-base-debuginfo-1.2.4-2.6.8 gstreamer-plugins-base-debugsource-1.2.4-2.6.8 gstreamer-plugins-base-devel-1.2.4-2.6.8 typelib-1_0-GstAllocators-1_0-1.2.4-2.6.8 typelib-1_0-GstApp-1_0-1.2.4-2.6.8 typelib-1_0-GstAudio-1_0-1.2.4-2.6.8 typelib-1_0-GstFft-1_0-1.2.4-2.6.8 typelib-1_0-GstPbutils-1_0-1.2.4-2.6.8 typelib-1_0-GstRiff-1_0-1.2.4-2.6.8 typelib-1_0-GstRtp-1_0-1.2.4-2.6.8 typelib-1_0-GstRtsp-1_0-1.2.4-2.6.8 typelib-1_0-GstSdp-1_0-1.2.4-2.6.8 typelib-1_0-GstTag-1_0-1.2.4-2.6.8 typelib-1_0-GstVideo-1_0-1.2.4-2.6.8 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-base-1.2.4-2.6.8 gstreamer-plugins-base-debuginfo-1.2.4-2.6.8 gstreamer-plugins-base-debugsource-1.2.4-2.6.8 libgstallocators-1_0-0-1.2.4-2.6.8 libgstallocators-1_0-0-debuginfo-1.2.4-2.6.8 libgstapp-1_0-0-1.2.4-2.6.8 libgstapp-1_0-0-debuginfo-1.2.4-2.6.8 libgstaudio-1_0-0-1.2.4-2.6.8 libgstaudio-1_0-0-debuginfo-1.2.4-2.6.8 libgstfft-1_0-0-1.2.4-2.6.8 libgstfft-1_0-0-debuginfo-1.2.4-2.6.8 libgstpbutils-1_0-0-1.2.4-2.6.8 libgstpbutils-1_0-0-debuginfo-1.2.4-2.6.8 libgstriff-1_0-0-1.2.4-2.6.8 libgstriff-1_0-0-debuginfo-1.2.4-2.6.8 libgstrtp-1_0-0-1.2.4-2.6.8 libgstrtp-1_0-0-debuginfo-1.2.4-2.6.8 libgstrtsp-1_0-0-1.2.4-2.6.8 libgstrtsp-1_0-0-debuginfo-1.2.4-2.6.8 libgstsdp-1_0-0-1.2.4-2.6.8 libgstsdp-1_0-0-debuginfo-1.2.4-2.6.8 libgsttag-1_0-0-1.2.4-2.6.8 libgsttag-1_0-0-debuginfo-1.2.4-2.6.8 libgstvideo-1_0-0-1.2.4-2.6.8 libgstvideo-1_0-0-debuginfo-1.2.4-2.6.8 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.6.8 libgstapp-1_0-0-32bit-1.2.4-2.6.8 libgstapp-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstaudio-1_0-0-32bit-1.2.4-2.6.8 libgstaudio-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstpbutils-1_0-0-32bit-1.2.4-2.6.8 libgstpbutils-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgsttag-1_0-0-32bit-1.2.4-2.6.8 libgsttag-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstvideo-1_0-0-32bit-1.2.4-2.6.8 libgstvideo-1_0-0-debuginfo-32bit-1.2.4-2.6.8 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-plugins-base-lang-1.2.4-2.6.8 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-plugins-base-lang-1.2.4-2.6.8 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-plugins-base-1.2.4-2.6.8 gstreamer-plugins-base-debuginfo-1.2.4-2.6.8 gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.6.8 gstreamer-plugins-base-debugsource-1.2.4-2.6.8 libgstallocators-1_0-0-1.2.4-2.6.8 libgstallocators-1_0-0-debuginfo-1.2.4-2.6.8 libgstapp-1_0-0-1.2.4-2.6.8 libgstapp-1_0-0-32bit-1.2.4-2.6.8 libgstapp-1_0-0-debuginfo-1.2.4-2.6.8 libgstapp-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstaudio-1_0-0-1.2.4-2.6.8 libgstaudio-1_0-0-32bit-1.2.4-2.6.8 libgstaudio-1_0-0-debuginfo-1.2.4-2.6.8 libgstaudio-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstfft-1_0-0-1.2.4-2.6.8 libgstfft-1_0-0-32bit-1.2.4-2.6.8 libgstfft-1_0-0-debuginfo-1.2.4-2.6.8 libgstfft-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstpbutils-1_0-0-1.2.4-2.6.8 libgstpbutils-1_0-0-32bit-1.2.4-2.6.8 libgstpbutils-1_0-0-debuginfo-1.2.4-2.6.8 libgstpbutils-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstriff-1_0-0-1.2.4-2.6.8 libgstriff-1_0-0-debuginfo-1.2.4-2.6.8 libgstrtp-1_0-0-1.2.4-2.6.8 libgstrtp-1_0-0-debuginfo-1.2.4-2.6.8 libgstrtsp-1_0-0-1.2.4-2.6.8 libgstrtsp-1_0-0-debuginfo-1.2.4-2.6.8 libgstsdp-1_0-0-1.2.4-2.6.8 libgstsdp-1_0-0-debuginfo-1.2.4-2.6.8 libgsttag-1_0-0-1.2.4-2.6.8 libgsttag-1_0-0-32bit-1.2.4-2.6.8 libgsttag-1_0-0-debuginfo-1.2.4-2.6.8 libgsttag-1_0-0-debuginfo-32bit-1.2.4-2.6.8 libgstvideo-1_0-0-1.2.4-2.6.8 libgstvideo-1_0-0-32bit-1.2.4-2.6.8 libgstvideo-1_0-0-debuginfo-1.2.4-2.6.8 libgstvideo-1_0-0-debuginfo-32bit-1.2.4-2.6.8 typelib-1_0-GstAudio-1_0-1.2.4-2.6.8 typelib-1_0-GstPbutils-1_0-1.2.4-2.6.8 typelib-1_0-GstTag-1_0-1.2.4-2.6.8 typelib-1_0-GstVideo-1_0-1.2.4-2.6.8 References: https://www.suse.com/security/cve/CVE-2017-5837.html https://www.suse.com/security/cve/CVE-2017-5839.html https://www.suse.com/security/cve/CVE-2017-5842.html https://www.suse.com/security/cve/CVE-2017-5844.html https://bugzilla.suse.com/1024041 https://bugzilla.suse.com/1024047 https://bugzilla.suse.com/1024076 https://bugzilla.suse.com/1024079 From sle-security-updates at lists.suse.com Tue Apr 18 07:11:34 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:11:34 +0200 (CEST) Subject: SUSE-SU-2017:1042-1: moderate: Security update for curl Message-ID: <20170418131134.B83D0FEAA@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1042-1 Rating: moderate References: #1015332 #1027712 #1032309 Cross-References: CVE-2016-9586 CVE-2017-7407 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-609=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-609=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-609=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-609=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-609=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-609=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-609=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-609=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl-devel-7.37.0-36.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl-devel-7.37.0-36.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libcurl4-32bit-7.37.0-36.1 libcurl4-debuginfo-32bit-7.37.0-36.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcurl4-32bit-7.37.0-36.1 libcurl4-debuginfo-32bit-7.37.0-36.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-32bit-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-32bit-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-32bit-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-32bit-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-36.1 curl-debuginfo-7.37.0-36.1 curl-debugsource-7.37.0-36.1 libcurl4-7.37.0-36.1 libcurl4-debuginfo-7.37.0-36.1 References: https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2017-7407.html https://bugzilla.suse.com/1015332 https://bugzilla.suse.com/1027712 https://bugzilla.suse.com/1032309 From sle-security-updates at lists.suse.com Tue Apr 18 07:12:23 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:12:23 +0200 (CEST) Subject: SUSE-SU-2017:1043-1: moderate: Security update for curl Message-ID: <20170418131223.BF893FEAA@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1043-1 Rating: moderate References: #1015332 #1032309 Cross-References: CVE-2016-9586 CVE-2017-7407 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-curl-13065=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-curl-13065=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-13065=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-13065=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.69.1 libcurl4-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libcurl4-x86-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.19.7-1.69.1 libcurl4-openssl1-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.19.7-1.69.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.19.7-1.69.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.69.1 curl-debugsource-7.19.7-1.69.1 References: https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2017-7407.html https://bugzilla.suse.com/1015332 https://bugzilla.suse.com/1032309 From sle-security-updates at lists.suse.com Tue Apr 18 07:12:59 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 15:12:59 +0200 (CEST) Subject: SUSE-SU-2017:1044-1: important: Security update for tiff Message-ID: <20170418131259.DF0C7FEAA@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1044-1 Rating: important References: #1031247 #1031249 #1031250 #1031254 #1031255 #1031262 #1031263 Cross-References: CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9 (bsc#1031247). - CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13 (bsc#1031249). - CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22 (bsc#1031250). - CVE-2016-10269: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2 (bsc#1031254). - CVE-2016-10268: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23 (bsc#1031255). - CVE-2016-10267: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8 (bsc#1031262). - CVE-2016-10266: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (bsc#1031263). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-610=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-610=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-610=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-610=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-610=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-610=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-610=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtiff-devel-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libtiff5-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libtiff5-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libtiff5-32bit-4.0.7-43.1 libtiff5-debuginfo-32bit-4.0.7-43.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtiff5-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtiff5-32bit-4.0.7-43.1 libtiff5-debuginfo-32bit-4.0.7-43.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libtiff5-32bit-4.0.7-43.1 libtiff5-4.0.7-43.1 libtiff5-debuginfo-32bit-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtiff5-32bit-4.0.7-43.1 libtiff5-4.0.7-43.1 libtiff5-debuginfo-32bit-4.0.7-43.1 libtiff5-debuginfo-4.0.7-43.1 tiff-debuginfo-4.0.7-43.1 tiff-debugsource-4.0.7-43.1 References: https://www.suse.com/security/cve/CVE-2016-10266.html https://www.suse.com/security/cve/CVE-2016-10267.html https://www.suse.com/security/cve/CVE-2016-10268.html https://www.suse.com/security/cve/CVE-2016-10269.html https://www.suse.com/security/cve/CVE-2016-10270.html https://www.suse.com/security/cve/CVE-2016-10271.html https://www.suse.com/security/cve/CVE-2016-10272.html https://bugzilla.suse.com/1031247 https://bugzilla.suse.com/1031249 https://bugzilla.suse.com/1031250 https://bugzilla.suse.com/1031254 https://bugzilla.suse.com/1031255 https://bugzilla.suse.com/1031262 https://bugzilla.suse.com/1031263 From sle-security-updates at lists.suse.com Tue Apr 18 13:08:55 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 21:08:55 +0200 (CEST) Subject: SUSE-SU-2017:1047-1: moderate: Security update for ntp Message-ID: <20170418190855.B1293FEB0@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1047-1 Rating: moderate References: #1014172 #1030050 Cross-References: CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-612=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-612=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): ntp-4.2.8p10-46.23.1 ntp-debuginfo-4.2.8p10-46.23.1 ntp-debugsource-4.2.8p10-46.23.1 ntp-doc-4.2.8p10-46.23.