From sle-security-updates at lists.suse.com Thu Aug 3 07:07:12 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Aug 2017 15:07:12 +0200 (CEST) Subject: SUSE-SU-2017:2031-1: moderate: Security update for systemd Message-ID: <20170803130712.9F49FFF3A@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2031-1 Rating: moderate References: #1004995 #1029102 #1029516 #1032029 #1033238 #1036873 #1037120 #1038865 #1040153 #1040258 #1040614 #1040942 #1040968 #1043758 #1043900 #1045290 #1046750 #982303 #986216 Cross-References: CVE-2017-9217 CVE-2017-9445 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has 17 fixes is now available. Description: This update for systemd provides several fixes and enhancements. Security issues fixed: - CVE-2017-9217: Null pointer dereferencing that could lead to resolved aborting. (bsc#1040614) - CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server. (bsc#1045290) The update also fixed several non-security bugs: - core/mount: Use the "-c" flag to not canonicalize paths when calling /bin/umount - automount: Handle expire_tokens when the mount unit changes its state (bsc#1040942) - automount: Rework propagation between automount and mount units - build: Make sure tmpfiles.d/systemd-remote.conf get installed when necessary - build: Fix systemd-journal-upload installation - basic: Detect XEN Dom0 as no virtualization (bsc#1036873) - virt: Make sure some errors are not ignored - fstab-generator: Do not skip Before= ordering for noauto mountpoints - fstab-gen: Do not convert device timeout into seconds when initializing JobTimeoutSec - core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995) - fstab-generator: Apply the _netdev option also to device units (bsc#1004995) - job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995) - job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995) - rules: Export NVMe WWID udev attribute (bsc#1038865) - rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives - rules: Add rules for NVMe devices - sysusers: Make group shadow support configurable (bsc#1029516) - core: When deserializing a unit, fully restore its cgroup state (bsc#1029102) - core: Introduce cg_mask_from_string()/cg_mask_to_string() - core:execute: Fix handling failures of calling fork() in exec_spawn() (bsc#1040258) - Fix systemd-sysv-convert when a package starts shipping service units (bsc#982303) The database might be missing when upgrading a package which was shipping no sysv init scripts nor unit files (at the time --save was called) but the new version start shipping unit files. - Disable group shadow support (bsc#1029516) - Only check signature job error if signature job exists (bsc#1043758) - Automounter issue in combination with NFS volumes (bsc#1040968) - Missing symbolic link for SAS device in /dev/disk/by-path (bsc#1040153) - Add minimal support for boot.d/* scripts in systemd-sysv-convert (bsc#1046750) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1245=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1245=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1245=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.9.3 systemd-debuginfo-228-150.9.3 systemd-debugsource-228-150.9.3 systemd-devel-228-150.9.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.9.3 libsystemd0-debuginfo-228-150.9.3 libudev1-228-150.9.3 libudev1-debuginfo-228-150.9.3 systemd-228-150.9.3 systemd-debuginfo-228-150.9.3 systemd-debugsource-228-150.9.3 systemd-sysvinit-228-150.9.3 udev-228-150.9.3 udev-debuginfo-228-150.9.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsystemd0-32bit-228-150.9.3 libsystemd0-debuginfo-32bit-228-150.9.3 libudev1-32bit-228-150.9.3 libudev1-debuginfo-32bit-228-150.9.3 systemd-32bit-228-150.9.3 systemd-debuginfo-32bit-228-150.9.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-bash-completion-228-150.9.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-bash-completion-228-150.9.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsystemd0-228-150.9.3 libsystemd0-32bit-228-150.9.3 libsystemd0-debuginfo-228-150.9.3 libsystemd0-debuginfo-32bit-228-150.9.3 libudev1-228-150.9.3 libudev1-32bit-228-150.9.3 libudev1-debuginfo-228-150.9.3 libudev1-debuginfo-32bit-228-150.9.3 systemd-228-150.9.3 systemd-32bit-228-150.9.3 systemd-debuginfo-228-150.9.3 systemd-debuginfo-32bit-228-150.9.3 systemd-debugsource-228-150.9.3 systemd-sysvinit-228-150.9.3 udev-228-150.9.3 udev-debuginfo-228-150.9.3 References: https://www.suse.com/security/cve/CVE-2017-9217.html https://www.suse.com/security/cve/CVE-2017-9445.html https://bugzilla.suse.com/1004995 https://bugzilla.suse.com/1029102 https://bugzilla.suse.com/1029516 https://bugzilla.suse.com/1032029 https://bugzilla.suse.com/1033238 https://bugzilla.suse.com/1036873 https://bugzilla.suse.com/1037120 https://bugzilla.suse.com/1038865 https://bugzilla.suse.com/1040153 https://bugzilla.suse.com/1040258 https://bugzilla.suse.com/1040614 https://bugzilla.suse.com/1040942 https://bugzilla.suse.com/1040968 https://bugzilla.suse.com/1043758 https://bugzilla.suse.com/1043900 https://bugzilla.suse.com/1045290 https://bugzilla.suse.com/1046750 https://bugzilla.suse.com/982303 https://bugzilla.suse.com/986216 From sle-security-updates at lists.suse.com Thu Aug 3 07:10:38 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Aug 2017 15:10:38 +0200 (CEST) Subject: SUSE-SU-2017:2032-1: moderate: Security update for wireshark Message-ID: <20170803131038.526A1FF3A@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2032-1 Rating: moderate References: #1049255 #1049621 Cross-References: CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This wireshark update to version 2.2.8 fixes the following issues: Security issues fixed: - CVE-2017-11411: The openSAFETY dissectorcould crash or exhaust system memory because of missing length validation. (bsc#1049621) - CVE-2017-11410: The WBXML dissector could go into an infinite loop. (bsc#1049255) - CVE-2017-11408: The AMQP dissector could crash. (bsc#1049255) - CVE-2017-11407: The MQ dissector could crash. (bsc#1049255) - CVE-2017-11406: The DOCSIS dissector could go into an infinite loop. (bsc#1049255) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13225=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13225=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13225=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-2.0.14-40.7.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): wireshark-2.0.14-40.7.1 wireshark-gtk-2.0.14-40.7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-2.0.14-40.7.1 wireshark-gtk-2.0.14-40.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-2.0.14-40.7.1 wireshark-debugsource-2.0.14-40.7.1 References: https://www.suse.com/security/cve/CVE-2017-11406.html https://www.suse.com/security/cve/CVE-2017-11407.html https://www.suse.com/security/cve/CVE-2017-11408.html https://www.suse.com/security/cve/CVE-2017-11410.html https://www.suse.com/security/cve/CVE-2017-11411.html https://bugzilla.suse.com/1049255 https://bugzilla.suse.com/1049621 From sle-security-updates at lists.suse.com Thu Aug 3 07:11:14 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Aug 2017 15:11:14 +0200 (CEST) Subject: SUSE-SU-2017:2033-1: moderate: Security update for wireshark Message-ID: <20170803131114.0ECBFFC3F@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2033-1 Rating: moderate References: #1049255 #1049621 Cross-References: CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This wireshark update to version 2.2.8 fixes the following issues: Security issues fixed: - CVE-2017-11411: The openSAFETY dissectorcould crash or exhaust system memory because of missing length validation. (bsc#1049621) - CVE-2017-11410: The WBXML dissector could go into an infinite loop. (bsc#1049255) - CVE-2017-11408: The AMQP dissector could crash. (bsc#1049255) - CVE-2017-11407: The MQ dissector could crash. (bsc#1049255) - CVE-2017-11406: The DOCSIS dissector could go into an infinite loop. (bsc#1049255) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1248=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1248=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1248=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1248=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1248=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1248=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1248=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.8-48.6.1 wireshark-debugsource-2.2.8-48.6.1 wireshark-devel-2.2.8-48.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.8-48.6.1 wireshark-debugsource-2.2.8-48.6.1 wireshark-devel-2.2.8-48.6.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libwireshark8-2.2.8-48.6.1 libwireshark8-debuginfo-2.2.8-48.6.1 libwiretap6-2.2.8-48.6.1 libwiretap6-debuginfo-2.2.8-48.6.1 libwscodecs1-2.2.8-48.6.1 libwscodecs1-debuginfo-2.2.8-48.6.1 libwsutil7-2.2.8-48.6.1 libwsutil7-debuginfo-2.2.8-48.6.1 wireshark-2.2.8-48.6.1 wireshark-debuginfo-2.2.8-48.6.1 wireshark-debugsource-2.2.8-48.6.1 wireshark-gtk-2.2.8-48.6.1 wireshark-gtk-debuginfo-2.2.8-48.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark8-2.2.8-48.6.1 libwireshark8-debuginfo-2.2.8-48.6.1 libwiretap6-2.2.8-48.6.1 libwiretap6-debuginfo-2.2.8-48.6.1 libwscodecs1-2.2.8-48.6.1 libwscodecs1-debuginfo-2.2.8-48.6.1 libwsutil7-2.2.8-48.6.1 libwsutil7-debuginfo-2.2.8-48.6.1 wireshark-2.2.8-48.6.1 wireshark-debuginfo-2.2.8-48.6.1 wireshark-debugsource-2.2.8-48.6.1 wireshark-gtk-2.2.8-48.6.1 wireshark-gtk-debuginfo-2.2.8-48.6.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libwireshark8-2.2.8-48.6.1 libwireshark8-debuginfo-2.2.8-48.6.1 libwiretap6-2.2.8-48.6.1 libwiretap6-debuginfo-2.2.8-48.6.1 libwscodecs1-2.2.8-48.6.1 libwscodecs1-debuginfo-2.2.8-48.6.1 libwsutil7-2.2.8-48.6.1 libwsutil7-debuginfo-2.2.8-48.6.1 wireshark-2.2.8-48.6.1 wireshark-debuginfo-2.2.8-48.6.1 wireshark-debugsource-2.2.8-48.6.1 wireshark-gtk-2.2.8-48.6.1 wireshark-gtk-debuginfo-2.2.8-48.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark8-2.2.8-48.6.1 libwireshark8-debuginfo-2.2.8-48.6.1 libwiretap6-2.2.8-48.6.1 libwiretap6-debuginfo-2.2.8-48.6.1 libwscodecs1-2.2.8-48.6.1 libwscodecs1-debuginfo-2.2.8-48.6.1 libwsutil7-2.2.8-48.6.1 libwsutil7-debuginfo-2.2.8-48.6.1 wireshark-2.2.8-48.6.1 wireshark-debuginfo-2.2.8-48.6.1 wireshark-debugsource-2.2.8-48.6.1 wireshark-gtk-2.2.8-48.6.1 wireshark-gtk-debuginfo-2.2.8-48.6.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libwireshark8-2.2.8-48.6.1 libwireshark8-debuginfo-2.2.8-48.6.1 libwiretap6-2.2.8-48.6.1 libwiretap6-debuginfo-2.2.8-48.6.1 libwscodecs1-2.2.8-48.6.1 libwscodecs1-debuginfo-2.2.8-48.6.1 libwsutil7-2.2.8-48.6.1 libwsutil7-debuginfo-2.2.8-48.6.1 wireshark-2.2.8-48.6.1 wireshark-debuginfo-2.2.8-48.6.1 wireshark-debugsource-2.2.8-48.6.1 wireshark-gtk-2.2.8-48.6.1 wireshark-gtk-debuginfo-2.2.8-48.6.1 References: https://www.suse.com/security/cve/CVE-2017-11406.html https://www.suse.com/security/cve/CVE-2017-11407.html https://www.suse.com/security/cve/CVE-2017-11408.html https://www.suse.com/security/cve/CVE-2017-11410.html https://www.suse.com/security/cve/CVE-2017-11411.html https://bugzilla.suse.com/1049255 https://bugzilla.suse.com/1049621 From sle-security-updates at lists.suse.com Thu Aug 3 07:11:47 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Aug 2017 15:11:47 +0200 (CEST) Subject: SUSE-SU-2017:2034-1: important: Security update for mariadb Message-ID: <20170803131147.1CF2CFC3F@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2034-1 Rating: important References: #1048715 Cross-References: CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This MariaDB update to version 10.0.31 GA fixes the following issues: Security issues fixed: - CVE-2017-3308: Subcomponent: Server: DML: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3456: Subcomponent: Server: DML: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3464: Subcomponent: Server: DDL: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) Bug fixes: - XtraDB updated to 5.6.36-82.0 - TokuDB updated to 5.6.36-82.0 - Innodb updated to 5.6.36 - Performance Schema updated to 5.6.36 Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10031-release-notes - https://kb.askmonty.org/en/mariadb-10031-changelog Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1244=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1244=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libmysqlclient-devel-10.0.31-20.29.1 libmysqlclient18-10.0.31-20.29.1 libmysqlclient18-32bit-10.0.31-20.29.1 libmysqlclient18-debuginfo-10.0.31-20.29.1 libmysqlclient18-debuginfo-32bit-10.0.31-20.29.1 libmysqlclient_r18-10.0.31-20.29.1 libmysqld-devel-10.0.31-20.29.1 libmysqld18-10.0.31-20.29.1 libmysqld18-debuginfo-10.0.31-20.29.1 mariadb-10.0.31-20.29.1 mariadb-client-10.0.31-20.29.1 mariadb-client-debuginfo-10.0.31-20.29.1 mariadb-debuginfo-10.0.31-20.29.1 mariadb-debugsource-10.0.31-20.29.1 mariadb-errormessages-10.0.31-20.29.1 mariadb-tools-10.0.31-20.29.1 mariadb-tools-debuginfo-10.0.31-20.29.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.31-20.29.1 libmysqlclient18-10.0.31-20.29.1 libmysqlclient18-debuginfo-10.0.31-20.29.1 libmysqlclient_r18-10.0.31-20.29.1 libmysqld-devel-10.0.31-20.29.1 libmysqld18-10.0.31-20.29.1 libmysqld18-debuginfo-10.0.31-20.29.1 mariadb-10.0.31-20.29.1 mariadb-client-10.0.31-20.29.1 mariadb-client-debuginfo-10.0.31-20.29.1 mariadb-debuginfo-10.0.31-20.29.1 mariadb-debugsource-10.0.31-20.29.1 mariadb-errormessages-10.0.31-20.29.1 mariadb-tools-10.0.31-20.29.1 mariadb-tools-debuginfo-10.0.31-20.29.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.31-20.29.1 libmysqlclient18-debuginfo-32bit-10.0.31-20.29.1 References: https://www.suse.com/security/cve/CVE-2017-3308.html https://www.suse.com/security/cve/CVE-2017-3309.html https://www.suse.com/security/cve/CVE-2017-3453.html https://www.suse.com/security/cve/CVE-2017-3456.html https://www.suse.com/security/cve/CVE-2017-3464.html https://bugzilla.suse.com/1048715 From sle-security-updates at lists.suse.com Thu Aug 3 07:12:17 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Aug 2017 15:12:17 +0200 (CEST) Subject: SUSE-SU-2017:2035-1: important: Security update for mariadb Message-ID: <20170803131217.17A7DFC3F@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2035-1 Rating: important References: #1048715 #963041 Cross-References: CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This MariaDB update to version 10.0.31 GA fixes the following issues: Security issues fixed: - CVE-2017-3308: Subcomponent: Server: DML: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3456: Subcomponent: Server: DML: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3464: Subcomponent: Server: DDL: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) Bug fixes: - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service in order to follow the upstream. It also fixes hanging mysql-systemd-helper when mariadb fails (e.g. because of the misconfiguration) (bsc#963041) - XtraDB updated to 5.6.36-82.0 - TokuDB updated to 5.6.36-82.0 - Innodb updated to 5.6.36 - Performance Schema updated to 5.6.36 Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10031-release-notes - https://kb.askmonty.org/en/mariadb-10031-changelog Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1247=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1247=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1247=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1247=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1247=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1247=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1247=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1247=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1247=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1247=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1247=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1247=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): libmysqlclient-devel-10.0.31-29.3.1 libmysqlclient18-10.0.31-29.3.1 libmysqlclient18-32bit-10.0.31-29.3.1 libmysqlclient18-debuginfo-10.0.31-29.3.1 libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1 libmysqlclient_r18-10.0.31-29.3.1 libmysqld-devel-10.0.31-29.3.1 libmysqld18-10.0.31-29.3.1 libmysqld18-debuginfo-10.0.31-29.3.1 mariadb-10.0.31-29.3.1 mariadb-client-10.0.31-29.3.1 mariadb-client-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 mariadb-errormessages-10.0.31-29.3.1 mariadb-tools-10.0.31-29.3.1 mariadb-tools-debuginfo-10.0.31-29.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libmysqlclient_r18-10.0.31-29.3.1 libmysqlclient_r18-32bit-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libmysqlclient_r18-10.0.31-29.3.1 libmysqlclient_r18-32bit-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.31-29.3.1 libmysqlclient_r18-10.0.31-29.3.1 libmysqld-devel-10.0.31-29.3.1 libmysqld18-10.0.31-29.3.1 libmysqld18-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.31-29.3.1 libmysqlclient_r18-10.0.31-29.3.1 libmysqld-devel-10.0.31-29.3.1 libmysqld18-10.0.31-29.3.1 libmysqld18-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libmysqlclient-devel-10.0.31-29.3.1 libmysqlclient18-10.0.31-29.3.1 libmysqlclient18-debuginfo-10.0.31-29.3.1 libmysqlclient_r18-10.0.31-29.3.1 libmysqld-devel-10.0.31-29.3.1 libmysqld18-10.0.31-29.3.1 libmysqld18-debuginfo-10.0.31-29.3.1 mariadb-10.0.31-29.3.1 mariadb-client-10.0.31-29.3.1 mariadb-client-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 mariadb-errormessages-10.0.31-29.3.1 mariadb-tools-10.0.31-29.3.1 mariadb-tools-debuginfo-10.0.31-29.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libmysqlclient18-32bit-10.0.31-29.3.1 libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmysqlclient18-10.0.31-29.3.1 libmysqlclient18-debuginfo-10.0.31-29.3.1 mariadb-10.0.31-29.3.1 mariadb-client-10.0.31-29.3.1 mariadb-client-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 mariadb-errormessages-10.0.31-29.3.1 mariadb-tools-10.0.31-29.3.1 mariadb-tools-debuginfo-10.0.31-29.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.31-29.3.1 libmysqlclient18-debuginfo-10.0.31-29.3.1 mariadb-10.0.31-29.3.1 mariadb-client-10.0.31-29.3.1 mariadb-client-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 mariadb-errormessages-10.0.31-29.3.1 mariadb-tools-10.0.31-29.3.1 mariadb-tools-debuginfo-10.0.31-29.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libmysqlclient18-32bit-10.0.31-29.3.1 libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.31-29.3.1 libmysqlclient18-debuginfo-10.0.31-29.3.1 mariadb-10.0.31-29.3.1 mariadb-client-10.0.31-29.3.1 mariadb-client-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 mariadb-errormessages-10.0.31-29.3.1 mariadb-tools-10.0.31-29.3.1 mariadb-tools-debuginfo-10.0.31-29.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libmysqlclient18-32bit-10.0.31-29.3.1 libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.31-29.3.1 libmysqlclient18-10.0.31-29.3.1 libmysqlclient18-debuginfo-10.0.31-29.3.1 libmysqlclient_r18-10.0.31-29.3.1 libmysqld-devel-10.0.31-29.3.1 libmysqld18-10.0.31-29.3.1 libmysqld18-debuginfo-10.0.31-29.3.1 mariadb-10.0.31-29.3.1 mariadb-client-10.0.31-29.3.1 mariadb-client-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 mariadb-errormessages-10.0.31-29.3.1 mariadb-tools-10.0.31-29.3.1 mariadb-tools-debuginfo-10.0.31-29.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.31-29.3.1 libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libmysqlclient18-10.0.31-29.3.1 libmysqlclient18-32bit-10.0.31-29.3.1 libmysqlclient18-debuginfo-10.0.31-29.3.1 libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1 libmysqlclient_r18-10.0.31-29.3.1 libmysqlclient_r18-32bit-10.0.31-29.3.1 mariadb-10.0.31-29.3.1 mariadb-client-10.0.31-29.3.1 mariadb-client-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 mariadb-errormessages-10.0.31-29.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libmysqlclient18-10.0.31-29.3.1 libmysqlclient18-32bit-10.0.31-29.3.1 libmysqlclient18-debuginfo-10.0.31-29.3.1 libmysqlclient18-debuginfo-32bit-10.0.31-29.3.1 libmysqlclient_r18-10.0.31-29.3.1 libmysqlclient_r18-32bit-10.0.31-29.3.1 mariadb-10.0.31-29.3.1 mariadb-client-10.0.31-29.3.1 mariadb-client-debuginfo-10.0.31-29.3.1 mariadb-debuginfo-10.0.31-29.3.1 mariadb-debugsource-10.0.31-29.3.1 mariadb-errormessages-10.0.31-29.3.1 References: https://www.suse.com/security/cve/CVE-2017-3308.html https://www.suse.com/security/cve/CVE-2017-3309.html https://www.suse.com/security/cve/CVE-2017-3453.html https://www.suse.com/security/cve/CVE-2017-3456.html https://www.suse.com/security/cve/CVE-2017-3464.html https://bugzilla.suse.com/1048715 https://bugzilla.suse.com/963041 From sle-security-updates at lists.suse.com Thu Aug 3 13:07:05 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Aug 2017 21:07:05 +0200 (CEST) Subject: SUSE-SU-2017:2039-1: moderate: Security update for hawk Message-ID: <20170803190705.AE6F0FF3A@maintenance.suse.de> SUSE Security Update: Security update for hawk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2039-1 Rating: moderate References: #1042963 #984619 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for hawk fixes the following issues: Security issue fixed: - Set Content-Security-Policy to frame-ancestors 'self' (bsc#984619) Bug fixes: - Improve ACL rule quoting (bsc#1042963) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1253=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1253=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): hawk-debuginfo-1.0.0+git.1448981395.15fb8b9-4.3.1 hawk-debugsource-1.0.0+git.1448981395.15fb8b9-4.3.1 hawk-templates-1.0.0+git.1448981395.15fb8b9-4.3.