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ntp-4.2.8p10-46.23.1 ntp-debuginfo-4.2.8p10-46.23.1 ntp-debugsource-4.2.8p10-46.23.1 ntp-doc-4.2.8p10-46.23.1 References: https://www.suse.com/security/cve/CVE-2016-9042.html https://www.suse.com/security/cve/CVE-2017-6451.html https://www.suse.com/security/cve/CVE-2017-6458.html https://www.suse.com/security/cve/CVE-2017-6460.html https://www.suse.com/security/cve/CVE-2017-6462.html https://www.suse.com/security/cve/CVE-2017-6463.html https://www.suse.com/security/cve/CVE-2017-6464.html https://bugzilla.suse.com/1014172 https://bugzilla.suse.com/1030050 From sle-security-updates at lists.suse.com Tue Apr 18 13:09:33 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 21:09:33 +0200 (CEST) Subject: SUSE-SU-2017:1048-1: moderate: Security update for ntp Message-ID: <20170418190933.D6D22FEB0@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1048-1 Rating: moderate References: #1014172 #1030050 Cross-References: CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-611=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-611=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-611=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-611=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-611=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ntp-4.2.8p10-60.1 ntp-debuginfo-4.2.8p10-60.1 ntp-debugsource-4.2.8p10-60.1 ntp-doc-4.2.8p10-60.1 References: https://www.suse.com/security/cve/CVE-2016-9042.html https://www.suse.com/security/cve/CVE-2017-6451.html https://www.suse.com/security/cve/CVE-2017-6458.html https://www.suse.com/security/cve/CVE-2017-6460.html https://www.suse.com/security/cve/CVE-2017-6462.html https://www.suse.com/security/cve/CVE-2017-6463.html https://www.suse.com/security/cve/CVE-2017-6464.html https://bugzilla.suse.com/1014172 https://bugzilla.suse.com/1030050 From sle-security-updates at lists.suse.com Tue Apr 18 13:11:31 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 18 Apr 2017 21:11:31 +0200 (CEST) Subject: SUSE-SU-2017:1052-1: moderate: Security update for ntp Message-ID: <20170418191131.A0D57F7A6@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1052-1 Rating: moderate References: #1014172 #1030050 #1031085 Cross-References: CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This ntp update to version 4.2.8p10 fixes the following issues: Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - Fixing ppc and ppc64 linker issue (bsc#1031085). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-13066=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-13066=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p10-63.1 ntp-doc-4.2.8p10-63.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p10-63.1 ntp-debugsource-4.2.8p10-63.1 References: https://www.suse.com/security/cve/CVE-2016-9042.html https://www.suse.com/security/cve/CVE-2017-6451.html https://www.suse.com/security/cve/CVE-2017-6458.html https://www.suse.com/security/cve/CVE-2017-6460.html https://www.suse.com/security/cve/CVE-2017-6462.html https://www.suse.com/security/cve/CVE-2017-6463.html https://www.suse.com/security/cve/CVE-2017-6464.html https://bugzilla.suse.com/1014172 https://bugzilla.suse.com/1030050 https://bugzilla.suse.com/1031085 From sle-security-updates at lists.suse.com Wed Apr 19 07:06:51 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Apr 2017 15:06:51 +0200 (CEST) Subject: SUSE-SU-2017:1058-1: important: Security update for xen Message-ID: <20170419130651.87903FEB0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1058-1 Rating: important References: #1027570 #1028235 #1030442 Cross-References: CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following security issues: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-xen-13067=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-xen-13067=1 - SUSE Manager 2.1: zypper in -t patch sleman21-xen-13067=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13067=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13067=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-13067=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): xen-4.2.5_21-38.1 xen-doc-html-4.2.5_21-38.1 xen-doc-pdf-4.2.5_21-38.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-32bit-4.2.5_21-38.1 xen-libs-4.2.5_21-38.1 xen-tools-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Manager Proxy 2.1 (x86_64): xen-4.2.5_21-38.1 xen-doc-html-4.2.5_21-38.1 xen-doc-pdf-4.2.5_21-38.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-32bit-4.2.5_21-38.1 xen-libs-4.2.5_21-38.1 xen-tools-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Manager 2.1 (x86_64): xen-4.2.5_21-38.1 xen-doc-html-4.2.5_21-38.1 xen-doc-pdf-4.2.5_21-38.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-32bit-4.2.5_21-38.1 xen-libs-4.2.5_21-38.1 xen-tools-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-38.1 xen-doc-html-4.2.5_21-38.1 xen-doc-pdf-4.2.5_21-38.1 xen-libs-32bit-4.2.5_21-38.1 xen-tools-4.2.5_21-38.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.99-38.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.99-38.1 xen-libs-4.2.5_21-38.1 xen-tools-domU-4.2.5_21-38.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-38.1 xen-debugsource-4.2.5_21-38.1 References: https://www.suse.com/security/cve/CVE-2017-6414.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7228.html https://bugzilla.suse.com/1027570 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1030442 From sle-security-updates at lists.suse.com Wed Apr 19 10:09:30 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Apr 2017 18:09:30 +0200 (CEST) Subject: SUSE-SU-2017:1059-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1 Message-ID: <20170419160930.F3752FEB0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1059-1 Rating: important References: #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-618=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_35-default-2-2.1 kgraft-patch-3_12_69-60_64_35-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-security-updates at lists.suse.com Wed Apr 19 10:10:16 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Apr 2017 18:10:16 +0200 (CEST) Subject: SUSE-SU-2017:1060-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 Message-ID: <20170419161016.A7636FEAE@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1060-1 Rating: important References: #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-619=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-security-updates at lists.suse.com Wed Apr 19 13:08:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Apr 2017 21:08:58 +0200 (CEST) Subject: SUSE-SU-2017:1062-1: moderate: Security update for python-oslo.middleware Message-ID: <20170419190858.16091FEB0@maintenance.suse.de> SUSE Security Update: Security update for python-oslo.middleware ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1062-1 Rating: moderate References: #1022043 Cross-References: CVE-2017-2592 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-oslo.middleware fixes the following issues: Security issue fixed: - CVE-2017-2592: Using the CatchError class may include sensitive values in the error message accompanying a Traceback, resulting in their disclosure (bsc#1022043). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-622=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-oslo.middleware-3.19.0-3.1 References: https://www.suse.com/security/cve/CVE-2017-2592.html https://bugzilla.suse.com/1022043 From sle-security-updates at lists.suse.com Wed Apr 19 13:10:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Apr 2017 21:10:40 +0200 (CEST) Subject: SUSE-SU-2017:1064-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20170419191040.61C7FFEB0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1064-1 Rating: important References: #1030467 #1030575 #1031440 #1031481 #1031660 Cross-References: CVE-2017-7294 CVE-2017-7308 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following security bugs were fixed: - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1030575, bsc#1031660). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481). - bsc#1030467: Updated Dirty COW fix. The former patch caused some apps to freeze in rare circumstances Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-621=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-10-2.1 kgraft-patch-3_12_59-60_41-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-7294.html https://www.suse.com/security/cve/CVE-2017-7308.html https://bugzilla.suse.com/1030467 https://bugzilla.suse.com/1030575 https://bugzilla.suse.com/1031440 https://bugzilla.suse.com/1031481 https://bugzilla.suse.com/1031660 From sle-security-updates at lists.suse.com Wed Apr 19 13:11:48 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 19 Apr 2017 21:11:48 +0200 (CEST) Subject: SUSE-SU-2017:1065-1: moderate: Security update for libsamplerate Message-ID: <20170419191148.77749FEB0@maintenance.suse.de> SUSE Security Update: Security update for libsamplerate ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1065-1 Rating: moderate References: #1033564 Cross-References: CVE-2017-7697 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libsamplerate fixes the following issues: - CVE-2017-7697: Fixed a buffer overflow in calc_output_single. (bsc#1033564) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libsamplerate-13068=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libsamplerate-13068=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libsamplerate-13068=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsamplerate-devel-0.1.4-3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsamplerate-0.1.4-3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsamplerate-32bit-0.1.4-3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsamplerate-x86-0.1.4-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsamplerate-debuginfo-0.1.4-3.1 libsamplerate-debugsource-0.1.4-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libsamplerate-debuginfo-32bit-0.1.4-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libsamplerate-debuginfo-x86-0.1.4-3.1 References: https://www.suse.com/security/cve/CVE-2017-7697.html https://bugzilla.suse.com/1033564 From sle-security-updates at lists.suse.com Thu Apr 20 04:08:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Apr 2017 12:08:56 +0200 (CEST) Subject: SUSE-SU-2017:1067-1: important: Security update for ruby2.1 Message-ID: <20170420100856.E8000FEB0@maintenance.suse.de> SUSE Security Update: Security update for ruby2.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1067-1 Rating: important References: #1014863 #1018808 #887877 #909695 #926974 #936032 #959495 #986630 Cross-References: CVE-2014-4975 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695) - Ruby:HTTP Header injection in 'net/http' (bsc#986630) ChangeLog: - http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-624=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-624=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-624=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-624=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-624=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-624=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-624=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-624=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-devel-2.1.9-15.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-devel-2.1.9-15.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libruby2_1-2_1-2.1.9-15.1 libruby2_1-2_1-debuginfo-2.1.9-15.1 ruby2.1-2.1.9-15.1 ruby2.1-debuginfo-2.1.9-15.1 ruby2.1-debugsource-2.1.9-15.1 ruby2.1-stdlib-2.1.9-15.1 ruby2.1-stdlib-debuginfo-2.1.9-15.1 References: https://www.suse.com/security/cve/CVE-2014-4975.html https://www.suse.com/security/cve/CVE-2015-1855.html https://www.suse.com/security/cve/CVE-2015-3900.html https://www.suse.com/security/cve/CVE-2015-7551.html https://www.suse.com/security/cve/CVE-2016-2339.html https://bugzilla.suse.com/1014863 https://bugzilla.suse.com/1018808 https://bugzilla.suse.com/887877 https://bugzilla.suse.com/909695 https://bugzilla.suse.com/926974 https://bugzilla.suse.com/936032 https://bugzilla.suse.com/959495 https://bugzilla.suse.com/986630 From sle-security-updates at lists.suse.com Thu Apr 20 13:08:53 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Apr 2017 21:08:53 +0200 (CEST) Subject: SUSE-SU-2017:1080-1: important: Security update for xen Message-ID: <20170420190853.EB3BDFEB0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1080-1 Rating: important References: #1022555 #1026636 #1027519 #1027570 #1028235 #1028655 #1029827 #1030144 #1030442 Cross-References: CVE-2016-9603 CVE-2017-2633 CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636). - CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655). These non-security issues were fixed: - bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add" - bsc#1029827: Forward port xenstored Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-626=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-626=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): xen-4.4.4_16-22.36.1 xen-debugsource-4.4.4_16-22.36.1 xen-doc-html-4.4.4_16-22.36.1 xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1 xen-kmp-default-debuginfo-4.4.4_16_k3.12.61_52.69-22.36.1 xen-libs-32bit-4.4.4_16-22.36.1 xen-libs-4.4.4_16-22.36.1 xen-libs-debuginfo-32bit-4.4.4_16-22.36.1 xen-libs-debuginfo-4.4.4_16-22.36.1 xen-tools-4.4.4_16-22.36.1 xen-tools-debuginfo-4.4.4_16-22.36.1 xen-tools-domU-4.4.4_16-22.36.1 xen-tools-domU-debuginfo-4.4.4_16-22.36.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_16-22.36.1 xen-debugsource-4.4.4_16-22.36.1 xen-doc-html-4.4.4_16-22.36.1 xen-kmp-default-4.4.4_16_k3.12.61_52.69-22.36.1 xen-kmp-default-debuginfo-4.4.4_16_k3.12.61_52.69-22.36.1 xen-libs-32bit-4.4.4_16-22.36.1 xen-libs-4.4.4_16-22.36.1 xen-libs-debuginfo-32bit-4.4.4_16-22.36.1 xen-libs-debuginfo-4.4.4_16-22.36.1 xen-tools-4.4.4_16-22.36.1 xen-tools-debuginfo-4.4.4_16-22.36.1 xen-tools-domU-4.4.4_16-22.36.1 xen-tools-domU-debuginfo-4.4.4_16-22.36.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-2633.html https://www.suse.com/security/cve/CVE-2017-6414.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7228.html https://bugzilla.suse.com/1022555 https://bugzilla.suse.com/1026636 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1027570 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1030442 From sle-security-updates at lists.suse.com Thu Apr 20 13:11:08 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 20 Apr 2017 21:11:08 +0200 (CEST) Subject: SUSE-SU-2017:1081-1: important: Security update for xen Message-ID: <20170420191108.7CB07FEB0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1081-1 Rating: important References: #1022555 #1026636 #1027519 #1027570 #1028235 #1028655 #1029827 #1030144 #1030442 Cross-References: CVE-2016-9603 CVE-2017-2633 CVE-2017-6414 CVE-2017-6505 CVE-2017-7228 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2016-9603: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655). - CVE-2017-6414: Memory leak in the vcard_apdu_new function in card_7816.c in libcacard allowed local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object (bsc#1027570). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). - CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026636). These non-security issues were fixed: - bsc#1022555: Timeout in "execution of /etc/xen/scripts/block add" - bsc#1029827: Forward port xenstored Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13069=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13069=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13069=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_16-54.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_16_3.0.101_97-54.1 xen-libs-4.4.4_16-54.1 xen-tools-domU-4.4.4_16-54.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_16-54.1 xen-doc-html-4.4.4_16-54.1 xen-libs-32bit-4.4.4_16-54.1 xen-tools-4.4.4_16-54.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_16_3.0.101_97-54.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_16-54.1 xen-debugsource-4.4.4_16-54.1 References: https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-2633.html https://www.suse.com/security/cve/CVE-2017-6414.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7228.html https://bugzilla.suse.com/1022555 https://bugzilla.suse.com/1026636 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1027570 https://bugzilla.suse.com/1028235 https://bugzilla.suse.com/1028655 https://bugzilla.suse.com/1029827 https://bugzilla.suse.com/1030144 https://bugzilla.suse.com/1030442 From sle-security-updates at lists.suse.com Fri Apr 21 13:08:48 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 21 Apr 2017 21:08:48 +0200 (CEST) Subject: SUSE-SU-2017:1092-1: moderate: Security update for minicom Message-ID: <20170421190848.CC7EFFEB0@maintenance.suse.de> SUSE Security Update: Security update for minicom ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1092-1 Rating: moderate References: #1033783 Cross-References: CVE-2017-7467 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for minicom fixes the following issue: This security issue was fixed: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-634=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-634=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-634=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-634=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-634=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): minicom-2.7-3.1 minicom-debuginfo-2.7-3.1 minicom-debugsource-2.7-3.1 References: https://www.suse.com/security/cve/CVE-2017-7467.html https://bugzilla.suse.com/1033783 From sle-security-updates at lists.suse.com Sat Apr 22 07:08:27 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 22 Apr 2017 15:08:27 +0200 (CEST) Subject: SUSE-SU-2017:1093-1: moderate: Security update for tigervnc Message-ID: <20170422130827.E42B0FEB0@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1093-1 Rating: moderate References: #1031875 #1031877 #1031879 #1031886 #1032880 Cross-References: CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tigervnc provides the several fixes. These security issues were fixed: - CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886) - CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877) - CVE-2017-7394: Client can crash or block VNC server (bsc#1031879) - CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875) - Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-636=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-636=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): tigervnc-1.4.3-24.1 tigervnc-debuginfo-1.4.3-24.1 tigervnc-debugsource-1.4.3-24.1 xorg-x11-Xvnc-1.4.3-24.1 xorg-x11-Xvnc-debuginfo-1.4.3-24.