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): hawk-debuginfo-1.0.0+git.1448981395.15fb8b9-4.3.1 hawk-debugsource-1.0.0+git.1448981395.15fb8b9-4.3.1 hawk-templates-1.0.0+git.1448981395.15fb8b9-4.3.1 References: https://bugzilla.suse.com/1042963 https://bugzilla.suse.com/984619 From sle-security-updates at lists.suse.com Thu Aug 3 13:07:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Aug 2017 21:07:44 +0200 (CEST) Subject: SUSE-SU-2017:2040-1: important: Security update for libzypp, zypper Message-ID: <20170803190744.4EF00FC6C@maintenance.suse.de> SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2040-1 Rating: important References: #1009745 #1031756 #1033236 #1038132 #1038984 #1043218 #1045735 #1047785 #1048315 Cross-References: CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has 6 fixes is now available. Description: The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984) Bug fixes: - Re-probe on refresh if the repository type changes. (bsc#1048315) - Propagate proper error code to DownloadProgressReport. (bsc#1047785) - Allow to trigger an appdata refresh unconditionally. (bsc#1009745) - Support custom repo variables defined in /etc/zypp/vars.d. - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236) - Fix potential crash if repository has no baseurl. (bsc#1043218) zypper: - Adapt download callback to report and handle unsigned packages. (bsc#1038984) - Report missing/optional files as 'not found' rather than 'error'. (bsc#1047785) - Document support for custom repository variables defined in /etc/zypp/vars.d. - Emphasize that it depends on how fast PackageKit will respond to a 'quit' request sent if PK blocks package management. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1252=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1252=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1252=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1252=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1252=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libzypp-debuginfo-16.15.2-27.21.1 libzypp-debugsource-16.15.2-27.21.1 libzypp-devel-16.15.2-27.21.1 libzypp-devel-doc-16.15.2-27.21.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libzypp-16.15.2-27.21.1 libzypp-debuginfo-16.15.2-27.21.1 libzypp-debugsource-16.15.2-27.21.1 zypper-1.13.30-18.13.3 zypper-debuginfo-1.13.30-18.13.3 zypper-debugsource-1.13.30-18.13.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): zypper-log-1.13.30-18.13.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libzypp-16.15.2-27.21.1 libzypp-debuginfo-16.15.2-27.21.1 libzypp-debugsource-16.15.2-27.21.1 zypper-1.13.30-18.13.3 zypper-debuginfo-1.13.30-18.13.3 zypper-debugsource-1.13.30-18.13.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): zypper-log-1.13.30-18.13.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libzypp-16.15.2-27.21.1 libzypp-debuginfo-16.15.2-27.21.1 libzypp-debugsource-16.15.2-27.21.1 zypper-1.13.30-18.13.3 zypper-debuginfo-1.13.30-18.13.3 zypper-debugsource-1.13.30-18.13.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): zypper-log-1.13.30-18.13.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libzypp-16.15.2-27.21.1 libzypp-debuginfo-16.15.2-27.21.1 libzypp-debugsource-16.15.2-27.21.1 zypper-1.13.30-18.13.3 zypper-debuginfo-1.13.30-18.13.3 zypper-debugsource-1.13.30-18.13.3 References: https://www.suse.com/security/cve/CVE-2017-7435.html https://www.suse.com/security/cve/CVE-2017-7436.html https://www.suse.com/security/cve/CVE-2017-9269.html https://bugzilla.suse.com/1009745 https://bugzilla.suse.com/1031756 https://bugzilla.suse.com/1033236 https://bugzilla.suse.com/1038132 https://bugzilla.suse.com/1038984 https://bugzilla.suse.com/1043218 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1047785 https://bugzilla.suse.com/1048315 From sle-security-updates at lists.suse.com Thu Aug 3 13:09:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 3 Aug 2017 21:09:40 +0200 (CEST) Subject: SUSE-SU-2017:2041-1: important: Security update for the Linux Kernel Message-ID: <20170803190940.1D526FC3F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2041-1 Rating: important References: #1049483 Cross-References: CVE-2017-7533 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive the following security update: - CVE-2017-7533: Bug in inotify code allowed privilege escalation (bnc#1049483). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1251=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1251=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1251=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1251=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1251=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1251=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1251=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1251=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1251=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.74-92.32.1 kernel-default-debugsource-4.4.74-92.32.1 kernel-default-extra-4.4.74-92.32.1 kernel-default-extra-debuginfo-4.4.74-92.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.74-92.32.1 kernel-obs-build-debugsource-4.4.74-92.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.74-92.32.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.74-92.32.1 kernel-default-base-4.4.74-92.32.1 kernel-default-base-debuginfo-4.4.74-92.32.1 kernel-default-debuginfo-4.4.74-92.32.1 kernel-default-debugsource-4.4.74-92.32.1 kernel-default-devel-4.4.74-92.32.1 kernel-syms-4.4.74-92.32.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.74-92.32.1 kernel-macros-4.4.74-92.32.1 kernel-source-4.4.74-92.32.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.74-92.32.1 kernel-default-base-4.4.74-92.32.1 kernel-default-base-debuginfo-4.4.74-92.32.1 kernel-default-debuginfo-4.4.74-92.32.1 kernel-default-debugsource-4.4.74-92.32.1 kernel-default-devel-4.4.74-92.32.1 kernel-syms-4.4.74-92.32.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.74-92.32.1 kernel-macros-4.4.74-92.32.1 kernel-source-4.4.74-92.32.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): kernel-default-man-4.4.74-92.32.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_32-default-1-2.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.74-92.32.1 cluster-md-kmp-default-debuginfo-4.4.74-92.32.1 cluster-network-kmp-default-4.4.74-92.32.1 cluster-network-kmp-default-debuginfo-4.4.74-92.32.1 dlm-kmp-default-4.4.74-92.32.1 dlm-kmp-default-debuginfo-4.4.74-92.32.1 gfs2-kmp-default-4.4.74-92.32.1 gfs2-kmp-default-debuginfo-4.4.74-92.32.1 kernel-default-debuginfo-4.4.74-92.32.1 kernel-default-debugsource-4.4.74-92.32.1 ocfs2-kmp-default-4.4.74-92.32.1 ocfs2-kmp-default-debuginfo-4.4.74-92.32.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.74-92.32.1 kernel-macros-4.4.74-92.32.1 kernel-source-4.4.74-92.32.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.74-92.32.1 kernel-default-debuginfo-4.4.74-92.32.1 kernel-default-debugsource-4.4.74-92.32.1 kernel-default-devel-4.4.74-92.32.1 kernel-default-extra-4.4.74-92.32.1 kernel-default-extra-debuginfo-4.4.74-92.32.1 kernel-syms-4.4.74-92.32.1 - SUSE Container as a Service Platform ALL (x86_64): kernel-default-4.4.74-92.32.1 kernel-default-debuginfo-4.4.74-92.32.1 kernel-default-debugsource-4.4.74-92.32.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.74-92.32.1 kernel-default-debuginfo-4.4.74-92.32.1 kernel-default-debugsource-4.4.74-92.32.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://bugzilla.suse.com/1049483 From sle-security-updates at lists.suse.com Fri Aug 4 10:07:55 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Aug 2017 18:07:55 +0200 (CEST) Subject: SUSE-SU-2017:2042-1: important: Security update for the Linux Kernel Message-ID: <20170804160755.7765BFC6C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2042-1 Rating: important References: #1049483 Cross-References: CVE-2017-7533 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive the following security fix: - CVE-2017-7533: Bug in inotify code allowed privilege escalation (bnc#1049483). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1254=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1254=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1254=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1254=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.51.1 kernel-macros-3.12.74-60.64.51.1 kernel-source-3.12.74-60.64.51.1 - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.51.1 kernel-default-base-3.12.74-60.64.51.1 kernel-default-base-debuginfo-3.12.74-60.64.51.1 kernel-default-debuginfo-3.12.74-60.64.51.1 kernel-default-debugsource-3.12.74-60.64.51.1 kernel-default-devel-3.12.74-60.64.51.1 kernel-syms-3.12.74-60.64.51.1 kernel-xen-3.12.74-60.64.51.1 kernel-xen-base-3.12.74-60.64.51.1 kernel-xen-base-debuginfo-3.12.74-60.64.51.1 kernel-xen-debuginfo-3.12.74-60.64.51.1 kernel-xen-debugsource-3.12.74-60.64.51.1 kernel-xen-devel-3.12.74-60.64.51.1 kgraft-patch-3_12_74-60_64_51-default-1-2.1 kgraft-patch-3_12_74-60_64_51-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.51.1 kernel-default-base-3.12.74-60.64.51.1 kernel-default-base-debuginfo-3.12.74-60.64.51.1 kernel-default-debuginfo-3.12.74-60.64.51.1 kernel-default-debugsource-3.12.74-60.64.51.1 kernel-default-devel-3.12.74-60.64.51.1 kernel-syms-3.12.74-60.64.51.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.51.1 kernel-macros-3.12.74-60.64.51.1 kernel-source-3.12.74-60.64.51.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.51.1 kernel-xen-base-3.12.74-60.64.51.1 kernel-xen-base-debuginfo-3.12.74-60.64.51.1 kernel-xen-debuginfo-3.12.74-60.64.51.1 kernel-xen-debugsource-3.12.74-60.64.51.1 kernel-xen-devel-3.12.74-60.64.51.1 kgraft-patch-3_12_74-60_64_51-default-1-2.1 kgraft-patch-3_12_74-60_64_51-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.51.1 kernel-default-base-3.12.74-60.64.51.1 kernel-default-base-debuginfo-3.12.74-60.64.51.1 kernel-default-debuginfo-3.12.74-60.64.51.1 kernel-default-debugsource-3.12.74-60.64.51.1 kernel-default-devel-3.12.74-60.64.51.1 kernel-syms-3.12.74-60.64.51.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.51.1 kernel-macros-3.12.74-60.64.51.1 kernel-source-3.12.74-60.64.51.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.51.1 kernel-xen-base-3.12.74-60.64.51.1 kernel-xen-base-debuginfo-3.12.74-60.64.51.1 kernel-xen-debuginfo-3.12.74-60.64.51.1 kernel-xen-debugsource-3.12.74-60.64.51.1 kernel-xen-devel-3.12.74-60.64.51.1 kgraft-patch-3_12_74-60_64_51-default-1-2.1 kgraft-patch-3_12_74-60_64_51-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.51.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.51.1 kernel-ec2-debuginfo-3.12.74-60.64.51.1 kernel-ec2-debugsource-3.12.74-60.64.51.1 kernel-ec2-devel-3.12.74-60.64.51.1 kernel-ec2-extra-3.12.74-60.64.51.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.51.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://bugzilla.suse.com/1049483 From sle-security-updates at lists.suse.com Fri Aug 4 13:06:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Aug 2017 21:06:54 +0200 (CEST) Subject: SUSE-SU-2017:2043-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 Message-ID: <20170804190654.6FFFCFF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2043-1 Rating: important References: #1027575 #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1257=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Fri Aug 4 13:08:32 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Aug 2017 21:08:32 +0200 (CEST) Subject: SUSE-SU-2017:2044-1: moderate: Security update for nasm Message-ID: <20170804190832.B8BFEFC3F@maintenance.suse.de> SUSE Security Update: Security update for nasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2044-1 Rating: moderate References: #1047925 #1047936 Cross-References: CVE-2017-10686 CVE-2017-11111 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nasm fixes the following issues: Security issues fixed: - CVE-2017-10686: Multiple heap use after free vulnerabilities. (bsc#1047936) - CVE-2017-11111: Heap-based buffer overflow and application crash. (bsc#1047925) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1255=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1255=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): nasm-2.10.09-4.5.1 nasm-debuginfo-2.10.09-4.5.1 nasm-debugsource-2.10.09-4.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): nasm-2.10.09-4.5.1 nasm-debuginfo-2.10.09-4.5.1 nasm-debugsource-2.10.09-4.5.1 References: https://www.suse.com/security/cve/CVE-2017-10686.html https://www.suse.com/security/cve/CVE-2017-11111.html https://bugzilla.suse.com/1047925 https://bugzilla.suse.com/1047936 From sle-security-updates at lists.suse.com Fri Aug 4 13:09:04 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Aug 2017 21:09:04 +0200 (CEST) Subject: SUSE-SU-2017:2045-1: moderate: Security update for nasm Message-ID: <20170804190904.62B44FC3F@maintenance.suse.de> SUSE Security Update: Security update for nasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2045-1 Rating: moderate References: #1047936 Cross-References: CVE-2017-10686 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nasm fixes the following issues: Security issue fixed: - CVE-2017-10686: Multiple heap use after free vulnerabilities. (bsc#1047936) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-nasm-13226=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-nasm-13226=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): nasm-2.03.90-2.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): nasm-debuginfo-2.03.90-2.3.1 nasm-debugsource-2.03.90-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-10686.html https://bugzilla.suse.com/1047936 From sle-security-updates at lists.suse.com Fri Aug 4 13:09:27 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 4 Aug 2017 21:09:27 +0200 (CEST) Subject: SUSE-SU-2017:2046-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP2 Message-ID: <20170804190927.BFAF0FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2046-1 Rating: important References: #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1047518 #1050751 Cross-References: CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). The following non-security bug was fixed: - Fix for a btrfs deadlock between btrfs-cleaner and user space thread regression, which could cause spurious WARN_ON's from fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups are enabled. (bsc#1047518) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1258=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_20-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1047518 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Fri Aug 4 19:07:03 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 5 Aug 2017 03:07:03 +0200 (CEST) Subject: SUSE-SU-2017:2049-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 Message-ID: <20170805010703.6549AFF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2049-1 Rating: important References: #1027575 #1038564 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.69-60_64_29 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1261=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1261=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_69-60_64_29-default-6-2.1 kgraft-patch-3_12_69-60_64_29-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_69-60_64_29-default-6-2.1 kgraft-patch-3_12_69-60_64_29-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:09:29 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:09:29 +0200 (CEST) Subject: SUSE-SU-2017:2060-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 Message-ID: <20170807130929.50CFCFF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2060-1 Rating: important References: #1027575 #1038564 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.62-60_62 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1274=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1274=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_62-60_62-default-10-2.1 kgraft-patch-3_12_62-60_62-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_62-60_62-default-10-2.1 kgraft-patch-3_12_62-60_62-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:10:24 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:10:24 +0200 (CEST) Subject: SUSE-SU-2017:2061-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 Message-ID: <20170807131024.12057FC6C@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2061-1 Rating: important References: #1027575 #1038564 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1273=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1273=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_67-60_64_18-default-9-2.1 kgraft-patch-3_12_67-60_64_18-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_67-60_64_18-default-9-2.1 kgraft-patch-3_12_67-60_64_18-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:11:15 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:11:15 +0200 (CEST) Subject: SUSE-SU-2017:2062-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 Message-ID: <20170807131115.69055FF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2062-1 Rating: important References: #1027575 #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1263=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-8-18.7.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:12:26 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:12:26 +0200 (CEST) Subject: SUSE-SU-2017:2063-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2 Message-ID: <20170807131226.2B49FFC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2063-1 Rating: important References: #1027575 #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.49-92_11 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1269=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_11-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:13:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:13:40 +0200 (CEST) Subject: SUSE-SU-2017:2064-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP2 Message-ID: <20170807131340.EA0FEFF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2064-1 Rating: important References: #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1047518 #1050751 Cross-References: CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). The following non-security bug was fixed: - Fix for a btrfs deadlock between btrfs-cleaner and user space thread regression, which could cause spurious WARN_ON's from fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups are enabled. (bsc#1047518) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1266=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_17-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1047518 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:14:59 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:14:59 +0200 (CEST) Subject: SUSE-SU-2017:2065-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 Message-ID: <20170807131459.1CD7FFC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2065-1 Rating: important References: #1027575 #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.38-93 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1267=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:16:21 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:16:21 +0200 (CEST) Subject: SUSE-SU-2017:2066-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP2 Message-ID: <20170807131621.261C6FF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2066-1 Rating: important References: #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1047518 #1050751 Cross-References: CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). The following non-security bug was fixed: - Fix for a btrfs deadlock between btrfs-cleaner and user space thread regression, which could cause spurious WARN_ON's from fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups are enabled. (bsc#1047518) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1264=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_24-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1047518 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:17:39 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:17:39 +0200 (CEST) Subject: SUSE-SU-2017:2067-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 Message-ID: <20170807131739.A60DCFF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2067-1 Rating: important References: #1027575 #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-81 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1270=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:18:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:18:56 +0200 (CEST) Subject: SUSE-SU-2017:2068-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 Message-ID: <20170807131856.90CF2FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2068-1 Rating: important References: #1027575 #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-84 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1271=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-84-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:20:15 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:20:15 +0200 (CEST) Subject: SUSE-SU-2017:2069-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP2 Message-ID: <20170807132015.75055FC6C@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2069-1 Rating: important References: #1050751 Cross-References: CVE-2017-7533 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.74-92_29 fixes one issue. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1262=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_29-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 07:20:39 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 15:20:39 +0200 (CEST) Subject: SUSE-SU-2017:2070-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP2 Message-ID: <20170807132039.D8D46FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2070-1 Rating: important References: #1038564 #1042364 #1042892 #1046191 #1046202 #1046206 #1050751 Cross-References: CVE-2017-7533 CVE-2017-7645 CVE-2017-8797 CVE-2017-8890 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.49-92_14 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202) - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1265=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_14-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8797.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042364 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1046202 https://bugzilla.suse.com/1046206 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 10:08:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 18:08:56 +0200 (CEST) Subject: SUSE-SU-2017:2072-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 Message-ID: <20170807160856.71B98FF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2072-1 Rating: important References: #1027575 #1038564 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1276=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1276=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_67-60_64_21-default-8-2.1 kgraft-patch-3_12_67-60_64_21-xen-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_67-60_64_21-default-8-2.1 kgraft-patch-3_12_67-60_64_21-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 10:09:55 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 18:09:55 +0200 (CEST) Subject: SUSE-SU-2017:2073-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 Message-ID: <20170807160955.39673FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2073-1 Rating: important References: #1027575 #1038564 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1275=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1275=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_67-60_64_24-default-7-2.1 kgraft-patch-3_12_67-60_64_24-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_67-60_64_24-default-7-2.1 kgraft-patch-3_12_67-60_64_24-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Mon Aug 7 10:11:04 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 18:11:04 +0200 (CEST) Subject: SUSE-SU-2017:2074-1: important: Security update for the Linux Kernel Message-ID: <20170807161104.62030FC6C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2074-1 Rating: important References: #1049483 Cross-References: CVE-2017-7533 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to receive the following security update: - CVE-2017-7533: Bug in inotify code allowed privilege escalation (bnc#1049483). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1277=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1277=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1277=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.83.1 kernel-macros-3.12.61-52.83.1 kernel-source-3.12.61-52.83.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.83.1 kernel-default-base-3.12.61-52.83.1 kernel-default-base-debuginfo-3.12.61-52.83.1 kernel-default-debuginfo-3.12.61-52.83.1 kernel-default-debugsource-3.12.61-52.83.1 kernel-default-devel-3.12.61-52.83.1 kernel-syms-3.12.61-52.83.1 kernel-xen-3.12.61-52.83.1 kernel-xen-base-3.12.61-52.83.1 kernel-xen-base-debuginfo-3.12.61-52.83.1 kernel-xen-debuginfo-3.12.61-52.83.1 kernel-xen-debugsource-3.12.61-52.83.1 kernel-xen-devel-3.12.61-52.83.1 kgraft-patch-3_12_61-52_83-default-1-2.1 kgraft-patch-3_12_61-52_83-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.83.1 kernel-default-base-3.12.61-52.83.1 kernel-default-base-debuginfo-3.12.61-52.83.1 kernel-default-debuginfo-3.12.61-52.83.1 kernel-default-debugsource-3.12.61-52.83.1 kernel-default-devel-3.12.61-52.83.1 kernel-syms-3.12.61-52.83.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.83.1 kernel-macros-3.12.61-52.83.1 kernel-source-3.12.61-52.83.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.83.1 kernel-xen-base-3.12.61-52.83.1 kernel-xen-base-debuginfo-3.12.61-52.83.1 kernel-xen-debuginfo-3.12.61-52.83.1 kernel-xen-debugsource-3.12.61-52.83.1 kernel-xen-devel-3.12.61-52.83.1 kgraft-patch-3_12_61-52_83-default-1-2.1 kgraft-patch-3_12_61-52_83-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.83.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.83.1 kernel-ec2-debuginfo-3.12.61-52.83.1 kernel-ec2-debugsource-3.12.61-52.83.1 kernel-ec2-devel-3.12.61-52.83.1 kernel-ec2-extra-3.12.61-52.83.1 kernel-ec2-extra-debuginfo-3.12.61-52.83.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://bugzilla.suse.com/1049483 From sle-security-updates at lists.suse.com Mon Aug 7 10:11:39 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 18:11:39 +0200 (CEST) Subject: SUSE-SU-2017:2075-1: moderate: Security update for ncurses Message-ID: <20170807161139.13FB1FC6C@maintenance.suse.de> SUSE Security Update: Security update for ncurses ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2075-1 Rating: moderate References: #1046853 #1046858 #1047964 #1047965 #1049344 Cross-References: CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1279=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1279=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1279=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1279=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1279=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1279=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1279=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1279=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ncurses-debugsource-5.9-50.1 ncurses-devel-5.9-50.1 ncurses-devel-debuginfo-5.9-50.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ncurses-debugsource-5.9-50.1 ncurses-devel-5.9-50.1 ncurses-devel-debuginfo-5.9-50.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libncurses5-5.9-50.1 libncurses5-debuginfo-5.9-50.1 libncurses6-5.9-50.1 libncurses6-debuginfo-5.9-50.1 ncurses-debugsource-5.9-50.1 ncurses-devel-5.9-50.1 ncurses-devel-debuginfo-5.9-50.1 ncurses-utils-5.9-50.1 ncurses-utils-debuginfo-5.9-50.1 tack-5.9-50.1 tack-debuginfo-5.9-50.1 terminfo-5.9-50.1 terminfo-base-5.9-50.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libncurses5-5.9-50.1 libncurses5-debuginfo-5.9-50.1 libncurses6-5.9-50.1 libncurses6-debuginfo-5.9-50.1 ncurses-debugsource-5.9-50.1 ncurses-devel-5.9-50.1 ncurses-devel-debuginfo-5.9-50.1 ncurses-utils-5.9-50.1 ncurses-utils-debuginfo-5.9-50.1 tack-5.9-50.1 tack-debuginfo-5.9-50.1 terminfo-5.9-50.1 terminfo-base-5.9-50.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libncurses5-32bit-5.9-50.1 libncurses5-debuginfo-32bit-5.9-50.1 libncurses6-32bit-5.9-50.1 libncurses6-debuginfo-32bit-5.9-50.1 ncurses-devel-32bit-5.9-50.1 ncurses-devel-debuginfo-32bit-5.9-50.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libncurses5-5.9-50.1 libncurses5-debuginfo-5.9-50.1 libncurses6-5.9-50.1 libncurses6-debuginfo-5.9-50.1 ncurses-debugsource-5.9-50.1 ncurses-devel-5.9-50.1 ncurses-devel-debuginfo-5.9-50.1 ncurses-utils-5.9-50.1 ncurses-utils-debuginfo-5.9-50.1 tack-5.9-50.1 tack-debuginfo-5.9-50.1 terminfo-5.9-50.1 terminfo-base-5.9-50.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libncurses5-32bit-5.9-50.1 libncurses5-debuginfo-32bit-5.9-50.1 libncurses6-32bit-5.9-50.1 libncurses6-debuginfo-32bit-5.9-50.1 ncurses-devel-32bit-5.9-50.1 ncurses-devel-debuginfo-32bit-5.9-50.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libncurses5-32bit-5.9-50.1 libncurses5-5.9-50.1 libncurses5-debuginfo-32bit-5.9-50.1 libncurses5-debuginfo-5.9-50.1 libncurses6-32bit-5.9-50.1 libncurses6-5.9-50.1 libncurses6-debuginfo-32bit-5.9-50.1 libncurses6-debuginfo-5.9-50.1 ncurses-debugsource-5.9-50.1 ncurses-devel-5.9-50.1 ncurses-devel-debuginfo-5.9-50.1 ncurses-utils-5.9-50.1 ncurses-utils-debuginfo-5.9-50.1 tack-5.9-50.1 tack-debuginfo-5.9-50.1 terminfo-5.9-50.1 terminfo-base-5.9-50.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libncurses5-32bit-5.9-50.1 libncurses5-5.9-50.1 libncurses5-debuginfo-32bit-5.9-50.1 libncurses5-debuginfo-5.9-50.1 libncurses6-32bit-5.9-50.1 libncurses6-5.9-50.1 libncurses6-debuginfo-32bit-5.9-50.1 libncurses6-debuginfo-5.9-50.1 ncurses-debugsource-5.9-50.1 ncurses-devel-5.9-50.1 ncurses-devel-debuginfo-5.9-50.1 ncurses-utils-5.9-50.1 ncurses-utils-debuginfo-5.9-50.1 tack-5.9-50.1 tack-debuginfo-5.9-50.1 terminfo-5.9-50.1 terminfo-base-5.9-50.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libncurses5-5.9-50.1 libncurses5-debuginfo-5.9-50.1 libncurses6-5.9-50.1 libncurses6-debuginfo-5.9-50.1 ncurses-debugsource-5.9-50.1 ncurses-utils-5.9-50.1 ncurses-utils-debuginfo-5.9-50.1 terminfo-base-5.9-50.1 References: https://www.suse.com/security/cve/CVE-2017-10684.html https://www.suse.com/security/cve/CVE-2017-10685.html https://www.suse.com/security/cve/CVE-2017-11112.html https://www.suse.com/security/cve/CVE-2017-11113.html https://bugzilla.suse.com/1046853 https://bugzilla.suse.com/1046858 https://bugzilla.suse.com/1047964 https://bugzilla.suse.com/1047965 https://bugzilla.suse.com/1049344 From sle-security-updates at lists.suse.com Mon Aug 7 10:12:41 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 7 Aug 2017 18:12:41 +0200 (CEST) Subject: SUSE-SU-2017:2076-1: moderate: Security update for ncurses Message-ID: <20170807161241.D4CDDFC3F@maintenance.suse.de> SUSE Security Update: Security update for ncurses ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2076-1 Rating: moderate References: #1046853 #1046858 #1047964 #1047965 #1049344 Cross-References: CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ncurses-13227=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ncurses-13227=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ncurses-13227=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): ncurses-devel-5.6-93.6.1 tack-5.6-93.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): ncurses-devel-32bit-5.6-93.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libncurses5-5.6-93.6.1 libncurses6-5.6-93.6.1 ncurses-devel-5.6-93.6.1 ncurses-utils-5.6-93.6.1 tack-5.6-93.6.1 terminfo-5.6-93.6.1 terminfo-base-5.6-93.6.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libncurses5-32bit-5.6-93.6.1 libncurses6-32bit-5.6-93.6.1 ncurses-devel-32bit-5.6-93.6.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libncurses5-x86-5.6-93.6.1 libncurses6-x86-5.6-93.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ncurses-debuginfo-5.6-93.6.1 ncurses-debugsource-5.6-93.6.1 References: https://www.suse.com/security/cve/CVE-2017-10684.html https://www.suse.com/security/cve/CVE-2017-10685.html https://www.suse.com/security/cve/CVE-2017-11112.html https://www.suse.com/security/cve/CVE-2017-11113.html https://bugzilla.suse.com/1046853 https://bugzilla.suse.com/1046858 https://bugzilla.suse.com/1047964 https://bugzilla.suse.com/1047965 https://bugzilla.suse.com/1049344 From sle-security-updates at lists.suse.com Tue Aug 8 07:07:55 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 15:07:55 +0200 (CEST) Subject: SUSE-SU-2017:2088-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20170808130755.58E21FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2088-1 Rating: important References: #1027575 #1038564 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1295=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1295=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_62-60_64_8-default-10-2.1 kgraft-patch-3_12_62-60_64_8-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_62-60_64_8-default-10-2.1 kgraft-patch-3_12_62-60_64_8-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 07:08:59 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 15:08:59 +0200 (CEST) Subject: SUSE-SU-2017:2089-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12 SP1 Message-ID: <20170808130859.9F249FF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2089-1 Rating: important References: #1038564 #1042892 #1050751 Cross-References: CVE-2017-7533 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1290=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1290=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_48-default-2-2.1 kgraft-patch-3_12_74-60_64_48-xen-2-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_48-default-2-2.1 kgraft-patch-3_12_74-60_64_48-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 07:09:41 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 15:09:41 +0200 (CEST) Subject: SUSE-SU-2017:2090-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12 SP1 Message-ID: <20170808130941.0A5BFFC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2090-1 Rating: important References: #1038564 #1042892 #1050751 Cross-References: CVE-2017-7533 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1292=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1292=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_45-default-3-2.1 kgraft-patch-3_12_74-60_64_45-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_45-default-3-2.1 kgraft-patch-3_12_74-60_64_45-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 07:10:23 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 15:10:23 +0200 (CEST) Subject: SUSE-SU-2017:2091-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1 Message-ID: <20170808131023.E44E8FC6C@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2091-1 Rating: important References: #1038564 #1042892 #1046191 #1050751 Cross-References: CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1294=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1294=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_69-60_64_35-default-4-2.1 kgraft-patch-3_12_69-60_64_35-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_69-60_64_35-default-4-2.1 kgraft-patch-3_12_69-60_64_35-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 07:11:15 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 15:11:15 +0200 (CEST) Subject: SUSE-SU-2017:2092-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 Message-ID: <20170808131115.9B1D4FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2092-1 Rating: important References: #1027575 #1038564 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.69-60_64_32 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1293=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1293=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_69-60_64_32-default-5-2.1 kgraft-patch-3_12_69-60_64_32-xen-5-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_69-60_64_32-default-5-2.1 kgraft-patch-3_12_69-60_64_32-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 07:12:17 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 15:12:17 +0200 (CEST) Subject: SUSE-SU-2017:2093-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12 Message-ID: <20170808131217.110F5FF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2093-1 Rating: important References: #1027575 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_60 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1296=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1296=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_60-default-7-2.1 kgraft-patch-3_12_60-52_60-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_60-default-7-2.1 kgraft-patch-3_12_60-52_60-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 07:13:08 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 15:13:08 +0200 (CEST) Subject: SUSE-SU-2017:2094-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 SP1 Message-ID: <20170808131308.980B3FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2094-1 Rating: important References: #1038564 #1042892 #1044878 #1050751 Cross-References: CVE-2017-7533 CVE-2017-8890 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). The following non-security bug was fixed: - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1291=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1291=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_40-default-3-2.1 kgraft-patch-3_12_74-60_64_40-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_40-default-3-2.1 kgraft-patch-3_12_74-60_64_40-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1038564 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1044878 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 07:14:02 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 15:14:02 +0200 (CEST) Subject: SUSE-SU-2017:2095-1: important: Security update for Linux Kernel Live Patch 18 for SLE 12 Message-ID: <20170808131402.06A00FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 18 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2095-1 Rating: important References: #1027575 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_63 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1297=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1297=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_63-default-7-2.1 kgraft-patch-3_12_60-52_63-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_63-default-7-2.1 kgraft-patch-3_12_60-52_63-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 07:14:52 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 15:14:52 +0200 (CEST) Subject: SUSE-SU-2017:2096-1: important: Security update for Linux Kernel Live Patch 19 for SLE 12 Message-ID: <20170808131452.1F970FC6C@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2096-1 Rating: important References: #1027575 #1042892 #1044878 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_66 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1298=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1298=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_66-default-6-2.1 kgraft-patch-3_12_61-52_66-xen-6-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_66-default-6-2.1 kgraft-patch-3_12_61-52_66-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1044878 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 10:09:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 18:09:40 +0200 (CEST) Subject: SUSE-SU-2017:2098-1: important: Security update for Linux Kernel Live Patch 23 for SLE 12 Message-ID: <20170808160940.61D7CFC6C@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 23 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2098-1 Rating: important References: #1042892 #1046191 #1050751 Cross-References: CVE-2017-7533 CVE-2017-7645 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1300=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1300=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_80-default-2-2.1 kgraft-patch-3_12_61-52_80-xen-2-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_80-default-2-2.1 kgraft-patch-3_12_61-52_80-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 10:10:29 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 18:10:29 +0200 (CEST) Subject: SUSE-SU-2017:2099-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12 Message-ID: <20170808161029.56F97FC6C@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2099-1 Rating: important References: #1027575 #1042892 #1046191 #1050751 Cross-References: CVE-2017-2636 CVE-2017-7533 CVE-2017-7645 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_57 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1304=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1304=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_57-default-8-2.1 kgraft-patch-3_12_60-52_57-xen-8-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_57-default-8-2.1 kgraft-patch-3_12_60-52_57-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1027575 https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 10:11:43 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 18:11:43 +0200 (CEST) Subject: SUSE-SU-2017:2100-1: important: Security update for Linux Kernel Live Patch 21 for SLE 12 Message-ID: <20170808161143.D7F09FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 21 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2100-1 Rating: important References: #1042892 #1044878 #1046191 #1050751 Cross-References: CVE-2017-7533 CVE-2017-7645 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_72 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1302=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1302=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_72-default-3-2.1 kgraft-patch-3_12_61-52_72-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_72-default-3-2.1 kgraft-patch-3_12_61-52_72-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1044878 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 10:14:04 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 18:14:04 +0200 (CEST) Subject: SUSE-SU-2017:2102-1: important: Security update for Linux Kernel Live Patch 22 for SLE 12 Message-ID: <20170808161404.91D4DFC6C@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 22 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2102-1 Rating: important References: #1042892 #1046191 #1050751 Cross-References: CVE-2017-7533 CVE-2017-7645 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1301=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1301=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_77-default-3-2.1 kgraft-patch-3_12_61-52_77-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_77-default-3-2.1 kgraft-patch-3_12_61-52_77-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 10:15:14 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 18:15:14 +0200 (CEST) Subject: SUSE-SU-2017:2103-1: important: Security update for Linux Kernel Live Patch 20 for SLE 12 Message-ID: <20170808161514.7EB75FC3F@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 20 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2103-1 Rating: important References: #1042892 #1044878 #1046191 #1050751 Cross-References: CVE-2017-7533 CVE-2017-7645 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_69 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1303=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1303=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_69-default-4-2.1 kgraft-patch-3_12_61-52_69-xen-4-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_69-default-4-2.1 kgraft-patch-3_12_61-52_69-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7645.