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): tigervnc-1.4.3-24.1 tigervnc-debuginfo-1.4.3-24.1 tigervnc-debugsource-1.4.3-24.1 xorg-x11-Xvnc-1.4.3-24.1 xorg-x11-Xvnc-debuginfo-1.4.3-24.1 References: https://www.suse.com/security/cve/CVE-2017-7392.html https://www.suse.com/security/cve/CVE-2017-7393.html https://www.suse.com/security/cve/CVE-2017-7394.html https://www.suse.com/security/cve/CVE-2017-7395.html https://www.suse.com/security/cve/CVE-2017-7396.html https://bugzilla.suse.com/1031875 https://bugzilla.suse.com/1031877 https://bugzilla.suse.com/1031879 https://bugzilla.suse.com/1031886 https://bugzilla.suse.com/1032880 From sle-security-updates at lists.suse.com Sat Apr 22 07:09:32 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 22 Apr 2017 15:09:32 +0200 (CEST) Subject: SUSE-SU-2017:1094-1: moderate: Security update for tigervnc Message-ID: <20170422130932.2E9B1FEB0@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1094-1 Rating: moderate References: #1024929 #1026833 #1031045 #1031875 #1031877 #1031879 #1031886 #1032272 #1032880 Cross-References: CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update for tigervnc provides the several fixes. These security issues were fixed: - CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886) - CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877) - CVE-2017-7394: Client can crash or block VNC server (bsc#1031879) - CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875) - Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880) These non-security issues were fixed: - Prevent client disconnection caused by invalid cursor manipulation. (bsc#1024929, bsc#1031045) - Readd index.vnc. (bsc#1026833) - Crop operations to visible screen. (bnc#1032272) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-635=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-635=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-635=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libXvnc1-1.6.0-18.11.1 libXvnc1-debuginfo-1.6.0-18.11.1 tigervnc-1.6.0-18.11.1 tigervnc-debuginfo-1.6.0-18.11.1 tigervnc-debugsource-1.6.0-18.11.1 xorg-x11-Xvnc-1.6.0-18.11.1 xorg-x11-Xvnc-debuginfo-1.6.0-18.11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libXvnc1-1.6.0-18.11.1 libXvnc1-debuginfo-1.6.0-18.11.1 tigervnc-1.6.0-18.11.1 tigervnc-debuginfo-1.6.0-18.11.1 tigervnc-debugsource-1.6.0-18.11.1 xorg-x11-Xvnc-1.6.0-18.11.1 xorg-x11-Xvnc-debuginfo-1.6.0-18.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libXvnc1-1.6.0-18.11.1 libXvnc1-debuginfo-1.6.0-18.11.1 tigervnc-1.6.0-18.11.1 tigervnc-debuginfo-1.6.0-18.11.1 tigervnc-debugsource-1.6.0-18.11.1 xorg-x11-Xvnc-1.6.0-18.11.1 xorg-x11-Xvnc-debuginfo-1.6.0-18.11.1 References: https://www.suse.com/security/cve/CVE-2017-7392.html https://www.suse.com/security/cve/CVE-2017-7393.html https://www.suse.com/security/cve/CVE-2017-7394.html https://www.suse.com/security/cve/CVE-2017-7395.html https://www.suse.com/security/cve/CVE-2017-7396.html https://bugzilla.suse.com/1024929 https://bugzilla.suse.com/1026833 https://bugzilla.suse.com/1031045 https://bugzilla.suse.com/1031875 https://bugzilla.suse.com/1031877 https://bugzilla.suse.com/1031879 https://bugzilla.suse.com/1031886 https://bugzilla.suse.com/1032272 https://bugzilla.suse.com/1032880 From sle-security-updates at lists.suse.com Mon Apr 24 07:08:33 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Apr 2017 15:08:33 +0200 (CEST) Subject: SUSE-SU-2017:1095-1: moderate: Security update for zziplib Message-ID: <20170424130833.78D48FEB0@maintenance.suse.de> SUSE Security Update: Security update for zziplib ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1095-1 Rating: moderate References: #1024517 #1024528 #1024531 #1024532 #1024533 #1024534 #1024535 #1024536 #1024537 #1024539 Cross-References: CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for zziplib fixes the following issues: Secuirty issues fixed: - CVE-2017-5974: heap-based buffer overflow in __zzip_get32 (fetch.c) (bsc#1024517) - CVE-2017-5975: heap-based buffer overflow in __zzip_get64 (fetch.c) (bsc#1024528) - CVE-2017-5976: heap-based buffer overflow in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024531) - CVE-2017-5977: invalid memory read in zzip_mem_entry_extra_block (memdisk.c) (bsc#1024534) - CVE-2017-5978: out of bounds read in zzip_mem_entry_new (memdisk.c) (bsc#1024533) - CVE-2017-5979: NULL pointer dereference in prescan_entry (fseeko.c) (bsc#1024535) - CVE-2017-5980: NULL pointer dereference in zzip_mem_entry_new (memdisk.c) (bsc#1024536) - CVE-2017-5981: assertion failure in seeko.c (bsc#1024539) - NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532) - NULL pointer dereference in main (unzzipcat.c) (bsc#1024537) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-638=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-638=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-638=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-638=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-638=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-638=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 zziplib-devel-0.13.62-9.1 zziplib-devel-debuginfo-0.13.62-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 zziplib-devel-0.13.62-9.1 zziplib-devel-debuginfo-0.13.62-9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libzzip-0-13-0.13.62-9.1 libzzip-0-13-debuginfo-0.13.62-9.1 zziplib-debugsource-0.13.62-9.1 References: https://www.suse.com/security/cve/CVE-2017-5974.html https://www.suse.com/security/cve/CVE-2017-5975.html https://www.suse.com/security/cve/CVE-2017-5976.html https://www.suse.com/security/cve/CVE-2017-5977.html https://www.suse.com/security/cve/CVE-2017-5978.html https://www.suse.com/security/cve/CVE-2017-5979.html https://www.suse.com/security/cve/CVE-2017-5980.html https://www.suse.com/security/cve/CVE-2017-5981.html https://bugzilla.suse.com/1024517 https://bugzilla.suse.com/1024528 https://bugzilla.suse.com/1024531 https://bugzilla.suse.com/1024532 https://bugzilla.suse.com/1024533 https://bugzilla.suse.com/1024534 https://bugzilla.suse.com/1024535 https://bugzilla.suse.com/1024536 https://bugzilla.suse.com/1024537 https://bugzilla.suse.com/1024539 From sle-security-updates at lists.suse.com Mon Apr 24 10:09:47 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 24 Apr 2017 18:09:47 +0200 (CEST) Subject: SUSE-SU-2017:1096-1: moderate: Security update for dpkg Message-ID: <20170424160947.2A364FEB0@maintenance.suse.de> SUSE Security Update: Security update for dpkg ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1096-1 Rating: moderate References: #957160 Cross-References: CVE-2015-0860 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dpkg fixes the following issues: This security issue was fixed: - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggered a stack-based buffer overflow (bsc#957160). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-639=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-639=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): update-alternatives-1.16.10-12.6.1 update-alternatives-debuginfo-1.16.10-12.6.1 update-alternatives-debugsource-1.16.10-12.6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): update-alternatives-1.16.10-12.6.1 update-alternatives-debuginfo-1.16.10-12.6.1 update-alternatives-debugsource-1.16.10-12.6.1 References: https://www.suse.com/security/cve/CVE-2015-0860.html https://bugzilla.suse.com/957160 From sle-security-updates at lists.suse.com Tue Apr 25 13:08:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 25 Apr 2017 21:08:54 +0200 (CEST) Subject: SUSE-SU-2017:1102-1: important: Security update for the Linux Kernel Message-ID: <20170425190854.D5866FEB4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1102-1 Rating: important References: #1003077 #1003344 #1003568 #1003677 #1003813 #1003866 #1003925 #1004517 #1004520 #1005857 #1005877 #1005896 #1005903 #1006917 #1006919 #1007615 #1007944 #1008557 #1008645 #1008831 #1008833 #1008893 #1009875 #1010150 #1010175 #1010201 #1010467 #1010501 #1010507 #1010711 #1010716 #1011685 #1011820 #1012411 #1012422 #1012832 #1012851 #1012917 #1013018 #1013038 #1013042 #1013070 #1013531 #1013533 #1013542 #1013604 #1014410 #1014454 #1014746 #1015561 #1015752 #1015760 #1015796 #1015803 #1015817 #1015828 #1015844 #1015848 #1015878 #1015932 #1016320 #1016505 #1016520 #1016668 #1016688 #1016824 #1016831 #1017686 #1017710 #1019148 #1019165 #1019348 #1019783 #1020214 #1021258 #748806 #763198 #771065 #786036 #790588 #795297 #799133 #800999 #803320 #821612 #824171 #851603 #853052 #860441 #863873 #865783 #871728 #901809 #907611 #908458 #908684 #909077 #909350 #909484 #909491 #909618 #913387 #914939 #919382 #922634 #924708 #925065 #928138 #929141 #953233 #956514 #960689 #961589 #962846 #963655 #967716 #968010 #969340 #973203 #973691 #979681 #984194 #986337 #987333 #987576 #989152 #989680 #989764 #989896 #990245 #992566 #992991 #993739 #993832 #995968 #996541 #996557 #997401 #998689 #999101 #999907 Cross-References: CVE-2004-0230 CVE-2012-6704 CVE-2013-6368 CVE-2015-1350 CVE-2015-8956 CVE-2015-8962 CVE-2015-8964 CVE-2016-10088 CVE-2016-3841 CVE-2016-5696 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9576 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2017-5551 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 114 fixes is now available. Description: The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097 (bnc#1021258). - CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions (bsc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: Denial of service in notify_change for filesystem xattrs (bsc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9576: splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE (bsc#1013604) - CVE-2016-9794: ALSA: pcm : Call kill_fasync() in stream lock (bsc#1013533) - CVE-2016-3841: KABI workaround for ipv6: add complete rcu protection around np->opt (bsc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Revert "proc: prevent accessing /proc//environ until it's ready (bsc#1010467)" - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: KEYS: Fix short sprintf buffer in /proc/keys show function (bsc#1004517). - CVE-2015-8956: Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (bsc#1003925). - CVE-2016-7117: net: Fix use after free in the recvmmsg exit path (bsc#1003077). The following non-security bugs were fixed: - blacklist.conf: 45f13df be2net: Enable Wake-On-LAN from shutdown for Skyhawk - blacklist.conf: c9cc599 net/mlx4_core: Fix QUERY FUNC CAP flags - 8250_pci: Fix potential use-after-free in error path (bsc#1013070). - IB/mlx4: Fix error flow when sending mads under SRIOV (bsc#786036). - IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036). - IB/mlx4: Fix memory leak if QP creation failed (bsc#786036). - IB/mlx4: Fix potential deadlock when sending mad to wire (bsc#786036). - IB/mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036). - IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036). - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875). - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - be2net: Do not leak iomapped memory on removal (bug#925065). - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - bnx2x: fix lockdep splat (bsc#908684). - cifs: revert fs/cifs: fix wrongly prefixed path to root (bsc#963655) - config.conf: add bigmem flavour on ppc64 - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866). - cpumask_set_cpu_local_first => cpumask_local_spread, lament (bug#919382). - crypto: add ghash-generic in the supported.conf(bsc#1016824) - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106 (bsc#913387, #bsc1016831). - dm space map metadata: fix sm_bootstrap_get_nr_blocks() - dm thin: fix race condition when destroying thin pool workqueue - dm: do not call dm_sync_table() when creating new devices (bnc#901809, bsc#1008893). - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348) - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668). - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018). - ext4: fix reference counting bug on block allocation error (bsc#1013018). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: make share unaccessible at root level mountable (bsc#799133). - futex: Acknowledge a new waiter in counter before plist (bsc#851603). - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603). - hpilo: Add support for iLO5 (bsc#999101). - hv: do not lose pending heartbeat vmbus packets (bnc#1006919). - hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#986337). - hv: vmbus: avoid wait_for_completion() on crash (bnc#986337). - hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337). - hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts (bnc#986337). - hv: vmbus: handle various crash scenarios (bnc#986337). - hv: vmbus: remove code duplication in message handling (bnc#986337). - hv: vss: run only on supported host versions (bnc#986337). - i40e: fix an uninitialized variable bug (bsc#909484). - ibmveth: calculate gso_segs for large packets (bsc#1019165, bsc#1019148). - ibmveth: set correct gso_size and gso_type (bsc#1019165, bsc#1019148). - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491). - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector (bsc#795297). - igb: Fix oops caused by missing queue pairing (bsc#909491). - igb: Fix oops on changing number of rings (bsc#909491). - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs() (bsc#909491). - igb: Unpair the queues when changing the number of queues (bsc#909491). - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too (bsc#865783). - kabi-fix for flock_owner addition (bsc#998689). - kexec: add a kexec_crash_loaded() function (bsc#973691). - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680). - kvm: Distangle eventfd code from irqchip (bsc#989680). - kvm: Iterate over only vcpus that are preempted (bsc#989680). - kvm: Record the preemption status of vcpus using preempt notifiers (bsc#989680). - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680). - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680). - kvm: make processes waiting on vcpu mutex killable (bsc#989680). - kvm: nVMX: Add preemption timer support (bsc#989680). - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680). - kvm: use symbolic constant for nr interrupts (bsc#989680). - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680). - kvm: x86: Run PIT work in own kthread (bsc#989680). - kvm: x86: limit difference between kvmclock updates (bsc#989680). - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689). - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866). - libata: introduce ata_host->n_tags to avoid oops on SAS controllers (bsc#871728). - libata: remove n_tags to avoid kABI breakage (bsc#871728). - libata: support the ata host which implements a queue depth less than 32 (bsc#871728) - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response (bsc#962846). - libfc: Fixup disc_mutex handling (bsc#962846). - libfc: Issue PRLI after a PRLO has been received (bsc#962846). - libfc: Revisit kref handling (bnc#990245). - libfc: Update rport reference counting (bsc#953233). - libfc: do not send ABTS when resetting exchanges (bsc#962846). - libfc: fixup locking of ptp_setup() (bsc#962846). - libfc: reset exchange manager during LOGO handling (bsc#962846). - libfc: send LOGO for PLOGI failure (bsc#962846). - locking/mutex: Explicitly mark task as running after wakeup (bsc#1012411). - md/raid10: Fix memory leak when raid10 reshape completes - md/raid10: always set reshape_safe when initializing reshape_position - md: Drop sending a change uevent when stopping (bsc#1003568). - md: check command validity early in md_ioctl() (bsc#1004520). - md: fix problem when adding device to read-only array with bitmap (bnc#771065). - memstick: mspro_block: add missing curly braces (bsc#1016688). - mlx4: add missing braces in verify_qp_parameters (bsc#786036). - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations (bnc#763198). - mm/memory.c: actually remap enough memory (bnc#1005903). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (bnc#961589). - mm: fix crashes from mbind() merging vmas (bnc#1005877). - mm: fix sleeping function warning from __put_anon_vma (bnc#1005857). - dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194). - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (bsc#1008645). - mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337). - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036). - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382). - net/mlx4_core: Avoid returning success in case of an error flow (bsc#786036). - net/mlx4_core: Do not BUG_ON during reset when PCI is offline (bsc#924708). - net/mlx4_core: Do not access comm channel if it has not yet been initialized (bsc#924708 bsc#786036). - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards (bug#919382). - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec (bsc#786036). - net/mlx4_core: Implement pci_resume callback (bsc#924708). - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT (bug#919382). - net/mlx4_en: Choose time-stamping shift value according to HW frequency (bsc#919382). - net/mlx4_en: Fix HW timestamp init issue upon system startup (bsc#919382). - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036). - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036). - net/mlx4_en: Remove dependency between timestamping capability and service_task (bsc#919382). - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382). - netfilter: ipv4: defrag: set local_df flag on defragmented skb (bsc#907611). - netfront: do not truncate grant references. - netvsc: fix incorrect receive checksum offloading (bnc#1006917). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514). - nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873). - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nfsv4: Handle timeouts correctly when probing for lease validity (bsc#1014410). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - nvme: Automatic namespace rescan (bsc#1017686). - nvme: Metadata format support (bsc#1017686). - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783). - oom: print nodemask in the oom report (bnc#1003866). - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441). - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock for task clock sample (bnc#997401). - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (bnc#997401). - powerpc/64: Fix incorrect return value from __copy_tofrom_user (bsc#1005896). - powerpc/MSI: Fix race condition in tearing down MSI interrupts (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc/mm: Add 64TB support (bsc#928138,fate#319026). - powerpc/mm: Change the swap encoding in pte (bsc#973203). - powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026). - powerpc/mm: Fix hash computation function (bsc#928138,fate#319026). - powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026). - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE (bsc#928138,fate#319026). - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit (bsc#928138,fate#319026). - powerpc/mm: Replace open coded CONTEXT_BITS value (bsc#928138,fate#319026). - powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026). - powerpc/mm: Update VSID allocation documentation (bsc#928138,fate#319026). - powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026). - powerpc/mm: Use hpt_va to compute virtual address (bsc#928138,fate#319026). - powerpc/mm: Use the required number of VSID bits in slbmte (bsc#928138,fate#319026). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Move kdump default base address to half RMO size on 64bit (bsc#1003344). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - powerpc: Update kernel VSID range (bsc#928138,fate#319026). - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only: 6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC' obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in /sys/devices/system/cpu - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - powerpc: scan_features() updates incorrect bits for REAL_LE (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes). - printk/sched: Introduce special printk_sched() for those awkward (bsc#1013042, bsc#996541, bsc#1015878). - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851). - qlcnic: fix a loop exit condition better (bsc#909350). - qlcnic: fix a timeout loop (bsc#909350) - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() (bnc#800999). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm/package-descriptions: add -bigmem description - rt2x00: fix rfkill regression on rt2500pci (bnc#748806). - s390/cio: fix accidental interrupt enabling during resume (bnc#1003677, LTC#147606). - s390/time: LPAR offset handling (bnc#1003677, LTC#146920). - s390/time: move PTFF definitions (bnc#1003677, LTC#146920). - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557). - scsi: lpfc: avoid double free of resource identifiers (bsc#989896). - scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374). - scsi_error: count medium access timeout only once per EH run (bsc#993832). - scsi_error: fixup crash in scsi_eh_reset (bsc#993832) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013070). - sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618). - softirq: sirq threads raising another sirq delegate to the proper thread Otherwise, high priority timer threads expend cycles precessing other sirqs, potentially increasing wakeup latencies as thes process sirqs at a priority other than the priority specified by the user. - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race (bnc#803320). - sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache (bsc#1012917). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#908458). - tg3: Fix temperature reporting (bnc#790588). - tty: Signal SIGHUP before hanging up ldisc (bnc#989764). - usb: console: fix potential use after free (bsc#1015817). - usb: console: fix uninitialised ldisc semaphore (bsc#1015817). - usb: cp210x: Corrected USB request type definitions (bsc#1015932). - usb: cp210x: relocate private data from USB interface to port (bsc#1015932). - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932). - usb: ftdi_sio: fix null deref at port probe (bsc#1015796). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - usb: hub: Fix unbalanced reference count/memory leak/deadlocks (bsc#968010). - usb: ipaq.c: fix a timeout loop (bsc#1015848). - usb: opticon: fix non-atomic allocation in write path (bsc#1015803). - usb: option: fix runtime PM handling (bsc#1015752). - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932). - usb: serial: cp210x: add 8-bit and 32-bit register access functions (bsc#1015932). - usb: serial: cp210x: add new access functions for large registers (bsc#1015932). - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932). - usb: serial: fix potential use-after-free after failed probe (bsc#1015828). - usb: serial: io_edgeport: fix memory leaks in attach error path (bsc#1016505). - usb: serial: io_edgeport: fix memory leaks in probe error path (bsc#1016505). - usb: serial: keyspan: fix use-after-free in probe error path (bsc#1016520). - usb: sierra: fix AA deadlock in open error path (bsc#1015561). - usb: sierra: fix remote wakeup (bsc#1015561). - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561). - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561). - usb: sierra: fix use after free at suspend/resume (bsc#1015561). - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760). - usb: usb_wwan: fix race between write and resume (bsc#1015760). - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760). - usb: usb_wwan: fix urb leak in write error path (bsc#1015760). - usb: usb_wwan: fix write and suspend race (bsc#1015760). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844). - vmxnet3: Wake queue from reset work (bsc#999907). - x86, amd_nb: Clarify F15h, model 30h GART and L3 support - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141). - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs (bsc#909077). - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors - x86/gart: Check for GART support before accessing GART registers - xenbus: do not invoke ->is_ready() for most device states (bsc#987333). - zcrypt: Fix hang condition on crypto card config-off (bsc#1016320). - zcrypt: Fix invalid domain response handling (bsc#1016320). - zfcp: Fix erratic device offline during EH (bsc#993832). - zfcp: close window with unblocked rport during rport gone (bnc#1003677). - zfcp: fix D_ID field with actual value on tracing SAN responses (bnc#1003677). - zfcp: fix ELS/GS request&response length for hardware data router (bnc#1003677). - zfcp: fix payload trace length for SAN request&response (bnc#1003677). - zfcp: restore tracing of handle for port and LUN with HBA records (bnc#1003677). - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace (bnc#1003677). - zfcp: retain trace level for SCSI and HBA FSF response records (bnc#1003677). - zfcp: trace full payload of all SAN records (req,resp,iels) (bnc#1003677). - zfcp: trace on request for open and close of WKA port (bnc#1003677). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-13074=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13074=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-68.1 kernel-rt-base-3.0.101.rt130-68.1 kernel-rt-devel-3.0.101.rt130-68.1 kernel-rt_trace-3.0.101.rt130-68.1 kernel-rt_trace-base-3.0.101.rt130-68.1 kernel-rt_trace-devel-3.0.101.rt130-68.1 kernel-source-rt-3.0.101.rt130-68.1 kernel-syms-rt-3.0.101.rt130-68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-68.1 kernel-rt-debugsource-3.0.101.rt130-68.1 kernel-rt_debug-debuginfo-3.0.101.rt130-68.1 kernel-rt_debug-debugsource-3.0.101.rt130-68.1 kernel-rt_trace-debuginfo-3.0.101.rt130-68.1 kernel-rt_trace-debugsource-3.0.101.rt130-68.1 References: https://www.suse.com/security/cve/CVE-2004-0230.html https://www.suse.com/security/cve/CVE-2012-6704.html https://www.suse.com/security/cve/CVE-2013-6368.html https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2015-8956.html https://www.suse.com/security/cve/CVE-2015-8962.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-3841.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7097.html https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-7910.html https://www.suse.com/security/cve/CVE-2016-7911.html https://www.suse.com/security/cve/CVE-2016-7916.html https://www.suse.com/security/cve/CVE-2016-8399.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-8633.html https://www.suse.com/security/cve/CVE-2016-8646.html https://www.suse.com/security/cve/CVE-2016-9555.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9685.html https://www.suse.com/security/cve/CVE-2016-9756.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2017-5551.html https://bugzilla.suse.com/1003077 https://bugzilla.suse.com/1003344 https://bugzilla.suse.com/1003568 https://bugzilla.suse.com/1003677 https://bugzilla.suse.com/1003813 https://bugzilla.suse.com/1003866 https://bugzilla.suse.com/1003925 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1004520 https://bugzilla.suse.com/1005857 https://bugzilla.suse.com/1005877 https://bugzilla.suse.com/1005896 https://bugzilla.suse.com/1005903 https://bugzilla.suse.com/1006917 https://bugzilla.suse.com/1006919 https://bugzilla.suse.com/1007615 https://bugzilla.suse.com/1007944 https://bugzilla.suse.com/1008557 https://bugzilla.suse.com/1008645 https://bugzilla.suse.com/1008831 https://bugzilla.suse.com/1008833 https://bugzilla.suse.com/1008893 https://bugzilla.suse.com/1009875 https://bugzilla.suse.com/1010150 https://bugzilla.suse.com/1010175 https://bugzilla.suse.com/1010201 https://bugzilla.suse.com/1010467 https://bugzilla.suse.com/1010501 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010711 https://bugzilla.suse.com/1010716 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1011820 https://bugzilla.suse.com/1012411 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012832 https://bugzilla.suse.com/1012851 https://bugzilla.suse.com/1012917 https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1013038 https://bugzilla.suse.com/1013042 https://bugzilla.suse.com/1013070 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013533 https://bugzilla.suse.com/1013542 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014410 https://bugzilla.suse.com/1014454 https://bugzilla.suse.com/1014746 https://bugzilla.suse.com/1015561 https://bugzilla.suse.com/1015752 https://bugzilla.suse.com/1015760 https://bugzilla.suse.com/1015796 https://bugzilla.suse.com/1015803 https://bugzilla.suse.com/1015817 https://bugzilla.suse.com/1015828 https://bugzilla.suse.com/1015844 https://bugzilla.suse.com/1015848 https://bugzilla.suse.com/1015878 https://bugzilla.suse.com/1015932 https://bugzilla.suse.com/1016320 https://bugzilla.suse.com/1016505 https://bugzilla.suse.com/1016520 https://bugzilla.suse.com/1016668 https://bugzilla.suse.com/1016688 https://bugzilla.suse.com/1016824 https://bugzilla.suse.com/1016831 https://bugzilla.suse.com/1017686 https://bugzilla.suse.com/1017710 https://bugzilla.suse.com/1019148 https://bugzilla.suse.com/1019165 https://bugzilla.suse.com/1019348 https://bugzilla.suse.com/1019783 https://bugzilla.suse.com/1020214 https://bugzilla.suse.com/1021258 https://bugzilla.suse.com/748806 https://bugzilla.suse.com/763198 https://bugzilla.suse.com/771065 https://bugzilla.suse.com/786036 https://bugzilla.suse.com/790588 https://bugzilla.suse.com/795297 https://bugzilla.suse.com/799133 https://bugzilla.suse.com/800999 https://bugzilla.suse.com/803320 https://bugzilla.suse.com/821612 https://bugzilla.suse.com/824171 https://bugzilla.suse.com/851603 https://bugzilla.suse.com/853052 https://bugzilla.suse.com/860441 https://bugzilla.suse.com/863873 https://bugzilla.suse.com/865783 https://bugzilla.suse.com/871728 https://bugzilla.suse.com/901809 https://bugzilla.suse.com/907611 https://bugzilla.suse.com/908458 https://bugzilla.suse.com/908684 https://bugzilla.suse.com/909077 https://bugzilla.suse.com/909350 https://bugzilla.suse.com/909484 https://bugzilla.suse.com/909491 https://bugzilla.suse.com/909618 https://bugzilla.suse.com/913387 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/919382 https://bugzilla.suse.com/922634 https://bugzilla.suse.com/924708 https://bugzilla.suse.com/925065 https://bugzilla.suse.com/928138 https://bugzilla.suse.com/929141 https://bugzilla.suse.com/953233 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/960689 https://bugzilla.suse.com/961589 https://bugzilla.suse.com/962846 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/967716 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/969340 https://bugzilla.suse.com/973203 https://bugzilla.suse.com/973691 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/984194 https://bugzilla.suse.com/986337 https://bugzilla.suse.com/987333 https://bugzilla.suse.com/987576 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989680 https://bugzilla.suse.com/989764 https://bugzilla.suse.com/989896 https://bugzilla.suse.com/990245 https://bugzilla.suse.com/992566 https://bugzilla.suse.com/992991 https://bugzilla.suse.com/993739 https://bugzilla.suse.com/993832 https://bugzilla.suse.com/995968 https://bugzilla.suse.com/996541 https://bugzilla.suse.com/996557 https://bugzilla.suse.com/997401 https://bugzilla.suse.com/998689 https://bugzilla.suse.com/999101 https://bugzilla.suse.com/999907 From sle-security-updates at lists.suse.com Wed Apr 26 13:08:36 