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1042892 https://bugzilla.suse.com/1044878 https://bugzilla.suse.com/1046191 https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Tue Aug 8 13:07:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 8 Aug 2017 21:07:40 +0200 (CEST) Subject: SUSE-SU-2017:2105-1: moderate: Security update for python-tablib Message-ID: <20170808190740.72425FC6C@maintenance.suse.de> SUSE Security Update: Security update for python-tablib ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2105-1 Rating: moderate References: #1044329 Cross-References: CVE-2017-2810 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-tablib fixes the following issues: - CVE-2017-2810: Use yaml.safe_load and yaml.safe_dump to avoid executing code when importing data (bsc#1044329) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1306=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1306=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1306=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-tablib-0.9.11-3.1 - SUSE OpenStack Cloud 6 (noarch): python-tablib-0.9.11-3.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-tablib-0.9.11-3.1 References: https://www.suse.com/security/cve/CVE-2017-2810.html https://bugzilla.suse.com/1044329 From sle-security-updates at lists.suse.com Wed Aug 9 07:07:26 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 Aug 2017 15:07:26 +0200 (CEST) Subject: SUSE-SU-2017:2109-1: important: Security update for tcmu-runner Message-ID: <20170809130726.C9130FC3F@maintenance.suse.de> SUSE Security Update: Security update for tcmu-runner ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2109-1 Rating: important References: #1049485 #1049488 #1049489 #1049490 #1049491 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tcmu-runner fixes the following issues: - qcow handler opens up an information leak via the CheckConfig D-Bus method (bsc#1049491) - glfs handler allows local DoS via crafted CheckConfig strings (bsc#1049485) - UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes denial of service (bsc#1049488) - UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes denial of service (bsc#1049489) - Memory leaks can be triggered in tcmu-runner daemon by calling D-Bus method for (Un)RegisterHandler (bsc#1049490) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1311=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1311=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): tcmu-runner-debuginfo-1.2.0-2.3.1 tcmu-runner-debugsource-1.2.0-2.3.1 tcmu-runner-devel-1.2.0-2.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtcmu1-1.2.0-2.3.1 libtcmu1-debuginfo-1.2.0-2.3.1 tcmu-runner-1.2.0-2.3.1 tcmu-runner-debuginfo-1.2.0-2.3.1 tcmu-runner-debugsource-1.2.0-2.3.1 References: https://bugzilla.suse.com/1049485 https://bugzilla.suse.com/1049488 https://bugzilla.suse.com/1049489 https://bugzilla.suse.com/1049490 https://bugzilla.suse.com/1049491 From sle-security-updates at lists.suse.com Wed Aug 9 07:32:06 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 Aug 2017 15:32:06 +0200 (CEST) Subject: SUSE-SU-2017:2113-1: important: Security update for puppet Message-ID: <20170809133206.D5E2FFC3F@maintenance.suse.de> SUSE Security Update: Security update for puppet ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2113-1 Rating: important References: #1040151 Cross-References: CVE-2017-2295 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for puppet fixes the following issues: Security issue fixed: - CVE-2017-2295: Possible code execution vulnerability where an attacker could force YAML deserialization in an unsafe manner. In default, this update breaks a backwards compatibility with Puppet agents older than 3.2.2 as the SLE12 master doesn't support other fact formats than pson in default anymore. In order to allow users to continue using their SLE12 master/SLE11 agents setup and fix CVE-2017-2295 for the others, a new puppet master boolean option "dangerous_fact_formats" was added. When it's set to true it enables using dangerous fact formats (e.g. YAML). When it's set to false, only PSON fact format is accepted. (bsc#1040151) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-1310=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1310=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1310=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): puppet-3.8.5-15.3.3 puppet-server-3.8.5-15.3.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): puppet-3.8.5-15.3.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): puppet-3.8.5-15.3.3 References: https://www.suse.com/security/cve/CVE-2017-2295.html https://bugzilla.suse.com/1040151 From sle-security-updates at lists.suse.com Wed Aug 9 13:07:03 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 Aug 2017 21:07:03 +0200 (CEST) Subject: SUSE-SU-2017:2114-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP3 Message-ID: <20170809190703.C2C49FF3A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2114-1 Rating: important References: #1050751 Cross-References: CVE-2017-7533 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.73-5 fixes one issue. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-1313=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_73-5-default-2-2.3.2 kgraft-patch-4_4_73-5-default-debuginfo-2-2.3.2 kgraft-patch-SLE12-SP3_Update_0-debugsource-2-2.3.2 References: https://www.suse.com/security/cve/CVE-2017-7533.html https://bugzilla.suse.com/1050751 From sle-security-updates at lists.suse.com Wed Aug 9 13:07:29 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 Aug 2017 21:07:29 +0200 (CEST) Subject: SUSE-SU-2017:2115-1: moderate: Security update for libxml2 Message-ID: <20170809190729.37B1CFC3F@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2115-1 Rating: moderate References: #1038444 Cross-References: CVE-2017-8872 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: - CVE-2017-8872: Out-of-bounds read could lead to application crash (bsc#1038444) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-13228=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-13228=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-13228=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.77.3.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.77.3.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.77.3.2 libxml2-doc-2.7.6-0.77.3.2 libxml2-python-2.7.6-0.77.3.5 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.77.3.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.77.3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.77.3.2 libxml2-debugsource-2.7.6-0.77.3.2 libxml2-python-debuginfo-2.7.6-0.77.3.5 libxml2-python-debugsource-2.7.6-0.77.3.5 References: https://www.suse.com/security/cve/CVE-2017-8872.html https://bugzilla.suse.com/1038444 From sle-security-updates at lists.suse.com Wed Aug 9 13:08:20 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 9 Aug 2017 21:08:20 +0200 (CEST) Subject: SUSE-SU-2017:2117-1: Security update for librsvg Message-ID: <20170809190820.1D169FC3F@maintenance.suse.de> SUSE Security Update: Security update for librsvg ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2117-1 Rating: low References: #1049607 Cross-References: CVE-2017-11464 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update librsvg to version 2.40.18 fixes the following issues: Security issue fixed: - CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c. (bsc#1049607) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1315=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1315=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1315=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1315=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1315=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1315=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1315=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.40.18-5.3.1 librsvg-devel-2.40.18-5.3.1 typelib-1_0-Rsvg-2_0-2.40.18-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.40.18-5.3.1 librsvg-devel-2.40.18-5.3.1 typelib-1_0-Rsvg-2_0-2.40.18-5.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gdk-pixbuf-loader-rsvg-2.40.18-5.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-5.3.1 librsvg-2-2-2.40.18-5.3.1 librsvg-2-2-debuginfo-2.40.18-5.3.1 librsvg-debugsource-2.40.18-5.3.1 rsvg-view-2.40.18-5.3.1 rsvg-view-debuginfo-2.40.18-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-loader-rsvg-2.40.18-5.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-5.3.1 librsvg-2-2-2.40.18-5.3.1 librsvg-2-2-debuginfo-2.40.18-5.3.1 librsvg-debugsource-2.40.18-5.3.1 rsvg-view-2.40.18-5.3.1 rsvg-view-debuginfo-2.40.18-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): librsvg-2-2-32bit-2.40.18-5.3.1 librsvg-2-2-debuginfo-32bit-2.40.18-5.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-loader-rsvg-2.40.18-5.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-5.3.1 librsvg-2-2-2.40.18-5.3.1 librsvg-2-2-debuginfo-2.40.18-5.3.1 librsvg-debugsource-2.40.18-5.3.1 rsvg-view-2.40.18-5.3.1 rsvg-view-debuginfo-2.40.18-5.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): librsvg-2-2-32bit-2.40.18-5.3.1 librsvg-2-2-debuginfo-32bit-2.40.18-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gdk-pixbuf-loader-rsvg-2.40.18-5.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-5.3.1 librsvg-2-2-2.40.18-5.3.1 librsvg-2-2-32bit-2.40.18-5.3.1 librsvg-2-2-debuginfo-2.40.18-5.3.1 librsvg-2-2-debuginfo-32bit-2.40.18-5.3.1 librsvg-debugsource-2.40.18-5.3.1 rsvg-view-2.40.18-5.3.1 rsvg-view-debuginfo-2.40.18-5.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gdk-pixbuf-loader-rsvg-2.40.18-5.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.40.18-5.3.1 librsvg-2-2-2.40.18-5.3.1 librsvg-2-2-32bit-2.40.18-5.3.1 librsvg-2-2-debuginfo-2.40.18-5.3.1 librsvg-2-2-debuginfo-32bit-2.40.18-5.3.1 librsvg-debugsource-2.40.18-5.3.1 rsvg-view-2.40.18-5.3.1 rsvg-view-debuginfo-2.40.18-5.3.1 References: https://www.suse.com/security/cve/CVE-2017-11464.html https://bugzilla.suse.com/1049607 From sle-security-updates at lists.suse.com Thu Aug 10 10:08:53 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 10 Aug 2017 18:08:53 +0200 (CEST) Subject: SUSE-SU-2017:2129-1: important: Security update for libsoup Message-ID: <20170810160853.D9015FC6C@maintenance.suse.de> SUSE Security Update: Security update for libsoup ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2129-1 Rating: important References: #1052916 Cross-References: CVE-2017-2885 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libsoup fixes the following issues: - A bug in the HTTP Chunked Encoding code has been fixed that could have been exploited by attackers to cause a stack-based buffer overflow in client or server code running libsoup (bsc#1052916, CVE-2017-2885). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1318=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1318=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1318=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1318=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1318=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1318=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1318=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsoup-debugsource-2.54.1-5.3.1 libsoup-devel-2.54.1-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsoup-debugsource-2.54.1-5.3.1 libsoup-devel-2.54.1-5.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsoup-2_4-1-2.54.1-5.3.1 libsoup-2_4-1-debuginfo-2.54.1-5.3.1 libsoup-debugsource-2.54.1-5.3.1 typelib-1_0-Soup-2_4-2.54.1-5.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libsoup-lang-2.54.1-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsoup-2_4-1-2.54.1-5.3.1 libsoup-2_4-1-debuginfo-2.54.1-5.3.1 libsoup-debugsource-2.54.1-5.3.1 typelib-1_0-Soup-2_4-2.54.1-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsoup-2_4-1-32bit-2.54.1-5.3.1 libsoup-2_4-1-debuginfo-32bit-2.54.1-5.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): libsoup-lang-2.54.1-5.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libsoup-2_4-1-2.54.1-5.3.1 libsoup-2_4-1-debuginfo-2.54.1-5.3.1 libsoup-debugsource-2.54.1-5.3.1 typelib-1_0-Soup-2_4-2.54.1-5.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libsoup-2_4-1-32bit-2.54.1-5.3.1 libsoup-2_4-1-debuginfo-32bit-2.54.1-5.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): libsoup-lang-2.54.1-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsoup-2_4-1-2.54.1-5.3.1 libsoup-2_4-1-32bit-2.54.1-5.3.1 libsoup-2_4-1-debuginfo-2.54.1-5.3.1 libsoup-2_4-1-debuginfo-32bit-2.54.1-5.3.1 libsoup-debugsource-2.54.1-5.3.1 typelib-1_0-Soup-2_4-2.54.1-5.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libsoup-lang-2.54.1-5.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libsoup-lang-2.54.1-5.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsoup-2_4-1-2.54.1-5.3.1 libsoup-2_4-1-32bit-2.54.1-5.3.1 libsoup-2_4-1-debuginfo-2.54.1-5.3.1 libsoup-2_4-1-debuginfo-32bit-2.54.1-5.3.1 libsoup-debugsource-2.54.1-5.3.1 typelib-1_0-Soup-2_4-2.54.1-5.3.1 References: https://www.suse.com/security/cve/CVE-2017-2885.html https://bugzilla.suse.com/1052916 From sle-security-updates at lists.suse.com Thu Aug 10 10:09:29 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 10 Aug 2017 18:09:29 +0200 (CEST) Subject: SUSE-SU-2017:2130-1: important: Security update for libsoup Message-ID: <20170810160929.4EEE6FEB7@maintenance.suse.de> SUSE Security Update: Security update for libsoup ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2130-1 Rating: important References: #1052916 Cross-References: CVE-2017-2885 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libsoup fixes the following issues: - A bug in the HTTP Chunked Encoding code has been fixed that could have been exploited by attackers to cause a stack-based buffer overflow in client or server code running libsoup (bsc#1052916, CVE-2017-2885). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1317=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1317=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1317=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1317=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1317=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): libsoup-2_4-1-2.44.2-2.3.1 libsoup-2_4-1-32bit-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-32bit-2.44.2-2.3.1 libsoup-debugsource-2.44.2-2.3.1 typelib-1_0-Soup-2_4-2.44.2-2.3.1 - SUSE OpenStack Cloud 6 (noarch): libsoup-lang-2.44.2-2.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libsoup-2_4-1-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-2.44.2-2.3.1 libsoup-debugsource-2.44.2-2.3.1 typelib-1_0-Soup-2_4-2.44.2-2.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): libsoup-lang-2.44.2-2.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libsoup-2_4-1-32bit-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-32bit-2.44.2-2.3.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libsoup-2_4-1-2.44.2-2.3.1 libsoup-2_4-1-32bit-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-32bit-2.44.2-2.3.1 libsoup-debugsource-2.44.2-2.3.1 typelib-1_0-Soup-2_4-2.44.2-2.3.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): libsoup-lang-2.44.2-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libsoup-2_4-1-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-2.44.2-2.3.1 libsoup-debugsource-2.44.2-2.3.1 typelib-1_0-Soup-2_4-2.44.2-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libsoup-2_4-1-32bit-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-32bit-2.44.2-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): libsoup-lang-2.44.2-2.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libsoup-2_4-1-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-2.44.2-2.3.1 libsoup-debugsource-2.44.2-2.3.1 typelib-1_0-Soup-2_4-2.44.2-2.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libsoup-2_4-1-32bit-2.44.2-2.3.1 libsoup-2_4-1-debuginfo-32bit-2.44.2-2.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): libsoup-lang-2.44.2-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-2885.html https://bugzilla.suse.com/1052916 From sle-security-updates at lists.suse.com Thu Aug 10 22:07:35 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 11 Aug 2017 06:07:35 +0200 (CEST) Subject: SUSE-SU-2017:2131-1: important: Security update for the Linux Kernel Message-ID: <20170811040735.7A2C6FF3A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2131-1 Rating: important References: #1038078 #1043652 #1048914 #1052311 #1052365 Cross-References: CVE-2017-1000111 CVE-2017-1000112 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000111: fix race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: fix race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). The following non-security bugs were fixed: - powerpc/numa: fix regression that could cause kernel panics during installation (bsc#1048914). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1319=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1319=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1319=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1319=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1319=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1319=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1319=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1319=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1319=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.74-92.35.1 kernel-default-debugsource-4.4.74-92.35.1 kernel-default-extra-4.4.74-92.35.1 kernel-default-extra-debuginfo-4.4.74-92.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.74-92.35.1 kernel-obs-build-debugsource-4.4.74-92.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.74-92.35.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.74-92.35.1 kernel-default-base-4.4.74-92.35.1 kernel-default-base-debuginfo-4.4.74-92.35.1 kernel-default-debuginfo-4.4.74-92.35.1 kernel-default-debugsource-4.4.74-92.35.1 kernel-default-devel-4.4.74-92.35.1 kernel-syms-4.4.74-92.35.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.74-92.35.1 kernel-macros-4.4.74-92.35.1 kernel-source-4.4.74-92.35.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.74-92.35.1 kernel-default-base-4.4.74-92.35.1 kernel-default-base-debuginfo-4.4.74-92.35.1 kernel-default-debuginfo-4.4.74-92.35.1 kernel-default-debugsource-4.4.74-92.35.1 kernel-default-devel-4.4.74-92.35.1 kernel-syms-4.4.74-92.35.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.74-92.35.1 kernel-macros-4.4.74-92.35.1 kernel-source-4.4.74-92.35.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): kernel-default-man-4.4.74-92.35.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_35-default-1-2.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.74-92.35.1 cluster-md-kmp-default-debuginfo-4.4.74-92.35.1 cluster-network-kmp-default-4.4.74-92.35.1 cluster-network-kmp-default-debuginfo-4.4.74-92.35.1 dlm-kmp-default-4.4.74-92.35.1 dlm-kmp-default-debuginfo-4.4.74-92.35.1 gfs2-kmp-default-4.4.74-92.35.1 gfs2-kmp-default-debuginfo-4.4.74-92.35.1 kernel-default-debuginfo-4.4.74-92.35.1 kernel-default-debugsource-4.4.74-92.35.1 ocfs2-kmp-default-4.4.74-92.35.1 ocfs2-kmp-default-debuginfo-4.4.74-92.35.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.74-92.35.1 kernel-macros-4.4.74-92.35.1 kernel-source-4.4.74-92.35.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.74-92.35.1 kernel-default-debuginfo-4.4.74-92.35.1 kernel-default-debugsource-4.4.74-92.35.1 kernel-default-devel-4.4.74-92.35.1 kernel-default-extra-4.4.74-92.35.1 kernel-default-extra-debuginfo-4.4.74-92.35.1 kernel-syms-4.4.74-92.35.1 - SUSE Container as a Service Platform ALL (x86_64): kernel-default-4.4.74-92.35.1 kernel-default-debuginfo-4.4.74-92.35.1 kernel-default-debugsource-4.4.74-92.35.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.74-92.35.1 kernel-default-debuginfo-4.4.74-92.35.1 kernel-default-debugsource-4.4.74-92.35.1 References: https://www.suse.com/security/cve/CVE-2017-1000111.html https://www.suse.com/security/cve/CVE-2017-1000112.html https://bugzilla.suse.com/1038078 https://bugzilla.suse.com/1043652 https://bugzilla.suse.com/1048914 https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052365 From sle-security-updates at lists.suse.com Fri Aug 11 13:07:24 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 11 Aug 2017 21:07:24 +0200 (CEST) Subject: SUSE-SU-2017:2141-1: Security update for libxml2 Message-ID: <20170811190725.012A3FF3A@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2141-1 Rating: low References: #1038444 Cross-References: CVE-2017-8872 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1326=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1326=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1326=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1326=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1326=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1326=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1326=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1326=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.3.2 libxml2-devel-2.9.4-46.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.3.2 libxml2-devel-2.9.4-46.3.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxml2-2-2.9.4-46.3.2 libxml2-2-debuginfo-2.9.4-46.3.2 libxml2-debugsource-2.9.4-46.3.2 libxml2-tools-2.9.4-46.3.2 libxml2-tools-debuginfo-2.9.4-46.3.2 python-libxml2-2.9.4-46.3.2 python-libxml2-debuginfo-2.9.4-46.3.2 python-libxml2-debugsource-2.9.4-46.3.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libxml2-doc-2.9.4-46.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.3.2 libxml2-2-debuginfo-2.9.4-46.3.2 libxml2-debugsource-2.9.4-46.3.2 libxml2-tools-2.9.4-46.3.2 libxml2-tools-debuginfo-2.9.4-46.3.2 python-libxml2-2.9.4-46.3.2 python-libxml2-debuginfo-2.9.4-46.3.2 python-libxml2-debugsource-2.9.4-46.3.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libxml2-2-32bit-2.9.4-46.3.2 libxml2-2-debuginfo-32bit-2.9.4-46.3.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): libxml2-doc-2.9.4-46.3.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.3.2 libxml2-2-debuginfo-2.9.4-46.3.2 libxml2-debugsource-2.9.4-46.3.2 libxml2-tools-2.9.4-46.3.2 libxml2-tools-debuginfo-2.9.4-46.3.2 python-libxml2-2.9.4-46.3.2 python-libxml2-debuginfo-2.9.4-46.3.2 python-libxml2-debugsource-2.9.4-46.3.2 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libxml2-2-32bit-2.9.4-46.3.2 libxml2-2-debuginfo-32bit-2.9.4-46.3.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): libxml2-doc-2.9.4-46.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libxml2-2-2.9.4-46.3.2 libxml2-2-32bit-2.9.4-46.3.2 libxml2-2-debuginfo-2.9.4-46.3.2 libxml2-2-debuginfo-32bit-2.9.4-46.3.2 libxml2-debugsource-2.9.4-46.3.2 libxml2-tools-2.9.4-46.3.2 libxml2-tools-debuginfo-2.9.4-46.3.2 python-libxml2-2.9.4-46.3.2 python-libxml2-debuginfo-2.9.4-46.3.2 python-libxml2-debugsource-2.9.4-46.3.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libxml2-2-2.9.4-46.3.2 libxml2-2-32bit-2.9.4-46.3.2 libxml2-2-debuginfo-2.9.4-46.3.2 libxml2-2-debuginfo-32bit-2.9.4-46.3.2 libxml2-debugsource-2.9.4-46.3.2 libxml2-tools-2.9.4-46.3.2 libxml2-tools-debuginfo-2.9.4-46.3.2 python-libxml2-2.9.4-46.3.2 python-libxml2-debuginfo-2.9.4-46.3.2 python-libxml2-debugsource-2.9.4-46.3.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libxml2-2-2.9.4-46.3.2 libxml2-2-debuginfo-2.9.4-46.3.2 libxml2-debugsource-2.9.4-46.3.2 References: https://www.suse.com/security/cve/CVE-2017-8872.html https://bugzilla.suse.com/1038444 From sle-security-updates at lists.suse.com Fri Aug 11 13:07:50 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 11 Aug 2017 21:07:50 +0200 (CEST) Subject: SUSE-SU-2017:2142-1: important: Security update for the Linux Kernel Message-ID: <20170811190750.B8269FC3F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2142-1 Rating: important References: #1052311 #1052365 Cross-References: CVE-2017-1000111 CVE-2017-1000112 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to the following security updates: - CVE-2017-1000111: fix race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: fix race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1327=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1327=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1327=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.86.1 kernel-default-base-3.12.61-52.86.1 kernel-default-base-debuginfo-3.12.61-52.86.1 kernel-default-debuginfo-3.12.61-52.86.1 kernel-default-debugsource-3.12.61-52.86.1 kernel-default-devel-3.12.61-52.86.1 kernel-syms-3.12.61-52.86.1 kernel-xen-3.12.61-52.86.1 kernel-xen-base-3.12.61-52.86.1 kernel-xen-base-debuginfo-3.12.61-52.86.1 kernel-xen-debuginfo-3.12.61-52.86.1 kernel-xen-debugsource-3.12.61-52.86.1 kernel-xen-devel-3.12.61-52.86.1 kgraft-patch-3_12_61-52_86-default-1-2.1 kgraft-patch-3_12_61-52_86-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.86.1 kernel-macros-3.12.61-52.86.1 kernel-source-3.12.61-52.86.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.86.1 kernel-default-base-3.12.61-52.86.1 kernel-default-base-debuginfo-3.12.61-52.86.1 kernel-default-debuginfo-3.12.61-52.86.1 kernel-default-debugsource-3.12.61-52.86.1 kernel-default-devel-3.12.61-52.86.1 kernel-syms-3.12.61-52.86.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.86.1 kernel-macros-3.12.61-52.86.1 kernel-source-3.12.61-52.86.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.86.1 kernel-xen-base-3.12.61-52.86.1 kernel-xen-base-debuginfo-3.12.61-52.86.1 kernel-xen-debuginfo-3.12.61-52.86.1 kernel-xen-debugsource-3.12.61-52.86.1 kernel-xen-devel-3.12.61-52.86.1 kgraft-patch-3_12_61-52_86-default-1-2.1 kgraft-patch-3_12_61-52_86-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.86.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.86.1 kernel-ec2-debuginfo-3.12.61-52.86.1 kernel-ec2-debugsource-3.12.61-52.86.1 kernel-ec2-devel-3.12.61-52.86.1 kernel-ec2-extra-3.12.61-52.86.1 kernel-ec2-extra-debuginfo-3.12.61-52.86.1 References: https://www.suse.com/security/cve/CVE-2017-1000111.html https://www.suse.com/security/cve/CVE-2017-1000112.html https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052365 From sle-security-updates at lists.suse.com Fri Aug 11 13:08:28 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 11 Aug 2017 21:08:28 +0200 (CEST) Subject: SUSE-SU-2017:2143-1: moderate: Security update for strongswan Message-ID: <20170811190828.40F7DFF3A@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2143-1 Rating: moderate References: #1051222 Cross-References: CVE-2017-11185 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for strongswan fixes the following issues: CVE-2017-11185: Specific RSA signatures passed to the gmp plugin for verification can cause a null-pointer dereference and it may lead to a denial of service (bsc#1051222) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1324=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1324=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1324=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1324=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1324=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): strongswan-5.1.3-26.5.1 strongswan-debugsource-5.1.3-26.5.1 strongswan-hmac-5.1.3-26.5.1 strongswan-ipsec-5.1.3-26.5.1 strongswan-ipsec-debuginfo-5.1.3-26.5.1 strongswan-libs0-5.1.3-26.5.1 strongswan-libs0-debuginfo-5.1.3-26.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): strongswan-doc-5.1.3-26.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): strongswan-5.1.3-26.5.1 strongswan-debugsource-5.1.3-26.5.1 strongswan-hmac-5.1.3-26.5.1 strongswan-ipsec-5.1.3-26.5.1 strongswan-ipsec-debuginfo-5.1.3-26.5.1 strongswan-libs0-5.1.3-26.5.1 strongswan-libs0-debuginfo-5.1.3-26.5.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): strongswan-doc-5.1.3-26.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): strongswan-5.1.3-26.5.1 strongswan-debugsource-5.1.3-26.5.1 strongswan-hmac-5.1.3-26.5.1 strongswan-ipsec-5.1.3-26.5.1 strongswan-ipsec-debuginfo-5.1.3-26.5.1 strongswan-libs0-5.1.3-26.5.1 strongswan-libs0-debuginfo-5.1.3-26.5.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): strongswan-doc-5.1.3-26.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): strongswan-5.1.3-26.5.1 strongswan-debugsource-5.1.3-26.5.1 strongswan-ipsec-5.1.3-26.5.1 strongswan-ipsec-debuginfo-5.1.3-26.5.1 strongswan-libs0-5.1.3-26.5.1 strongswan-libs0-debuginfo-5.1.3-26.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): strongswan-doc-5.1.3-26.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): strongswan-doc-5.1.3-26.5.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): strongswan-5.1.3-26.5.1 strongswan-debugsource-5.1.3-26.5.1 strongswan-ipsec-5.1.3-26.5.1 strongswan-ipsec-debuginfo-5.1.3-26.5.1 strongswan-libs0-5.1.3-26.5.1 strongswan-libs0-debuginfo-5.1.3-26.5.1 References: https://www.suse.com/security/cve/CVE-2017-11185.html https://bugzilla.suse.com/1051222 From sle-security-updates at lists.suse.com Fri Aug 11 13:08:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 11 Aug 2017 21:08:54 +0200 (CEST) Subject: SUSE-SU-2017:2144-1: important: Security update for openjpeg2 Message-ID: <20170811190854.B7209FF3A@maintenance.suse.de> SUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2144-1 Rating: important References: #979907 #997857 Cross-References: CVE-2015-8871 CVE-2016-7163 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openjpeg2 fixes the following issues: - CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857). - CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1325=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1325=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1325=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1325=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1325=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libopenjp2-7-2.1.0-4.3.2 libopenjp2-7-debuginfo-2.1.0-4.3.2 openjpeg2-debuginfo-2.1.0-4.3.2 openjpeg2-debugsource-2.1.0-4.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.3.2 libopenjp2-7-debuginfo-2.1.0-4.3.2 openjpeg2-debuginfo-2.1.0-4.3.2 openjpeg2-debugsource-2.1.0-4.3.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.3.2 libopenjp2-7-debuginfo-2.1.0-4.3.2 openjpeg2-debuginfo-2.1.0-4.3.2 openjpeg2-debugsource-2.1.0-4.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenjp2-7-2.1.0-4.3.2 libopenjp2-7-debuginfo-2.1.0-4.3.2 openjpeg2-debuginfo-2.1.0-4.3.2 openjpeg2-debugsource-2.1.0-4.3.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libopenjp2-7-2.1.0-4.3.2 libopenjp2-7-debuginfo-2.1.0-4.3.2 openjpeg2-debuginfo-2.1.0-4.3.2 openjpeg2-debugsource-2.1.0-4.3.2 References: https://www.suse.com/security/cve/CVE-2015-8871.html https://www.suse.com/security/cve/CVE-2016-7163.html https://bugzilla.suse.com/979907 https://bugzilla.suse.com/997857 From sle-security-updates at lists.suse.com Fri Aug 11 16:08:29 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 12 Aug 2017 00:08:29 +0200 (CEST) Subject: SUSE-SU-2017:2150-1: important: Security update for the Linux Kernel Message-ID: <20170811220829.943DBFC6C@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2150-1 Rating: important References: #1052311 #1052365 Cross-References: CVE-2017-1000111 CVE-2017-1000112 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to the following security updates: - CVE-2017-1000111: fix race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: fix race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1328=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1328=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1328=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1328=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.54.1 kernel-macros-3.12.74-60.64.54.1 kernel-source-3.12.74-60.64.54.1 - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.54.1 kernel-default-base-3.12.74-60.64.54.1 kernel-default-base-debuginfo-3.12.74-60.64.54.1 kernel-default-debuginfo-3.12.74-60.64.54.1 kernel-default-debugsource-3.12.74-60.64.54.1 kernel-default-devel-3.12.74-60.64.54.1 kernel-syms-3.12.74-60.64.54.1 kernel-xen-3.12.74-60.64.54.1 kernel-xen-base-3.12.74-60.64.54.1 kernel-xen-base-debuginfo-3.12.74-60.64.54.1 kernel-xen-debuginfo-3.12.74-60.64.54.1 kernel-xen-debugsource-3.12.74-60.64.54.1 kernel-xen-devel-3.12.74-60.64.54.1 kgraft-patch-3_12_74-60_64_54-default-1-2.1 kgraft-patch-3_12_74-60_64_54-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.54.1 kernel-default-base-3.12.74-60.64.54.1 kernel-default-base-debuginfo-3.12.74-60.64.54.1 kernel-default-debuginfo-3.12.74-60.64.54.1 kernel-default-debugsource-3.12.74-60.64.54.1 kernel-default-devel-3.12.74-60.64.54.1 kernel-syms-3.12.74-60.64.54.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.54.1 kernel-macros-3.12.74-60.64.54.1 kernel-source-3.12.74-60.64.54.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.54.1 kernel-xen-base-3.12.74-60.64.54.1 kernel-xen-base-debuginfo-3.12.74-60.64.54.1 kernel-xen-debuginfo-3.12.74-60.64.54.1 kernel-xen-debugsource-3.12.74-60.64.54.1 kernel-xen-devel-3.12.74-60.64.54.1 kgraft-patch-3_12_74-60_64_54-default-1-2.1 kgraft-patch-3_12_74-60_64_54-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.54.1 kernel-default-base-3.12.74-60.64.54.1 kernel-default-base-debuginfo-3.12.74-60.64.54.1 kernel-default-debuginfo-3.12.74-60.64.54.1 kernel-default-debugsource-3.12.74-60.64.54.1 kernel-default-devel-3.12.74-60.64.54.1 kernel-syms-3.12.74-60.64.54.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.54.1 kernel-macros-3.12.74-60.64.54.1 kernel-source-3.12.74-60.64.54.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.54.1 kernel-xen-base-3.12.74-60.64.54.1 kernel-xen-base-debuginfo-3.12.74-60.64.54.1 kernel-xen-debuginfo-3.12.74-60.64.54.1 kernel-xen-debugsource-3.12.74-60.64.54.1 kernel-xen-devel-3.12.74-60.64.54.1 kgraft-patch-3_12_74-60_64_54-default-1-2.1 kgraft-patch-3_12_74-60_64_54-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.54.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.54.1 kernel-ec2-debuginfo-3.12.74-60.64.54.1 kernel-ec2-debugsource-3.12.74-60.64.54.1 kernel-ec2-devel-3.12.74-60.64.54.1 kernel-ec2-extra-3.12.74-60.64.54.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.54.1 References: https://www.suse.com/security/cve/CVE-2017-1000111.html https://www.suse.com/security/cve/CVE-2017-1000112.html https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052365 From sle-security-updates at lists.suse.com Mon Aug 14 10:08:38 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 14 Aug 2017 18:08:38 +0200 (CEST) Subject: SUSE-SU-2017:2163-1: important: Security update for subversion Message-ID: <20170814160838.A8850FF3A@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2163-1 Rating: important References: #1011552 #1051362 Cross-References: CVE-2016-8734 CVE-2017-9800 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for subversion fixes the following issue: - CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// (bsc#1011552). - CVE-2017-9800: client code execution via argument injection in SSH URL (bnc#1051362) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-13230=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-subversion-13230=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-subversion-13230=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.36.9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.36.9.1 subversion-devel-1.6.17-1.36.9.1 subversion-perl-1.6.17-1.36.9.1 subversion-python-1.6.17-1.36.9.1 subversion-server-1.6.17-1.36.9.1 subversion-tools-1.6.17-1.36.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): subversion-debuginfo-1.6.17-1.36.9.1 subversion-debugsource-1.6.17-1.36.9.1 References: https://www.suse.com/security/cve/CVE-2016-8734.html https://www.suse.com/security/cve/CVE-2017-9800.html https://bugzilla.suse.com/1011552 https://bugzilla.suse.com/1051362 From sle-security-updates at lists.suse.com Tue Aug 15 10:08:37 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 15 Aug 2017 18:08:37 +0200 (CEST) Subject: SUSE-SU-2017:2168-1: moderate: Security update for nodejs4, nodejs6 Message-ID: <20170815160837.34872FEB7@maintenance.suse.de> SUSE Security Update: Security update for nodejs4, nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2168-1 Rating: moderate References: #1041282 #1041283 #1044946 #1048299 Cross-References: CVE-2017-1000381 CVE-2017-11499 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (bsc#1044946) - CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found. (bsc#1048299) Non-security fixes: - GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bsc#1041282) - New upstream LTS release 6.11.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6 .11.1 - New upstream LTS release 6.11.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6 .11.0 - New upstream LTS release 6.10.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6 .10.3 - New upstream LTS release 6.10.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6 .10.2 - New upstream LTS release 6.10.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6 .10.1 - New upstream LTS release 6.10.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6 .10.0 - New upstream LTS release 4.8.4 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4 .8.4 - New upstream LTS release 4.8.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4 .8.3 - New upstream LTS release 4.8.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4 .8.2 - New upstream LTS release 4.8.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4 .8.1 - New upstream LTS release 4.8.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4 .8.0 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1331=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1331=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1331=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): nodejs6-6.11.1-11.5.1 nodejs6-debuginfo-6.11.1-11.5.1 nodejs6-debugsource-6.11.1-11.5.1 - SUSE OpenStack Cloud 7 (noarch): nodejs-common-1.0-2.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.11.1-11.5.1 nodejs6-debuginfo-6.11.1-11.5.1 nodejs6-debugsource-6.11.1-11.5.1 nodejs6-devel-6.11.1-11.5.1 npm6-6.11.1-11.5.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le x86_64): nodejs4-4.8.4-15.5.1 nodejs4-debuginfo-4.8.4-15.5.1 nodejs4-debugsource-4.8.4-15.5.1 nodejs4-devel-4.8.4-15.5.1 npm4-4.8.4-15.5.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs-common-1.0-2.1 nodejs4-docs-4.8.4-15.5.1 nodejs6-docs-6.11.1-11.5.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs4-4.8.4-15.5.1 nodejs4-debuginfo-4.8.4-15.5.1 nodejs4-debugsource-4.8.4-15.5.1 nodejs6-6.11.1-11.5.1 nodejs6-debuginfo-6.11.1-11.5.1 nodejs6-debugsource-6.11.1-11.5.1 - SUSE Enterprise Storage 4 (noarch): nodejs-common-1.0-2.1 References: https://www.suse.com/security/cve/CVE-2017-1000381.html https://www.suse.com/security/cve/CVE-2017-11499.html https://bugzilla.suse.com/1041282 https://bugzilla.suse.com/1041283 https://bugzilla.suse.com/1044946 https://bugzilla.suse.com/1048299 From sle-security-updates at lists.suse.com Wed Aug 16 07:07:19 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 16 Aug 2017 15:07:19 +0200 (CEST) Subject: SUSE-SU-2017:2173-1: moderate: Security update for gnome-session Message-ID: <20170816130719.74966FC3F@maintenance.suse.de> SUSE Security Update: Security update for gnome-session ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2173-1 Rating: moderate References: #1048274 Cross-References: CVE-2017-11171 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnome-session fixes the following issues: - CVE-2017-11171: Fix a denial of service condition. an unauthenticated local user can create ICE connections, causing a file descriptor leak in gnome-session (bsc#1048274). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gnome-session-13231=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gnome-session-13231=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gnome-session-2.28.0-3.11.12.2 gnome-session-lang-2.28.0-3.11.12.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gnome-session-debuginfo-2.28.0-3.11.12.2 gnome-session-debugsource-2.28.0-3.11.12.2 References: https://www.suse.com/security/cve/CVE-2017-11171.html https://bugzilla.suse.com/1048274 From sle-security-updates at lists.suse.com Wed Aug 16 07:07:48 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 16 Aug 2017 15:07:48 +0200 (CEST) Subject: SUSE-SU-2017:2174-1: moderate: Security update for curl Message-ID: <20170816130748.6A072FC3F@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2174-1 Rating: moderate References: #1051643 #1051644 Cross-References: CVE-2017-1000100 CVE-2017-1000101 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1335=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1335=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1335=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1335=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1335=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1335=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1335=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1335=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1335=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.3.1 curl-debugsource-7.37.0-37.3.1 libcurl-devel-7.37.0-37.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.3.1 curl-debugsource-7.37.0-37.3.1 libcurl-devel-7.37.0-37.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): curl-7.37.0-37.3.1 curl-debuginfo-7.37.0-37.3.1 curl-debugsource-7.37.0-37.3.1 libcurl4-7.37.0-37.3.1 libcurl4-debuginfo-7.37.0-37.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.3.1 curl-debuginfo-7.37.0-37.3.1 curl-debugsource-7.37.0-37.3.1 libcurl4-7.37.0-37.3.1 libcurl4-debuginfo-7.37.0-37.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcurl4-32bit-7.37.0-37.3.1 libcurl4-debuginfo-32bit-7.37.0-37.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.3.1 curl-debuginfo-7.37.0-37.3.1 curl-debugsource-7.37.0-37.3.1 libcurl4-7.37.0-37.3.1 libcurl4-debuginfo-7.37.0-37.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libcurl4-32bit-7.37.0-37.3.1 libcurl4-debuginfo-32bit-7.37.0-37.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): curl-7.37.0-37.3.1 curl-debuginfo-7.37.0-37.3.1 curl-debugsource-7.37.0-37.3.1 libcurl4-32bit-7.37.0-37.3.1 libcurl4-7.37.0-37.3.1 libcurl4-debuginfo-32bit-7.37.0-37.3.1 libcurl4-debuginfo-7.37.0-37.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): curl-7.37.0-37.3.1 curl-debuginfo-7.37.0-37.3.1 curl-debugsource-7.37.0-37.3.1 libcurl4-32bit-7.37.0-37.3.1 libcurl4-7.37.0-37.3.1 libcurl4-debuginfo-32bit-7.37.0-37.3.1 libcurl4-debuginfo-7.37.0-37.3.1 - SUSE Container as a Service Platform ALL (x86_64): curl-7.37.0-37.3.1 curl-debuginfo-7.37.0-37.3.1 curl-debugsource-7.37.0-37.3.1 libcurl4-7.37.0-37.3.1 libcurl4-debuginfo-7.37.0-37.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-37.3.1 curl-debuginfo-7.37.0-37.3.1 curl-debugsource-7.37.0-37.3.1 libcurl4-7.37.0-37.3.1 libcurl4-debuginfo-7.37.0-37.