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 26 Apr 2017 21:08:36 +0200 (CEST) Subject: SUSE-SU-2017:1110-1: moderate: Security update for tcpdump, libpcap Message-ID: <20170426190836.C1B5BFEB4@maintenance.suse.de> SUSE Security Update: Security update for tcpdump, libpcap ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1110-1 Rating: moderate References: #1020940 #1035686 #905870 #905871 #905872 #922220 #922221 #922222 #922223 #927637 Cross-References: CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2015-3138 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 49 vulnerabilities is now available. Description: This update for tcpdump to version 4.9.0 and libpcap to version 1.8.1 fixes the several issues. These security issues were fixed in tcpdump: - CVE-2016-7922: The AH parser in tcpdump had a buffer overflow in print-ah.c:ah_print() (bsc#1020940). - CVE-2016-7923: The ARP parser in tcpdump had a buffer overflow in print-arp.c:arp_print() (bsc#1020940). - CVE-2016-7924: The ATM parser in tcpdump had a buffer overflow in print-atm.c:oam_print() (bsc#1020940). - CVE-2016-7925: The compressed SLIP parser in tcpdump had a buffer overflow in print-sl.c:sl_if_print() (bsc#1020940). - CVE-2016-7926: The Ethernet parser in tcpdump had a buffer overflow in print-ether.c:ethertype_print() (bsc#1020940). - CVE-2016-7927: The IEEE 802.11 parser in tcpdump had a buffer overflow in print-802_11.c:ieee802_11_radio_print() (bsc#1020940). - CVE-2016-7928: The IPComp parser in tcpdump had a buffer overflow in print-ipcomp.c:ipcomp_print() (bsc#1020940). - CVE-2016-7929: The Juniper PPPoE ATM parser in tcpdump had a buffer overflow in print-juniper.c:juniper_parse_header() (bsc#1020940). - CVE-2016-7930: The LLC/SNAP parser in tcpdump had a buffer overflow in print-llc.c:llc_print() (bsc#1020940). - CVE-2016-7931: The MPLS parser in tcpdump had a buffer overflow in print-mpls.c:mpls_print() (bsc#1020940). - CVE-2016-7932: The PIM parser in tcpdump had a buffer overflow in print-pim.c:pimv2_check_checksum() (bsc#1020940). - CVE-2016-7933: The PPP parser in tcpdump had a buffer overflow in print-ppp.c:ppp_hdlc_if_print() (bsc#1020940). - CVE-2016-7934: The RTCP parser in tcpdump had a buffer overflow in print-udp.c:rtcp_print() (bsc#1020940). - CVE-2016-7935: The RTP parser in tcpdump had a buffer overflow in print-udp.c:rtp_print() (bsc#1020940). - CVE-2016-7936: The UDP parser in tcpdump had a buffer overflow in print-udp.c:udp_print() (bsc#1020940). - CVE-2016-7937: The VAT parser in tcpdump had a buffer overflow in print-udp.c:vat_print() (bsc#1020940). - CVE-2016-7938: The ZeroMQ parser in tcpdump had an integer overflow in print-zeromq.c:zmtp1_print_frame() (bsc#1020940). - CVE-2016-7939: The GRE parser in tcpdump had a buffer overflow in print-gre.c, multiple functions (bsc#1020940). - CVE-2016-7940: The STP parser in tcpdump had a buffer overflow in print-stp.c, multiple functions (bsc#1020940). - CVE-2016-7973: The AppleTalk parser in tcpdump had a buffer overflow in print-atalk.c, multiple functions (bsc#1020940). - CVE-2016-7974: The IP parser in tcpdump had a buffer overflow in print-ip.c, multiple functions (bsc#1020940). - CVE-2016-7975: The TCP parser in tcpdump had a buffer overflow in print-tcp.c:tcp_print() (bsc#1020940). - CVE-2016-7983: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2016-7984: The TFTP parser in tcpdump had a buffer overflow in print-tftp.c:tftp_print() (bsc#1020940). - CVE-2016-7985: The CALM FAST parser in tcpdump had a buffer overflow in print-calm-fast.c:calm_fast_print() (bsc#1020940). - CVE-2016-7986: The GeoNetworking parser in tcpdump had a buffer overflow in print-geonet.c, multiple functions (bsc#1020940). - CVE-2016-7992: The Classical IP over ATM parser in tcpdump had a buffer overflow in print-cip.c:cip_if_print() (bsc#1020940). - CVE-2016-7993: A bug in util-print.c:relts_print() in tcpdump could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM) (bsc#1020940). - CVE-2016-8574: The FRF.15 parser in tcpdump had a buffer overflow in print-fr.c:frf15_print() (bsc#1020940). - CVE-2016-8575: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482 (bsc#1020940). - CVE-2017-5202: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2017-5203: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2017-5204: The IPv6 parser in tcpdump had a buffer overflow in print-ip6.c:ip6_print() (bsc#1020940). - CVE-2017-5205: The ISAKMP parser in tcpdump had a buffer overflow in print-isakmp.c:ikev2_e_print() (bsc#1020940). - CVE-2017-5341: The OTV parser in tcpdump had a buffer overflow in print-otv.c:otv_print() (bsc#1020940). - CVE-2017-5342: In tcpdump a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print() (bsc#1020940). - CVE-2017-5482: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575 (bsc#1020940). - CVE-2017-5483: The SNMP parser in tcpdump had a buffer overflow in print-snmp.c:asn1_parse() (bsc#1020940). - CVE-2017-5484: The ATM parser in tcpdump had a buffer overflow in print-atm.c:sig_print() (bsc#1020940). - CVE-2017-5485: The ISO CLNS parser in tcpdump had a buffer overflow in addrtoname.c:lookup_nsap() (bsc#1020940). - CVE-2017-5486: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2015-3138: Fixed potential denial of service in print-wb.c (bsc#927637). - CVE-2015-0261: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value (bsc#922220). - CVE-2015-2153: The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU) (bsc#922221). - CVE-2015-2154: The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value (bsc#922222). - CVE-2015-2155: The force printer in tcpdump allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors (bsc#922223). - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bsc#905870). - CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump when run in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bsc#905871). - CVE-2014-8769: tcpdump might have allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bsc#905872). These non-security issues were fixed in tcpdump: - PPKI to Router Protocol: Fix Segmentation Faults and other problems - RPKI to Router Protocol: print strings with fn_printn() - Added a short option '#', same as long option '--number' - nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes - M3UA decode added. - Added bittok2str(). - A number of unaligned access faults fixed - The -A flag does not consider CR to be printable anymore - fx.lebail took over coverity baby sitting - Default snapshot size increased to 256K for accomodate USB captures These non-security issues were fixed in libpcap: - Provide a -devel-static subpackage that contains the static libraries and all the extra dependencies which are not needed for dynamic linking. - Fix handling of packet count in the TPACKET_V3 inner loop - Filter out duplicate looped back CAN frames. - Fix the handling of loopback filters for IPv6 packets. - Add a link-layer header type for RDS (IEC 62106) groups. - Handle all CAN captures with pcap-linux.c, in cooked mode. - Removes the need for the "host-endian" link-layer header type. - Have separate DLTs for big-endian and host-endian SocketCAN headers. - Properly check for sock_recv() errors. - Re-impose some of Winsock's limitations on sock_recv(). - Replace sprintf() with pcap_snprintf(). - Fix signature of pcap_stats_ex_remote(). - Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag. - Clean up {DAG, Septel, Myricom SNF}-only builds. - pcap_create_interface() needs the interface name on Linux. - Clean up hardware time stamp support: the "any" device does not support any time stamp types. - Recognize 802.1ad nested VLAN tag in vlan filter. - Support for filtering Geneve encapsulated packets. - Fix handling of zones for BPF on Solaris - Added bpf_filter1() with extensions - EBUSY can now be returned by SNFv3 code. - Don't crash on filters testing a non-existent link-layer type field. - Fix sending in non-blocking mode on Linux with memory-mapped capture. - Fix timestamps when reading pcap-ng files on big-endian machines. - Fixes for byte order issues with NFLOG captures - Handle using cooked mode for DLT_NETLINK in activate_new(). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-644=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-644=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-644=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-644=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-644=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-644=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-644=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-644=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-644=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-32bit-1.8.1-9.1 libpcap1-debuginfo-32bit-1.8.1-9.