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000100.html https://www.suse.com/security/cve/CVE-2017-1000101.html https://bugzilla.suse.com/1051643 https://bugzilla.suse.com/1051644 From sle-security-updates at lists.suse.com Wed Aug 16 07:08:28 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 16 Aug 2017 15:08:28 +0200 (CEST) Subject: SUSE-SU-2017:2175-1: important: Security update for java-1_8_0-openjdk Message-ID: <20170816130828.21854FC3F@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2175-1 Rating: important References: #1049302 #1049305 #1049306 #1049307 #1049308 #1049309 #1049310 #1049311 #1049312 #1049313 #1049314 #1049315 #1049316 #1049317 #1049318 #1049319 #1049320 #1049321 #1049322 #1049323 #1049324 #1049325 #1049326 #1049327 #1049328 #1049329 #1049330 #1049331 #1049332 Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 28 vulnerabilities and has one errata is now available. Description: This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues: Security issues fixed: - CVE-2017-10053: Improved image post-processing steps (bsc#1049305) - CVE-2017-10067: Additional jar validation steps (bsc#1049306) - CVE-2017-10074: Image conversion improvements (bsc#1049307) - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308) - CVE-2017-10081: Right parenthesis issue (bsc#1049309) - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310) - CVE-2017-10087: Better Thread Pool execution (bsc#1049311) - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312) - CVE-2017-10090: Better handling of channel groups (bsc#1049313) - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314) - CVE-2017-10101: Better reading of text catalogs (bsc#1049315) - CVE-2017-10102: Improved garbage collection (bsc#1049316) - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317) - CVE-2017-10107: Less Active Activations (bsc#1049318) - CVE-2017-10108: Better naming attribution (bsc#1049319) - CVE-2017-10109: Better sourcing of code (bsc#1049320) - CVE-2017-10110: Better image fetching (bsc#1049321) - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322) - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323) - CVE-2017-10115: Higher quality DSA operations (bsc#1049324) - CVE-2017-10116: Proper directory lookup processing (bsc#1049325) - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326) - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327) - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328) - CVE-2017-10176: Additional elliptic curve support (bsc#1049329) - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330) - CVE-2017-10198: Clear certificate chain connections (bsc#1049331) - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332) Bug fixes: - Check registry registration location - Improved certificate processing - JMX diagnostic improvements - Update to libpng 1.6.28 - Import of OpenJDK 8 u141 build 15 (bsc#1049302) New features: - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1337=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1337=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1337=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1337=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1337=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1337=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1337=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1337=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-1.8.0.144-27.5.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-devel-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_8_0-openjdk-1.8.0.144-27.5.3 java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3 java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-1.8.0.144-27.5.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3 References: https://www.suse.com/security/cve/CVE-2017-10053.html https://www.suse.com/security/cve/CVE-2017-10067.html https://www.suse.com/security/cve/CVE-2017-10074.html https://www.suse.com/security/cve/CVE-2017-10078.html https://www.suse.com/security/cve/CVE-2017-10081.html https://www.suse.com/security/cve/CVE-2017-10086.html https://www.suse.com/security/cve/CVE-2017-10087.html https://www.suse.com/security/cve/CVE-2017-10089.html https://www.suse.com/security/cve/CVE-2017-10090.html https://www.suse.com/security/cve/CVE-2017-10096.html https://www.suse.com/security/cve/CVE-2017-10101.html https://www.suse.com/security/cve/CVE-2017-10102.html https://www.suse.com/security/cve/CVE-2017-10105.html https://www.suse.com/security/cve/CVE-2017-10107.html https://www.suse.com/security/cve/CVE-2017-10108.html https://www.suse.com/security/cve/CVE-2017-10109.html https://www.suse.com/security/cve/CVE-2017-10110.html https://www.suse.com/security/cve/CVE-2017-10111.html https://www.suse.com/security/cve/CVE-2017-10114.html https://www.suse.com/security/cve/CVE-2017-10115.html https://www.suse.com/security/cve/CVE-2017-10116.html https://www.suse.com/security/cve/CVE-2017-10118.html https://www.suse.com/security/cve/CVE-2017-10125.html https://www.suse.com/security/cve/CVE-2017-10135.html https://www.suse.com/security/cve/CVE-2017-10176.html https://www.suse.com/security/cve/CVE-2017-10193.html https://www.suse.com/security/cve/CVE-2017-10198.html https://www.suse.com/security/cve/CVE-2017-10243.html https://bugzilla.suse.com/1049302 https://bugzilla.suse.com/1049305 https://bugzilla.suse.com/1049306 https://bugzilla.suse.com/1049307 https://bugzilla.suse.com/1049308 https://bugzilla.suse.com/1049309 https://bugzilla.suse.com/1049310 https://bugzilla.suse.com/1049311 https://bugzilla.suse.com/1049312 https://bugzilla.suse.com/1049313 https://bugzilla.suse.com/1049314 https://bugzilla.suse.com/1049315 https://bugzilla.suse.com/1049316 https://bugzilla.suse.com/1049317 https://bugzilla.suse.com/1049318 https://bugzilla.suse.com/1049319 https://bugzilla.suse.com/1049320 https://bugzilla.suse.com/1049321 https://bugzilla.suse.com/1049322 https://bugzilla.suse.com/1049323 https://bugzilla.suse.com/1049324 https://bugzilla.suse.com/1049325 https://bugzilla.suse.com/1049326 https://bugzilla.suse.com/1049327 https://bugzilla.suse.com/1049328 https://bugzilla.suse.com/1049329 https://bugzilla.suse.com/1049330 https://bugzilla.suse.com/1049331 https://bugzilla.suse.com/1049332 From sle-security-updates at lists.suse.com Wed Aug 16 10:08:04 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 16 Aug 2017 18:08:04 +0200 (CEST) Subject: SUSE-SU-2017:2176-1: important: Security update for ImageMagick Message-ID: <20170816160804.73A2FFC3F@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2176-1 Rating: important References: #1042826 #1043289 #1049072 Cross-References: CVE-2017-11403 CVE-2017-9439 CVE-2017-9501 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13232=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13232=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13232=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.78.5.2 ImageMagick-devel-6.4.3.6-7.78.5.2 libMagick++-devel-6.4.3.6-7.78.5.2 libMagick++1-6.4.3.6-7.78.5.2 libMagickWand1-6.4.3.6-7.78.5.2 perl-PerlMagick-6.4.3.6-7.78.5.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.78.5.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.78.5.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.78.5.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.78.5.2 ImageMagick-debugsource-6.4.3.6-7.78.5.2 References: https://www.suse.com/security/cve/CVE-2017-11403.html https://www.suse.com/security/cve/CVE-2017-9439.html https://www.suse.com/security/cve/CVE-2017-9501.html https://bugzilla.suse.com/1042826 https://bugzilla.suse.com/1043289 https://bugzilla.suse.com/1049072 From sle-security-updates at lists.suse.com Thu Aug 17 04:09:14 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 17 Aug 2017 12:09:14 +0200 (CEST) Subject: SUSE-SU-2017:2199-1: important: Security update for ImageMagick Message-ID: <20170817100914.BC541FF3A@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2199-1 Rating: important References: #1042812 #1042826 #1043289 #1049072 Cross-References: CVE-2017-11403 CVE-2017-9439 CVE-2017-9440 CVE-2017-9501 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin coders/psd.c (bsc#1042812) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1343=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1343=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1343=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1343=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1343=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1343=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1343=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1343=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1343=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.5.3 ImageMagick-debuginfo-6.8.8.1-71.5.3 ImageMagick-debugsource-6.8.8.1-71.5.3 libMagick++-6_Q16-3-6.8.8.1-71.5.3 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.5.3 ImageMagick-debuginfo-6.8.8.1-71.5.3 ImageMagick-debugsource-6.8.8.1-71.5.3 libMagick++-6_Q16-3-6.8.8.1-71.5.3 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.5.3 ImageMagick-debuginfo-6.8.8.1-71.5.3 ImageMagick-debugsource-6.8.8.1-71.5.3 ImageMagick-devel-6.8.8.1-71.5.3 libMagick++-6_Q16-3-6.8.8.1-71.5.3 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3 libMagick++-devel-6.8.8.1-71.5.3 perl-PerlMagick-6.8.8.1-71.5.3 perl-PerlMagick-debuginfo-6.8.8.1-71.5.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.5.3 ImageMagick-debuginfo-6.8.8.1-71.5.3 ImageMagick-debugsource-6.8.8.1-71.5.3 ImageMagick-devel-6.8.8.1-71.5.3 libMagick++-6_Q16-3-6.8.8.1-71.5.3 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3 libMagick++-devel-6.8.8.1-71.5.3 perl-PerlMagick-6.8.8.1-71.5.3 perl-PerlMagick-debuginfo-6.8.8.1-71.5.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-71.5.3 ImageMagick-debugsource-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.5.3 ImageMagick-debugsource-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.5.3 ImageMagick-debugsource-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.5.3 ImageMagick-debuginfo-6.8.8.1-71.5.3 ImageMagick-debugsource-6.8.8.1-71.5.3 libMagick++-6_Q16-3-6.8.8.1-71.5.3 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.5.3 ImageMagick-debuginfo-6.8.8.1-71.5.3 ImageMagick-debugsource-6.8.8.1-71.5.3 libMagick++-6_Q16-3-6.8.8.1-71.5.3 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.5.3 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-6.8.8.1-71.5.3 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.5.3 References: https://www.suse.com/security/cve/CVE-2017-11403.html https://www.suse.com/security/cve/CVE-2017-9439.html https://www.suse.com/security/cve/CVE-2017-9440.html https://www.suse.com/security/cve/CVE-2017-9501.html https://bugzilla.suse.com/1042812 https://bugzilla.suse.com/1042826 https://bugzilla.suse.com/1043289 https://bugzilla.suse.com/1049072 From sle-security-updates at lists.suse.com Thu Aug 17 04:10:12 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 17 Aug 2017 12:10:12 +0200 (CEST) Subject: SUSE-SU-2017:2200-1: important: Security update for subversion Message-ID: <20170817101012.5F32DFC6C@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2200-1 Rating: important References: #1011552 #1026936 #1051362 #897033 #909935 #911620 #916286 #923793 #923794 #923795 #939514 #939517 #942819 #958300 #969159 #976849 #976850 #977424 #983938 Cross-References: CVE-2014-3580 CVE-2014-8108 CVE-2015-0202 CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 CVE-2015-5343 CVE-2016-2167 CVE-2016-2168 CVE-2016-8734 CVE-2017-9800 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 7 fixes is now available. Description: This update for subversion fixes the following issues: - CVE-2017-9800: A malicious, compromised server or MITM may cause svn client to execute arbitrary commands by sending repository content with svn:externals definitions pointing to crafted svn+ssh URLs. (bsc#1051362) - Malicious user may commit SHA-1 collisions and cause repository inconsistencies (bsc#1026936) - CVE-2016-8734: Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// could lead to denial of service (bsc#1011552) - CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm (bsc#976849) - CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn during COPY/MOVE authorization check (bsc#976850) - mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm (bsc#977424) - make the subversion package conflict with KWallet and Gnome Keyring packages with do not require matching subversion versions in SLE 12 and openSUSE Leap 42.1 and thus break the main package upon partial upgrade. (bsc#969159) - CVE-2015-5343: Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. (bsc#958300) - Avoid recommending 180+ new pkgs for installation on minimal setup due subversion-password-store (bsc#942819) - CVE-2015-3184: mod_authz_svn: mixed anonymous/authenticated httpd (dav) configurations could lead to information leak (bsc#939514) - CVE-2015-3187: do not leak paths that were hidden by path-based authz (bsc#939517) - CVE-2015-0202: Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793) - CVE-2015-0248: Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794) - CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795) - fix sample configuration comments in subversion.conf (bsc#916286) - fix sysconfig file generation (bsc#911620) - CVE-2014-3580: mod_dav_svn invalid REPORT requests could lead to denial of service (bsc#909935) - CVE-2014-8108: mod_dav_svn use of invalid transaction names could lead to denial of service (bsc#909935) - INSTALL#SQLite says 'Subversion 1.8 requires SQLite version 3.7.12 or above'; therefore I lowered the sqlite requirement to make the subversion run on older system versions, tooi. [bsc#897033] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1340=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1340=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.19-25.3.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.19-25.3.1 subversion-1.8.19-25.3.1 subversion-debuginfo-1.8.19-25.3.1 subversion-debugsource-1.8.19-25.3.1 subversion-devel-1.8.19-25.3.1 subversion-perl-1.8.19-25.3.1 subversion-perl-debuginfo-1.8.19-25.3.1 subversion-python-1.8.19-25.3.1 subversion-python-debuginfo-1.8.19-25.3.1 subversion-server-1.8.19-25.3.1 subversion-server-debuginfo-1.8.19-25.3.1 subversion-tools-1.8.19-25.3.1 subversion-tools-debuginfo-1.8.19-25.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): subversion-bash-completion-1.8.19-25.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.19-25.3.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.19-25.3.1 subversion-1.8.19-25.3.1 subversion-debuginfo-1.8.19-25.3.1 subversion-debugsource-1.8.19-25.3.1 subversion-devel-1.8.19-25.3.1 subversion-perl-1.8.19-25.3.1 subversion-perl-debuginfo-1.8.19-25.3.1 subversion-python-1.8.19-25.3.1 subversion-python-debuginfo-1.8.19-25.3.1 subversion-server-1.8.19-25.3.1 subversion-server-debuginfo-1.8.19-25.3.1 subversion-tools-1.8.19-25.3.1 subversion-tools-debuginfo-1.8.19-25.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): subversion-bash-completion-1.8.19-25.3.1 References: https://www.suse.com/security/cve/CVE-2014-3580.html https://www.suse.com/security/cve/CVE-2014-8108.html https://www.suse.com/security/cve/CVE-2015-0202.html https://www.suse.com/security/cve/CVE-2015-0248.html https://www.suse.com/security/cve/CVE-2015-0251.html https://www.suse.com/security/cve/CVE-2015-3184.html https://www.suse.com/security/cve/CVE-2015-3187.html https://www.suse.com/security/cve/CVE-2015-5343.html https://www.suse.com/security/cve/CVE-2016-2167.html https://www.suse.com/security/cve/CVE-2016-2168.html https://www.suse.com/security/cve/CVE-2016-8734.html https://www.suse.com/security/cve/CVE-2017-9800.html https://bugzilla.suse.com/1011552 https://bugzilla.suse.com/1026936 https://bugzilla.suse.com/1051362 https://bugzilla.suse.com/897033 https://bugzilla.suse.com/909935 https://bugzilla.suse.com/911620 https://bugzilla.suse.com/916286 https://bugzilla.suse.com/923793 https://bugzilla.suse.com/923794 https://bugzilla.suse.com/923795 https://bugzilla.suse.com/939514 https://bugzilla.suse.com/939517 https://bugzilla.suse.com/942819 https://bugzilla.suse.com/958300 https://bugzilla.suse.com/969159 https://bugzilla.suse.com/976849 https://bugzilla.suse.com/976850 https://bugzilla.suse.com/977424 https://bugzilla.suse.com/983938 From sle-security-updates at lists.suse.com Thu Aug 17 04:14:08 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 17 Aug 2017 12:14:08 +0200 (CEST) Subject: SUSE-SU-2017:2201-1: moderate: Security update for libplist Message-ID: <20170817101408.28981FC3F@maintenance.suse.de> SUSE Security Update: Security update for libplist ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2201-1 Rating: moderate References: #1029638 #1029639 #1029706 #1029707 #1029751 Cross-References: CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libplist fixes the following issues: Security issues fixed: - CVE-2017-6439: Heap-based buffer overflow in the parse_string_node function. (bsc#1029638) - CVE-2017-6438: Heap-based buffer overflow in the parse_unicode_node function. (bsc#1029706) - CVE-2017-6437: The base64encode function in base64.c allows local users to cause denial of service (out-of-bounds read) via a crafted plist file. (bsc#1029707) - CVE-2017-6436: Integer overflow in parse_string_node. (bsc#1029751) - CVE-2017-6435: Crafted plist file could lead to Heap-buffer overflow. (bsc#1029639) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1342=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1342=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1342=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1342=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1342=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1342=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1342=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1342=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1342=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libplist++3-1.12-20.3.2 libplist++3-debuginfo-1.12-20.3.2 libplist-debugsource-1.12-20.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libplist++3-1.12-20.3.2 libplist++3-debuginfo-1.12-20.3.2 libplist-debugsource-1.12-20.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libplist++-devel-1.12-20.3.2 libplist++3-1.12-20.3.2 libplist++3-debuginfo-1.12-20.3.2 libplist-debugsource-1.12-20.3.2 libplist-devel-1.12-20.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libplist++-devel-1.12-20.3.2 libplist++3-1.12-20.3.2 libplist++3-debuginfo-1.12-20.3.2 libplist-debugsource-1.12-20.3.2 libplist-devel-1.12-20.3.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libplist-debugsource-1.12-20.3.2 libplist3-1.12-20.3.2 libplist3-debuginfo-1.12-20.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libplist-debugsource-1.12-20.3.2 libplist3-1.12-20.3.2 libplist3-debuginfo-1.12-20.3.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libplist-debugsource-1.12-20.3.2 libplist3-1.12-20.3.2 libplist3-debuginfo-1.12-20.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libplist++3-1.12-20.3.2 libplist++3-debuginfo-1.12-20.3.2 libplist-debugsource-1.12-20.3.2 libplist3-1.12-20.3.2 libplist3-debuginfo-1.12-20.3.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libplist++3-1.12-20.3.2 libplist++3-debuginfo-1.12-20.3.2 libplist-debugsource-1.12-20.3.2 libplist3-1.12-20.3.2 libplist3-debuginfo-1.12-20.3.2 References: https://www.suse.com/security/cve/CVE-2017-6435.html https://www.suse.com/security/cve/CVE-2017-6436.html https://www.suse.com/security/cve/CVE-2017-6437.html https://www.suse.com/security/cve/CVE-2017-6438.html https://www.suse.com/security/cve/CVE-2017-6439.html https://bugzilla.suse.com/1029638 https://bugzilla.suse.com/1029639 https://bugzilla.suse.com/1029706 https://bugzilla.suse.com/1029707 https://bugzilla.suse.com/1029751 From sle-security-updates at lists.suse.com Thu Aug 17 04:15:26 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 17 Aug 2017 12:15:26 +0200 (CEST) Subject: SUSE-SU-2017:2202-1: important: Security update for freeradius-server Message-ID: <20170817101526.23A12FEB7@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2202-1 Rating: important References: #1049086 Cross-References: CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 CVE-2017-10988 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: - update to 3.0.15 (bsc#1049086) * Bind the lifetime of program name and python path to the module * CVE-2017-10978: FR-GV-201: Check input / output length in make_secret() (bsc#1049086) * CVE-2017-10983: FR-GV-206: Fix read overflow when decoding DHCP option 63 (bsc#1049086) * CVE-2017-10984: FR-GV-301: Fix write overflow in data2vp_wimax() (bsc#1049086) * CVE-2017-10985: FR-GV-302: Fix infinite loop and memory exhaustion with 'concat' attributes (bsc#1049086) * CVE-2017-10986: FR-GV-303: Fix infinite read in dhcp_attr2vp() (bsc#1049086) * CVE-2017-10987: FR-GV-304: Fix buffer over-read in fr_dhcp_decode_suboptions() (bsc#1049086) * CVE-2017-10988: FR-GV-305: Decode 'signed' attributes correctly. (bsc#1049086) * FR-AD-001: use strncmp() instead of memcmp() for bounded data * Print messages when we see deprecated configuration items * Show reasons why we couldn't parse a certificate expiry time * Be more accepting about truncated ASN1 times. * Fix OpenSSL API issue which could leak small amounts of memory. * For Access-Reject, call rad_authlog() after running the post-auth section, just like for Access-Accept. * Don't crash when reading corrupted data from session resumption cache. * Parse port in dhcpclient. * Don't leak memory for OpenSSL. * Portability fixes taken from OpenBSD port collection. * run rad_authlog after post-auth for Access-Reject. * Don't process VMPS packets twice. * Fix attribute truncation in rlm_perl * Fix bug when processing huntgroups. * FR-AD-002 - Bind the lifetime of program name and python path to the module * FR-AD-003 - Pass correct statement length into sqlite3_prepare[_v2] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1341=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1341=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.15-2.3.1 freeradius-server-debugsource-3.0.15-2.3.1 freeradius-server-devel-3.0.15-2.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.15-2.3.1 freeradius-server-debuginfo-3.0.15-2.3.1 freeradius-server-debugsource-3.0.15-2.3.1 freeradius-server-doc-3.0.15-2.3.1 freeradius-server-krb5-3.0.15-2.3.1 freeradius-server-krb5-debuginfo-3.0.15-2.3.1 freeradius-server-ldap-3.0.15-2.3.1 freeradius-server-ldap-debuginfo-3.0.15-2.3.1 freeradius-server-libs-3.0.15-2.3.1 freeradius-server-libs-debuginfo-3.0.15-2.3.1 freeradius-server-mysql-3.0.15-2.3.1 freeradius-server-mysql-debuginfo-3.0.15-2.3.1 freeradius-server-perl-3.0.15-2.3.1 freeradius-server-perl-debuginfo-3.0.15-2.3.1 freeradius-server-postgresql-3.0.15-2.3.1 freeradius-server-postgresql-debuginfo-3.0.15-2.3.1 freeradius-server-python-3.0.15-2.3.1 freeradius-server-python-debuginfo-3.0.15-2.3.1 freeradius-server-sqlite-3.0.15-2.3.1 freeradius-server-sqlite-debuginfo-3.0.15-2.3.1 freeradius-server-utils-3.0.15-2.3.1 freeradius-server-utils-debuginfo-3.0.15-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-10978.html https://www.suse.com/security/cve/CVE-2017-10983.html https://www.suse.com/security/cve/CVE-2017-10984.html https://www.suse.com/security/cve/CVE-2017-10985.html https://www.suse.com/security/cve/CVE-2017-10986.html https://www.suse.com/security/cve/CVE-2017-10987.html https://www.suse.com/security/cve/CVE-2017-10988.html https://bugzilla.suse.com/1049086 From sle-security-updates at lists.suse.com Fri Aug 18 07:12:05 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 18 Aug 2017 15:12:05 +0200 (CEST) Subject: SUSE-SU-2017:2212-1: important: Security update for openvswitch Message-ID: <20170818131205.CB71BFC3F@maintenance.suse.de> SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2212-1 Rating: important References: #1002734 #1041447 #1041470 #1050896 Cross-References: CVE-2017-9263 CVE-2017-9265 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openvswitch fixes the following issues: - CVE-2017-9263: OpenFlow role status message can cause a call to abort() leading to application crash (bsc#1041470) - CVE-2017-9265: Buffer over-read while parsing message could lead to crash or maybe arbitrary code execution (bsc#1041447) - Do not restart the ovs-vswitchd and ovsdb-server services on package updates (bsc#1002734) - Do not restart the ovs-vswitchd, ovsdb-server and openvswitch services on package removals. This facilitates potential future package moves but also preserves connectivity when the package is removed (bsc#1050896) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1348=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openvswitch-2.7.0-3.3.1 openvswitch-debuginfo-2.7.0-3.3.1 openvswitch-debugsource-2.7.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-9263.html https://www.suse.com/security/cve/CVE-2017-9265.html https://bugzilla.suse.com/1002734 https://bugzilla.suse.com/1041447 https://bugzilla.suse.com/1041470 https://bugzilla.suse.com/1050896 From sle-security-updates at lists.suse.com Fri Aug 18 13:09:12 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 18 Aug 2017 21:09:12 +0200 (CEST) Subject: SUSE-SU-2017:2217-1: Security update for gnome-shell Message-ID: <20170818190912.3FFF6FEB7@maintenance.suse.de> SUSE Security Update: Security update for gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2217-1 Rating: low References: #1008539 #1034584 #1034827 #1036494 #1047262 Cross-References: CVE-2017-8288 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for gnome-shell provides the following fixes: - Fix not intuitive login screen for root user (bsc#1047262) - Disable session selection button when it's hidden in user switch dialog (bsc#1034584, bsc#1034827) - Fix app windows overlay app list in overview screen (bsc#1008539) - Properly handle failures when loading extensions (bsc#1036494, CVE-2017-8288) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1350=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1350=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1350=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1350=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1350=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1350=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1350=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1350=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1350=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gnome-shell-calendar-3.20.4-77.7.5 gnome-shell-calendar-debuginfo-3.20.4-77.7.5 gnome-shell-debuginfo-3.20.4-77.7.5 gnome-shell-debugsource-3.20.4-77.7.5 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gnome-shell-calendar-3.20.4-77.7.5 gnome-shell-calendar-debuginfo-3.20.4-77.7.5 gnome-shell-debuginfo-3.20.4-77.7.5 gnome-shell-debugsource-3.20.4-77.7.5 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-debuginfo-3.20.4-77.7.5 gnome-shell-debugsource-3.20.4-77.7.5 gnome-shell-devel-3.20.4-77.7.5 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-shell-debuginfo-3.20.4-77.7.5 gnome-shell-debugsource-3.20.4-77.7.5 gnome-shell-devel-3.20.4-77.7.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-shell-3.20.4-77.7.5 gnome-shell-browser-plugin-3.20.4-77.7.5 gnome-shell-browser-plugin-debuginfo-3.20.4-77.7.5 gnome-shell-debuginfo-3.20.4-77.7.5 gnome-shell-debugsource-3.20.4-77.7.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-shell-lang-3.20.4-77.7.5 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-3.20.4-77.7.5 gnome-shell-browser-plugin-3.20.4-77.7.5 gnome-shell-browser-plugin-debuginfo-3.20.4-77.7.5 gnome-shell-debuginfo-3.20.4-77.7.5 gnome-shell-debugsource-3.20.4-77.7.5 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-shell-lang-3.20.4-77.7.5 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-shell-3.20.4-77.7.5 gnome-shell-browser-plugin-3.20.4-77.7.5 gnome-shell-browser-plugin-debuginfo-3.20.4-77.7.5 gnome-shell-debuginfo-3.20.4-77.7.5 gnome-shell-debugsource-3.20.4-77.7.5 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-shell-lang-3.20.4-77.7.5 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-shell-3.20.4-77.7.5 gnome-shell-browser-plugin-3.20.4-77.7.5 gnome-shell-browser-plugin-debuginfo-3.20.4-77.7.5 gnome-shell-calendar-3.20.4-77.7.5 gnome-shell-calendar-debuginfo-3.20.4-77.7.5 gnome-shell-debuginfo-3.20.4-77.7.5 gnome-shell-debugsource-3.20.4-77.7.5 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-shell-lang-3.20.4-77.7.5 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-shell-lang-3.20.4-77.7.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-shell-3.20.4-77.7.5 gnome-shell-browser-plugin-3.20.4-77.7.5 gnome-shell-browser-plugin-debuginfo-3.20.4-77.7.5 gnome-shell-calendar-3.20.4-77.7.5 gnome-shell-calendar-debuginfo-3.20.4-77.7.5 gnome-shell-debuginfo-3.20.4-77.7.5 gnome-shell-debugsource-3.20.4-77.7.5 References: https://www.suse.com/security/cve/CVE-2017-8288.html https://bugzilla.suse.com/1008539 https://bugzilla.suse.com/1034584 https://bugzilla.suse.com/1034827 https://bugzilla.suse.com/1036494 https://bugzilla.suse.com/1047262 From sle-security-updates at lists.suse.com Mon Aug 21 10:07:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 21 Aug 2017 18:07:56 +0200 (CEST) Subject: SUSE-SU-2017:2225-1: important: Security update for git Message-ID: <20170821160756.16880FC3F@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2225-1 Rating: important References: #1052481 Cross-References: CVE-2017-1000117 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2017-1000117: an argument injection in SSH URLs could lead to client-side code execution (bsc#1052481) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-git-13235=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-git-13235=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-git-13235=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): git-1.7.12.4-0.18.3.1 git-core-1.7.12.4-0.18.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-1.7.12.4-0.18.3.1 git-arch-1.7.12.4-0.18.3.1 git-core-1.7.12.4-0.18.3.1 git-cvs-1.7.12.4-0.18.3.1 git-daemon-1.7.12.4-0.18.3.1 git-email-1.7.12.4-0.18.3.1 git-gui-1.7.12.4-0.18.3.1 git-svn-1.7.12.4-0.18.3.1 git-web-1.7.12.4-0.18.3.1 gitk-1.7.12.4-0.18.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-debuginfo-1.7.12.4-0.18.3.1 git-debugsource-1.7.12.4-0.18.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000117.html https://bugzilla.suse.com/1052481 From sle-security-updates at lists.suse.com Tue Aug 22 10:07:52 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Aug 2017 18:07:52 +0200 (CEST) Subject: SUSE-SU-2017:2229-1: important: Security update for GraphicsMagick Message-ID: <20170822160752.30395FC6C@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2229-1 Rating: important References: #1036985 #1042826 #1043289 #1049072 #1050611 #1050674 Cross-References: CVE-2017-11403 CVE-2017-11636 CVE-2017-11643 CVE-2017-8350 CVE-2017-9439 CVE-2017-9501 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-8350: The PNG/JNG decoder recieved an incremental fix, fixing some related issues in the same code. (bsc#1036985) - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: The ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file (bsc#1049072) - CVE-2017-11643: A heap overflow in WriteCMYKImage()function in coders/cmyk.c was fixed (bsc#1050611) - CVE-2017-11636: A heap overflow in WriteRGBImage() in coders/rgb.c was fixed (bsc#1050674) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13236=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13236=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13236=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.78.9.1 libGraphicsMagick2-1.2.5-4.78.9.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.78.9.1 libGraphicsMagick2-1.2.5-4.78.9.1 perl-GraphicsMagick-1.2.5-4.78.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.78.9.1 GraphicsMagick-debugsource-1.2.5-4.78.9.1 References: https://www.suse.com/security/cve/CVE-2017-11403.html https://www.suse.com/security/cve/CVE-2017-11636.html https://www.suse.com/security/cve/CVE-2017-11643.html https://www.suse.com/security/cve/CVE-2017-8350.html https://www.suse.com/security/cve/CVE-2017-9439.html https://www.suse.com/security/cve/CVE-2017-9501.html https://bugzilla.suse.com/1036985 https://bugzilla.suse.com/1042826 https://bugzilla.suse.com/1043289 https://bugzilla.suse.com/1049072 https://bugzilla.suse.com/1050611 https://bugzilla.suse.com/1050674 From sle-security-updates at lists.suse.com Tue Aug 22 13:07:11 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Aug 2017 21:07:11 +0200 (CEST) Subject: SUSE-SU-2017:2234-1: important: Security update for freerdp Message-ID: <20170822190711.42342FC9C@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2234-1 Rating: important References: #1050699 #1050704 #1050708 #1050711 #1050712 #1050714 Cross-References: CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2017-2834: Out-of-bounds write in license_recv() (bsc#1050714) - CVE-2017-2835: Out-of-bounds write in rdp_recv_tpkt_pdu (bsc#1050712) - CVE-2017-2836: Rdp Client Read Server Proprietary Certificate Denial of Service (bsc#1050699) - CVE-2017-2837: Client GCC Read Server Security Data DoS (bsc#1050704) - CVE-2017-2838: Client License Read Product Info Denial of Service Vulnerability (bsc#1050708) - CVE-2017-2839: Client License Read Challenge Packet Denial of Service (bsc#1050711) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1365=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1365=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1365=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1365=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1365=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1365=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): freerdp-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): freerdp-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-devel-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-devel-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): freerdp-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): freerdp-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-2.0.0~git.1463131968.4e66df7-12.3.2 libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.3.2 References: https://www.suse.com/security/cve/CVE-2017-2834.html https://www.suse.com/security/cve/CVE-2017-2835.html https://www.suse.com/security/cve/CVE-2017-2836.html https://www.suse.com/security/cve/CVE-2017-2837.html https://www.suse.com/security/cve/CVE-2017-2838.html https://www.suse.com/security/cve/CVE-2017-2839.html https://bugzilla.suse.com/1050699 https://bugzilla.suse.com/1050704 https://bugzilla.suse.com/1050708 https://bugzilla.suse.com/1050711 https://bugzilla.suse.com/1050712 https://bugzilla.suse.com/1050714 From sle-security-updates at lists.suse.com Tue Aug 22 13:08:17 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Aug 2017 21:08:17 +0200 (CEST) Subject: SUSE-SU-2017:2235-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss Message-ID: <20170822190817.77183FC64@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2235-1 Rating: important References: #1025108 #1031485 #1035082 #1043960 #930392 #930496 #935510 #939460 #945842 #953831 #954002 #955382 #962765 #964468 #966220 #968771 Cross-References: CVE-2015-5276 CVE-2016-10196 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 51 vulnerabilities is now available. Description: This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed: - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16) - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - CVE-2017-5472: Use-after-free using destroyed node when regenerating trees - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - CVE-2017-7752: Use-after-free with IME input - CVE-2017-7750: Use-after-free with track elements - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service - CVE-2017-7778: Vulnerabilities in the Graphite 2 library - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object - CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors - CVE-2017-7757: Use-after-free in IndexedDB - CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - CVE-2017-7763: Mac fonts render some unicode characters as spaces - CVE-2017-7765: Mark of the Web bypass when saving executable files - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12) - CVE-2016-10196: Vulnerabilities in Libevent library - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http- index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5462: DRBG flaw in NSS - CVE-2017-5455: Sandbox escape through internal feed reader APIs - CVE-2017-5454: Sandbox escape allowing file system read access through file picker - CVE-2017-5456: Sandbox escape allowing local file system access - CVE-2017-5451: Addressbar spoofing with onblur event - General - CVE-2015-5276: Fix for C++11 std::random_device short reads (bsc#945842) Bugfixes: - workaround for Firefox hangs (bsc#1031485, bsc#1025108) - Update to gcc-5-branch head. * Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382). - Add fix to revert accidential libffi ABI breakage on AARCH64. (bsc#968771) - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. (bsc#954002) - Fix libffi include install. (bsc#935510) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-13237=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-13237=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-13237=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-13237=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-13237=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-13237=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mozilla-nss-devel-3.29.5-47.3.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): MozillaFirefox-devel-52.2.0esr-72.5.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): firefox-libffi4-5.3.1+r233831-7.1 firefox-libstdc++6-5.3.1+r233831-7.1 libfreebl3-3.29.5-47.3.2 libsoftokn3-3.29.5-47.3.2 mozilla-nss-3.29.5-47.3.2 mozilla-nss-tools-3.29.5-47.3.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): MozillaFirefox-52.2.0esr-72.5.2 MozillaFirefox-branding-SLED-52-24.3.44 MozillaFirefox-translations-52.2.0esr-72.5.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libfreebl3-32bit-3.29.5-47.3.2 libsoftokn3-32bit-3.29.5-47.3.2 mozilla-nss-32bit-3.29.5-47.3.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.29.5-47.3.2 libsoftokn3-x86-3.29.5-47.3.2 mozilla-nss-x86-3.29.5-47.3.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-52.2.0esr-72.5.2 MozillaFirefox-branding-SLED-52-24.3.44 MozillaFirefox-translations-52.2.0esr-72.5.2 firefox-libffi4-5.3.1+r233831-7.1 firefox-libstdc++6-5.3.1+r233831-7.1 libfreebl3-3.29.5-47.3.2 libsoftokn3-3.29.5-47.3.2 mozilla-nss-3.29.5-47.3.2 mozilla-nss-tools-3.29.5-47.3.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.29.5-47.3.2 libsoftokn3-32bit-3.29.5-47.3.2 mozilla-nss-32bit-3.29.5-47.3.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-52.2.0esr-72.5.2 MozillaFirefox-branding-SLED-52-24.3.44 MozillaFirefox-translations-52.2.0esr-72.5.2 firefox-libffi4-5.3.1+r233831-7.1 firefox-libstdc++6-5.3.1+r233831-7.1 libfreebl3-3.29.5-47.3.2 libsoftokn3-3.29.5-47.3.2 mozilla-nss-3.29.5-47.3.2 mozilla-nss-tools-3.29.5-47.3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mozilla-nss-debuginfo-3.29.5-47.3.2 mozilla-nss-debugsource-3.29.5-47.3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): MozillaFirefox-debuginfo-52.2.0esr-72.5.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-52.2.0esr-72.5.2 firefox-gcc5-debuginfo-5.3.1+r233831-7.1 firefox-gcc5-debugsource-5.3.1+r233831-7.1 firefox-libffi-gcc5-debuginfo-5.3.1+r233831-7.1 mozilla-nss-debuginfo-3.29.5-47.3.2 mozilla-nss-debugsource-3.29.5-47.3.2 References: https://www.suse.com/security/cve/CVE-2015-5276.html https://www.suse.com/security/cve/CVE-2016-10196.html https://www.suse.com/security/cve/CVE-2017-5429.html https://www.suse.com/security/cve/CVE-2017-5430.html https://www.suse.com/security/cve/CVE-2017-5432.html https://www.suse.com/security/cve/CVE-2017-5433.html https://www.suse.com/security/cve/CVE-2017-5434.html https://www.suse.com/security/cve/CVE-2017-5435.html https://www.suse.com/security/cve/CVE-2017-5436.html https://www.suse.com/security/cve/CVE-2017-5438.html https://www.suse.com/security/cve/CVE-2017-5439.html https://www.suse.com/security/cve/CVE-2017-5440.html https://www.suse.com/security/cve/CVE-2017-5441.html https://www.suse.com/security/cve/CVE-2017-5442.html https://www.suse.com/security/cve/CVE-2017-5443.html https://www.suse.com/security/cve/CVE-2017-5444.html https://www.suse.com/security/cve/CVE-2017-5445.html https://www.suse.com/security/cve/CVE-2017-5446.html https://www.suse.com/security/cve/CVE-2017-5447.html https://www.suse.com/security/cve/CVE-2017-5448.html https://www.suse.com/security/cve/CVE-2017-5449.html https://www.suse.com/security/cve/CVE-2017-5451.html https://www.suse.com/security/cve/CVE-2017-5454.html https://www.suse.com/security/cve/CVE-2017-5455.html https://www.suse.com/security/cve/CVE-2017-5456.html https://www.suse.com/security/cve/CVE-2017-5459.html https://www.suse.com/security/cve/CVE-2017-5460.html https://www.suse.com/security/cve/CVE-2017-5461.html https://www.suse.com/security/cve/CVE-2017-5462.html https://www.suse.com/security/cve/CVE-2017-5464.html https://www.suse.com/security/cve/CVE-2017-5465.html https://www.suse.com/security/cve/CVE-2017-5466.html https://www.suse.com/security/cve/CVE-2017-5467.html https://www.suse.com/security/cve/CVE-2017-5469.html https://www.suse.com/security/cve/CVE-2017-5470.html https://www.suse.com/security/cve/CVE-2017-5472.html https://www.suse.com/security/cve/CVE-2017-7749.html https://www.suse.com/security/cve/CVE-2017-7750.html https://www.suse.com/security/cve/CVE-2017-7751.html https://www.suse.com/security/cve/CVE-2017-7752.html https://www.suse.com/security/cve/CVE-2017-7754.html https://www.suse.com/security/cve/CVE-2017-7755.html https://www.suse.com/security/cve/CVE-2017-7756.html https://www.suse.com/security/cve/CVE-2017-7757.html https://www.suse.com/security/cve/CVE-2017-7758.html https://www.suse.com/security/cve/CVE-2017-7761.html https://www.suse.com/security/cve/CVE-2017-7763.html https://www.suse.com/security/cve/CVE-2017-7764.html https://www.suse.com/security/cve/CVE-2017-7765.html https://www.suse.com/security/cve/CVE-2017-7768.html https://www.suse.com/security/cve/CVE-2017-7778.html https://bugzilla.suse.com/1025108 https://bugzilla.suse.com/1031485 https://bugzilla.suse.com/1035082 https://bugzilla.suse.com/1043960 https://bugzilla.suse.com/930392 https://bugzilla.suse.com/930496 https://bugzilla.suse.com/935510 https://bugzilla.suse.com/939460 https://bugzilla.suse.com/945842 https://bugzilla.suse.com/953831 https://bugzilla.suse.com/954002 https://bugzilla.suse.com/955382 https://bugzilla.suse.com/962765 https://bugzilla.suse.com/964468 https://bugzilla.suse.com/966220 https://bugzilla.suse.com/968771 From sle-security-updates at lists.suse.com Tue Aug 22 13:11:25 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Aug 2017 21:11:25 +0200 (CEST) Subject: SUSE-SU-2017:2236-1: important: Security update for postgresql93 Message-ID: <20170822191125.61220FC64@maintenance.suse.de> SUSE Security Update: Security update for postgresql93 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2236-1 Rating: important References: #1051684 #1051685 #1053259 Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Postgresql93 was updated to 9.3.18 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for the release is here: https://www.postgresql.org/docs/9.3/static/release-9-3-18.