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libpcap1-32bit-1.8.1-9.1 libpcap1-debuginfo-32bit-1.8.1-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpcap-debugsource-1.8.1-9.1 libpcap-devel-1.8.1-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpcap-debugsource-1.8.1-9.1 libpcap-devel-1.8.1-9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-32bit-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 libpcap1-debuginfo-32bit-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpcap-debugsource-1.8.1-9.1 libpcap1-1.8.1-9.1 libpcap1-32bit-1.8.1-9.1 libpcap1-debuginfo-1.8.1-9.1 libpcap1-debuginfo-32bit-1.8.1-9.1 tcpdump-4.9.0-13.1 tcpdump-debuginfo-4.9.0-13.1 tcpdump-debugsource-4.9.0-13.1 References: https://www.suse.com/security/cve/CVE-2014-8767.html https://www.suse.com/security/cve/CVE-2014-8768.html https://www.suse.com/security/cve/CVE-2014-8769.html https://www.suse.com/security/cve/CVE-2015-0261.html https://www.suse.com/security/cve/CVE-2015-2153.html https://www.suse.com/security/cve/CVE-2015-2154.html https://www.suse.com/security/cve/CVE-2015-2155.html https://www.suse.com/security/cve/CVE-2015-3138.html https://www.suse.com/security/cve/CVE-2016-7922.html https://www.suse.com/security/cve/CVE-2016-7923.html https://www.suse.com/security/cve/CVE-2016-7924.html https://www.suse.com/security/cve/CVE-2016-7925.html https://www.suse.com/security/cve/CVE-2016-7926.html https://www.suse.com/security/cve/CVE-2016-7927.html https://www.suse.com/security/cve/CVE-2016-7928.html https://www.suse.com/security/cve/CVE-2016-7929.html https://www.suse.com/security/cve/CVE-2016-7930.html https://www.suse.com/security/cve/CVE-2016-7931.html https://www.suse.com/security/cve/CVE-2016-7932.html https://www.suse.com/security/cve/CVE-2016-7933.html https://www.suse.com/security/cve/CVE-2016-7934.html https://www.suse.com/security/cve/CVE-2016-7935.html https://www.suse.com/security/cve/CVE-2016-7936.html https://www.suse.com/security/cve/CVE-2016-7937.html https://www.suse.com/security/cve/CVE-2016-7938.html https://www.suse.com/security/cve/CVE-2016-7939.html https://www.suse.com/security/cve/CVE-2016-7940.html https://www.suse.com/security/cve/CVE-2016-7973.html https://www.suse.com/security/cve/CVE-2016-7974.html https://www.suse.com/security/cve/CVE-2016-7975.html https://www.suse.com/security/cve/CVE-2016-7983.html https://www.suse.com/security/cve/CVE-2016-7984.html https://www.suse.com/security/cve/CVE-2016-7985.html https://www.suse.com/security/cve/CVE-2016-7986.html https://www.suse.com/security/cve/CVE-2016-7992.html https://www.suse.com/security/cve/CVE-2016-7993.html https://www.suse.com/security/cve/CVE-2016-8574.html https://www.suse.com/security/cve/CVE-2016-8575.html https://www.suse.com/security/cve/CVE-2017-5202.html https://www.suse.com/security/cve/CVE-2017-5203.html https://www.suse.com/security/cve/CVE-2017-5204.html https://www.suse.com/security/cve/CVE-2017-5205.html https://www.suse.com/security/cve/CVE-2017-5341.html https://www.suse.com/security/cve/CVE-2017-5342.html https://www.suse.com/security/cve/CVE-2017-5482.html https://www.suse.com/security/cve/CVE-2017-5483.html https://www.suse.com/security/cve/CVE-2017-5484.html https://www.suse.com/security/cve/CVE-2017-5485.html https://www.suse.com/security/cve/CVE-2017-5486.html https://bugzilla.suse.com/1020940 https://bugzilla.suse.com/1035686 https://bugzilla.suse.com/905870 https://bugzilla.suse.com/905871 https://bugzilla.suse.com/905872 https://bugzilla.suse.com/922220 https://bugzilla.suse.com/922221 https://bugzilla.suse.com/922222 https://bugzilla.suse.com/922223 https://bugzilla.suse.com/927637 From sle-security-updates at lists.suse.com Wed Apr 26 13:12:50 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 26 Apr 2017 21:12:50 +0200 (CEST) Subject: SUSE-SU-2017:1117-1: moderate: Security update for curl Message-ID: <20170426191250.09D43FEAE@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1117-1 Rating: moderate References: #1015332 #1032309 Cross-References: CVE-2016-9586 CVE-2017-7407 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-13075=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.52.2 References: https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2017-7407.html https://bugzilla.suse.com/1015332 https://bugzilla.suse.com/1032309 From sle-security-updates at lists.suse.com Fri Apr 28 13:11:21 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Apr 2017 21:11:21 +0200 (CEST) Subject: SUSE-SU-2017:1135-1: important: Security update for kvm Message-ID: <20170428191121.4E010FEB0@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1135-1 Rating: important References: #1013285 #1014109 #1014111 #1014702 #1015048 #1015169 #1016779 #1021129 #1023004 #1023053 #1023907 #1024972 Cross-References: CVE-2016-10155 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5856 CVE-2017-5898 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has two fixes is now available. Description: This update for kvm fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) These non-security issues were fixed: - Fixed various inaccuracies in cirrus vga device emulation - Fixed virtio interface failure (bsc#1015048) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13080=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-59.1 References: https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014702 https://bugzilla.suse.com/1015048 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/1021129 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1023053 https://bugzilla.suse.com/1023907 https://bugzilla.suse.com/1024972 From sle-security-updates at lists.suse.com Fri Apr 28 13:13:31 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Apr 2017 21:13:31 +0200 (CEST) Subject: SUSE-SU-2017:1136-1: moderate: Security update for minicom Message-ID: <20170428191331.3FA9DFEB8@maintenance.suse.de> SUSE Security Update: Security update for minicom ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1136-1 Rating: moderate References: #1033783 Cross-References: CVE-2017-7467 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for minicom fixes the following issues: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-minicom-13079=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-minicom-13079=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): minicom-2.3-27.24.6.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): minicom-debuginfo-2.3-27.24.6.2 minicom-debugsource-2.3-27.24.6.2 References: https://www.suse.com/security/cve/CVE-2017-7467.html https://bugzilla.suse.com/1033783 From sle-security-updates at lists.suse.com Fri Apr 28 13:13:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 28 Apr 2017 21:13:58 +0200 (CEST) Subject: SUSE-SU-2017:1137-1: important: Security update for mysql Message-ID: <20170428191358.823FFFEB0@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1137-1 Rating: important References: #1020976 #1022428 #1029014 #1029396 #1034850 Cross-References: CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed: - CVE-2017-3308: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3329: Unspecified vulnerability in Server: Thread (bsc#1034850) - CVE-2017-3600: Unspecified vulnerability in Client: mysqldump (bsc#1034850) - CVE-2017-3453: Unspecified vulnerability in Server: Optimizer (bsc#1034850) - CVE-2017-3456: Unspecified vulnerability in Server: DML (bsc#1034850) - CVE-2017-3463: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3462: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3461: Unspecified vulnerability in Server: Security (bsc#1034850) - CVE-2017-3464: Unspecified vulnerability in Server: DDL (bsc#1034850) - CVE-2017-3305: MySQL client sent authentication request unencrypted even if SSL was required (aka Ridddle) (bsc#1029396). - CVE-2016-5483: Mysqldump failed to properly quote certain identifiers in SQL statements written to the dump output, allowing for execution of arbitrary commands (bsc#1029014) - '--ssl-mode=REQUIRED' can be specified to require a secure connection (it fails if a secure connection cannot be obtained) This non-security issue was fixed: - Set the default umask to 077 in rc.mysql-multi [bsc#1020976] For additional changes please see http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html Note: The issue tracked in bsc#1022428 and fixed in the last update was assigned CVE-2017-3302. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13081=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13081=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13081=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.55-0.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.55-0.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.55-0.38.1 libmysql55client_r18-5.5.55-0.38.1 mysql-5.5.55-0.38.1 mysql-client-5.5.55-0.38.1 mysql-tools-5.5.55-0.38.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.55-0.38.1 libmysql55client_r18-32bit-5.5.55-0.38.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.55-0.38.1 libmysql55client_r18-x86-5.5.55-0.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.55-0.38.1 mysql-debugsource-5.5.55-0.38.1 References: https://www.suse.com/security/cve/CVE-2016-5483.html https://www.suse.com/security/cve/CVE-2017-3302.html https://www.suse.com/security/cve/CVE-2017-3305.html https://www.suse.com/security/cve/CVE-2017-3308.html https://www.suse.com/security/cve/CVE-2017-3309.html https://www.suse.com/security/cve/CVE-2017-3329.html https://www.suse.com/security/cve/CVE-2017-3453.html https://www.suse.com/security/cve/CVE-2017-3456.html https://www.suse.com/security/cve/CVE-2017-3461.html https://www.suse.com/security/cve/CVE-2017-3462.html https://www.suse.com/security/cve/CVE-2017-3463.html https://www.suse.com/security/cve/CVE-2017-3464.html https://www.suse.com/security/cve/CVE-2017-3600.html https://bugzilla.suse.com/1020976 https://bugzilla.suse.com/1022428 https://bugzilla.suse.com/1029014 https://bugzilla.suse.com/1029396 https://bugzilla.suse.com/1034850 From sle-security-updates at lists.suse.com Fri Apr 28 16:08:57 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 29 Apr 2017 00:08:57 +0200 (CEST) Subject: SUSE-SU-2017:1138-1: important: Security update for ghostscript Message-ID: <20170428220857.A942BFEB8@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1138-1 Rating: important References: #1018128 #1030263 #1032114 #1032120 #1036453 Cross-References: CVE-2016-10220 CVE-2016-9601 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-659=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-659=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-659=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-659=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-659=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-659=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-659=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-devel-9.15-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-devel-9.15-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ghostscript-9.15-20.1 ghostscript-debuginfo-9.15-20.1 ghostscript-debugsource-9.15-20.1 ghostscript-x11-9.15-20.1 ghostscript-x11-debuginfo-9.15-20.1 References: https://www.suse.com/security/cve/CVE-2016-10220.html https://www.suse.com/security/cve/CVE-2016-9601.html https://www.suse.com/security/cve/CVE-2017-5951.html https://www.suse.com/security/cve/CVE-2017-7207.html https://www.suse.com/security/cve/CVE-2017-8291.html https://bugzilla.suse.com/1018128 https://bugzilla.suse.com/1030263 https://bugzilla.suse.com/1032114 https://bugzilla.suse.com/1032120 https://bugzilla.suse.com/1036453