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1368=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1368=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): postgresql93-9.3.18-25.5.1 postgresql93-contrib-9.3.18-25.5.1 postgresql93-contrib-debuginfo-9.3.18-25.5.1 postgresql93-debuginfo-9.3.18-25.5.1 postgresql93-debugsource-9.3.18-25.5.1 postgresql93-server-9.3.18-25.5.1 postgresql93-server-debuginfo-9.3.18-25.5.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): postgresql93-docs-9.3.18-25.5.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): postgresql93-9.3.18-25.5.1 postgresql93-contrib-9.3.18-25.5.1 postgresql93-contrib-debuginfo-9.3.18-25.5.1 postgresql93-debuginfo-9.3.18-25.5.1 postgresql93-debugsource-9.3.18-25.5.1 postgresql93-server-9.3.18-25.5.1 postgresql93-server-debuginfo-9.3.18-25.5.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql93-docs-9.3.18-25.5.1 References: https://www.suse.com/security/cve/CVE-2017-7546.html https://www.suse.com/security/cve/CVE-2017-7547.html https://www.suse.com/security/cve/CVE-2017-7548.html https://bugzilla.suse.com/1051684 https://bugzilla.suse.com/1051685 https://bugzilla.suse.com/1053259 From sle-security-updates at lists.suse.com Tue Aug 22 13:12:07 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 22 Aug 2017 21:12:07 +0200 (CEST) Subject: SUSE-SU-2017:2237-1: important: Security update for samba and resource-agents Message-ID: <20170822191207.119B5FC64@maintenance.suse.de> SUSE Security Update: Security update for samba and resource-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2237-1 Rating: important References: #1048278 #1048339 #1048352 #1048387 #1048790 #1052577 #1054017 Cross-References: CVE-2017-11103 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update provides Samba 4.6.7, which fixes the following issues: - CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext (the Ticket) rather than the authenticated and encrypted KDC response. (bsc#1048278) - Fix cephwrap_chdir(). (bsc#1048790) - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb. (bsc#1048339) - Fix inconsistent ctdb socket path. (bsc#1048352) - Fix non-admin cephx authentication. (bsc#1048387) - CTDB cannot start when there is no persistent database. (bsc#1052577) The CTDB resource agent was also fixed to not fail when the database is empty. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1367=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1367=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1367=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1367=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsmbclient-devel-4.6.7+git.38.90b2cdb4f22-3.7.1 libwbclient-devel-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-debugsource-4.6.7+git.38.90b2cdb4f22-3.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc-binding0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-krb5pac0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-nbt0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-standard0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr0-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libnetapi0-4.6.7+git.38.90b2cdb4f22-3.7.1 libnetapi0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-credentials0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-errors0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-hostconfig0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-passdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamdb0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbconf0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbldap0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.7.1 libtevent-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libwbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1 libwbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-client-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-client-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-debugsource-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-libs-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-libs-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-winbind-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-winbind-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc-binding0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-krb5pac0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-nbt0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-standard0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libnetapi0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-credentials0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-errors0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-hostconfig0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-passdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbconf0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbldap0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libtevent-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libwbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-client-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-libs-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-winbind-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.7+git.38.90b2cdb4f22-3.7.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.7+git.38.90b2cdb4f22-3.7.1 ctdb-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 ldirectord-4.0.1+git.1495055229.643177f1-2.4.2 resource-agents-4.0.1+git.1495055229.643177f1-2.4.2 resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-2.4.2 resource-agents-debugsource-4.0.1+git.1495055229.643177f1-2.4.2 samba-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-debugsource-4.6.7+git.38.90b2cdb4f22-3.7.1 - SUSE Linux Enterprise High Availability 12-SP3 (noarch): monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-2.4.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.7+git.38.90b2cdb4f22-3.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc-binding0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc-binding0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libdcerpc0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-krb5pac0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-krb5pac0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-nbt0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-nbt0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-standard0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr-standard0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr0-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libndr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libnetapi0-4.6.7+git.38.90b2cdb4f22-3.7.1 libnetapi0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libnetapi0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-credentials0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-credentials0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-errors0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-errors0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-hostconfig0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-hostconfig0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-passdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-passdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamba-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamdb0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsamdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbconf0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbconf0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbldap0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libsmbldap0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.7.1 libtevent-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libtevent-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libwbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1 libwbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 libwbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-client-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-client-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-client-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-debugsource-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-libs-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-libs-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-libs-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-winbind-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-winbind-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1 samba-winbind-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1 References: https://www.suse.com/security/cve/CVE-2017-11103.html https://bugzilla.suse.com/1048278 https://bugzilla.suse.com/1048339 https://bugzilla.suse.com/1048352 https://bugzilla.suse.com/1048387 https://bugzilla.suse.com/1048790 https://bugzilla.suse.com/1052577 https://bugzilla.suse.com/1054017 From sle-security-updates at lists.suse.com Wed Aug 23 13:07:32 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Aug 2017 21:07:32 +0200 (CEST) Subject: SUSE-SU-2017:2243-1: moderate: Security update for freeradius-server Message-ID: <20170823190732.A17E2FC3F@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2243-1 Rating: moderate References: #1049086 Cross-References: CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10987 CVE-2017-10988 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for freeradius fixes the following issues: Security issues fixed: - CVE-2017-10988: Decode 'signed' attributes correctly. (bnc#1049086) - CVE-2017-10987: Check for option overflowing the packet. (bnc#1049086) - CVE-2017-10985: Fix infinite loop and memory exhaustion with 'concat' attributes. (bnc#1049086) - CVE-2017-10984: Fix write overflow in data2vp_wimax(). (bnc#1049086) - CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086) - CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1373=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1373=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1373=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.3-17.9.1 freeradius-server-debugsource-3.0.3-17.9.1 freeradius-server-devel-3.0.3-17.9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): freeradius-server-3.0.3-17.9.1 freeradius-server-debuginfo-3.0.3-17.9.1 freeradius-server-debugsource-3.0.3-17.9.1 freeradius-server-doc-3.0.3-17.9.1 freeradius-server-krb5-3.0.3-17.9.1 freeradius-server-krb5-debuginfo-3.0.3-17.9.1 freeradius-server-ldap-3.0.3-17.9.1 freeradius-server-ldap-debuginfo-3.0.3-17.9.1 freeradius-server-libs-3.0.3-17.9.1 freeradius-server-libs-debuginfo-3.0.3-17.9.1 freeradius-server-mysql-3.0.3-17.9.1 freeradius-server-mysql-debuginfo-3.0.3-17.9.1 freeradius-server-perl-3.0.3-17.9.1 freeradius-server-perl-debuginfo-3.0.3-17.9.1 freeradius-server-postgresql-3.0.3-17.9.1 freeradius-server-postgresql-debuginfo-3.0.3-17.9.1 freeradius-server-python-3.0.3-17.9.1 freeradius-server-python-debuginfo-3.0.3-17.9.1 freeradius-server-sqlite-3.0.3-17.9.1 freeradius-server-sqlite-debuginfo-3.0.3-17.9.1 freeradius-server-utils-3.0.3-17.9.1 freeradius-server-utils-debuginfo-3.0.3-17.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.3-17.9.1 freeradius-server-debuginfo-3.0.3-17.9.1 freeradius-server-debugsource-3.0.3-17.9.1 freeradius-server-doc-3.0.3-17.9.1 freeradius-server-krb5-3.0.3-17.9.1 freeradius-server-krb5-debuginfo-3.0.3-17.9.1 freeradius-server-ldap-3.0.3-17.9.1 freeradius-server-ldap-debuginfo-3.0.3-17.9.1 freeradius-server-libs-3.0.3-17.9.1 freeradius-server-libs-debuginfo-3.0.3-17.9.1 freeradius-server-mysql-3.0.3-17.9.1 freeradius-server-mysql-debuginfo-3.0.3-17.9.1 freeradius-server-perl-3.0.3-17.9.1 freeradius-server-perl-debuginfo-3.0.3-17.9.1 freeradius-server-postgresql-3.0.3-17.9.1 freeradius-server-postgresql-debuginfo-3.0.3-17.9.1 freeradius-server-python-3.0.3-17.9.1 freeradius-server-python-debuginfo-3.0.3-17.9.1 freeradius-server-sqlite-3.0.3-17.9.1 freeradius-server-sqlite-debuginfo-3.0.3-17.9.1 freeradius-server-utils-3.0.3-17.9.1 freeradius-server-utils-debuginfo-3.0.3-17.9.1 References: https://www.suse.com/security/cve/CVE-2017-10978.html https://www.suse.com/security/cve/CVE-2017-10983.html https://www.suse.com/security/cve/CVE-2017-10984.html https://www.suse.com/security/cve/CVE-2017-10985.html https://www.suse.com/security/cve/CVE-2017-10987.html https://www.suse.com/security/cve/CVE-2017-10988.html https://bugzilla.suse.com/1049086 From sle-security-updates at lists.suse.com Wed Aug 23 13:07:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 23 Aug 2017 21:07:58 +0200 (CEST) Subject: SUSE-SU-2017:2244-1: moderate: Security update for freeradius-server Message-ID: <20170823190758.72190FC3F@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2244-1 Rating: moderate References: #1049086 Cross-References: CVE-2017-10978 CVE-2017-10979 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2017-10981: DHCP - Fix memory leak in fr_dhcp_decode(). (bnc#1049086) - CVE-2017-10982: Fix buffer over-read in fr_dhcp_decode_options(). (bsc#1049086) - CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086) - CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086) - CVE-2017-10979: Fix write overflow in rad_coalesce(). (bsc#1049086) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-freeradius-server-13238=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-freeradius-server-13238=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-freeradius-server-13238=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): freeradius-server-devel-2.1.1-7.25.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): freeradius-server-libs-2.1.1-7.25.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): freeradius-server-2.1.1-7.25.3.1 freeradius-server-dialupadmin-2.1.1-7.25.3.1 freeradius-server-doc-2.1.1-7.25.3.1 freeradius-server-libs-2.1.1-7.25.3.1 freeradius-server-utils-2.1.1-7.25.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): freeradius-server-debuginfo-2.1.1-7.25.3.1 freeradius-server-debugsource-2.1.1-7.25.3.1 References: https://www.suse.com/security/cve/CVE-2017-10978.html https://www.suse.com/security/cve/CVE-2017-10979.html https://www.suse.com/security/cve/CVE-2017-10981.html https://www.suse.com/security/cve/CVE-2017-10982.html https://www.suse.com/security/cve/CVE-2017-10983.html https://bugzilla.suse.com/1049086 From sle-security-updates at lists.suse.com Thu Aug 24 16:07:04 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Aug 2017 00:07:04 +0200 (CEST) Subject: SUSE-SU-2017:2250-1: moderate: Security update for mercurial Message-ID: <20170824220704.8425AFCA2@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2250-1 Rating: moderate References: #1052696 #1053344 Cross-References: CVE-2017-1000115 CVE-2017-1000116 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mercurial fixes the following issues: - CVE-2017-1000115: path traversal via symlink could lead to unauthorized access (bsc#1053344) - CVE-2017-1000116: argument injection in SSH URLs could lead to client-side code execution (bsc#1052696) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mercurial-13239=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mercurial-13239=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-2.3.2-0.18.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-debuginfo-2.3.2-0.18.3.1 mercurial-debugsource-2.3.2-0.18.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000115.html https://www.suse.com/security/cve/CVE-2017-1000116.html https://bugzilla.suse.com/1052696 https://bugzilla.suse.com/1053344 From sle-security-updates at lists.suse.com Thu Aug 24 16:07:37 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Aug 2017 00:07:37 +0200 (CEST) Subject: SUSE-SU-2017:2251-1: moderate: Security update for mercurial Message-ID: <20170824220737.93D9CFCA1@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2251-1 Rating: moderate References: #1052696 #1053344 Cross-References: CVE-2017-1000115 CVE-2017-1000116 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mercurial fixes the following issues: - CVE-2017-1000115: path traversal via symlink could lead to unauthorized access (bsc#1053344) - CVE-2017-1000116: argument injection in SSH URLs could lead to client-side code execution (bsc#1052696) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1375=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1375=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-15.3.1 mercurial-debuginfo-2.8.2-15.3.1 mercurial-debugsource-2.8.2-15.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-15.3.1 mercurial-debuginfo-2.8.2-15.3.1 mercurial-debugsource-2.8.2-15.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000115.html https://www.suse.com/security/cve/CVE-2017-1000116.html https://bugzilla.suse.com/1052696 https://bugzilla.suse.com/1053344 From sle-security-updates at lists.suse.com Fri Aug 25 10:10:22 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Aug 2017 18:10:22 +0200 (CEST) Subject: SUSE-SU-2017:2257-1: moderate: Security update for SUSE Manager Server 3.1 Message-ID: <20170825161022.41F63FCA2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2257-1 Rating: moderate References: #1009118 #1017513 #1019759 #1028098 #1030898 #1031143 #1031602 #1032324 #1032350 #1033999 #1035728 #1037609 #1038321 #1039458 #1039579 #1039913 #1042199 #1042552 #1042846 #1042975 #1043143 #1043430 #1043795 #1043831 #1044719 #1045152 #1045266 #1045981 #1046176 #1046218 #1046314 #1046865 #1047282 #1047352 #1047513 #1047641 #1047656 #1047680 #1047707 #1048183 #1048968 #1049162 #1049425 #1049471 #1049575 #1049664 #1049665 #1050385 #1051518 #1051719 Cross-References: CVE-2017-10807 CVE-2017-7538 Affected Products: SUSE Manager Server 3.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 48 fixes is now available. Description: This update for the SUSE Manager Server 3.1 provides several fixes and improvements. The following security issues have been fixed: jabberd: - Fix offered SASL mechanism check. (bsc#1047282, CVE-2017-10807) spacewalk-java: - Do not allow XSS as Organization name. (bsc#1048968, CVE-2017-7538) Additionally, the following non-security issues have been fixed: cobbler: - Fix missing arguments and location for Xen. (bsc#1048183) jabberd: - Fix memory leak in pgsql storage driver. - Fix two double-frees caused by dangling pointers. - wss:// (WebSocket over SSL) support in c2s. - Allow BareJID S10N packets. - SQLite postconnect SQL support. - Support WebSocket fragmented packets. - Module to verify users using e-mail. - Use OpenSSL functions for base64 en/decoding when available. - Option to dump packet-filter matched packets to file. - bcrypt support for PostgreSQL and MySQL storage. - Option to set authreg module per realm. - WebSocket C2S SX plugin. - Support for RSA/DH/ECDH key agreement. - For a detailed description of all fixes, please refer to the changelog. osad: - Reduce maximal size of osad log before rotating. - Perform osad restart in posttrans. (bsc#1039913) salt-netapi-client: - Fix date format for Schedule. - Fix sending kwarg in payload in RunnerCall. - Better error handling in Runner and Wheel calls. - Increase the default SOCKET_TIMEOUT to 20 seconds. smdba: - Add support for postgresql96. (bsc#1045152) spacecmd: - Configchannel export binary flag to json. (bsc#1044719) spacewalk-backend: - Make master_label static to keep its value when retrying. (bsc#1038321) - Adapt for the new gpgcheck flag for the channels. spacewalk-branding: - Fix overlapping of elements. (bsc#1031143) - Fix overlapping text narrow window. (bsc#1009118) - Fix formulas action buttons position. (bsc#1047513) - Fix broken link. (bsc#1033999) - Alphabar: Change title to 'Select first character'. (bsc#1042199) spacewalk-certs-tools: - Improve text for bootstrap. (bsc#1032324) spacewalk-java: - Don't add default channel if AK is not valid. (bsc#1047656) - Add 'Enable GPG check' function for channels. - No legend icon for Activity Ocurring. (bsc#1051719) - Implement API call for bootstrapping systems. - Fix product ids reported for SUSE Manager Server to the subscription matcher. - Fix adding products when assigning channels. (bsc#1049664) - Set default memory size for SLES 12 installations to 1024MB. (bsc#1047707) - Enable remote-command for Salt clients in SSM. (bsc#1050385) - Add missing help icons/links. (bsc#1049425) - Fix invalid help links. (bsc#1049425) - Fix wrong openscap xid. (bsc#1030898) - Fix overlapping text narrow window. (bsc#1009118) - Fixes alignment on the orgdetails. (bsc#1017513) - Fix text for activation key buttons. (bsc#1042975) - Correctly set, check and cut textarea maxlength. (bsc#1043430) - MinionActionExecutor: Raise skip timeout. (bsc#1046865) - Update channels.xml with OpenStack Cloud Continuous Delivery 6. (bsc#1039458) - Do not create VirtualInstance duplicates for the same 'uuid'. - Add taskomatic task to cleanup duplicated uuids for same system id. - Handle possible wrong UUIDs on SLE11 minions. (bsc#1046218) - Removed duplicate overview menu item. (bsc#1045981) - Enable act-key name empty on creation. (bsc#1032350) - Fix NPE when there's not udev results. (bsc#1042552) - Alphabar: Change title to 'Select first character'. (bsc#1042199) - Duplicate Systems: Correct language not to mention 'profiles'. (bsc#1035728) - Fix list filters to work with URL special characters. (bsc#1042846) - Use getActive() instead of isActive() for JavaBeans compliance. (bsc#1043143) - Fix hide non-org event details. (bsc#1039579) spacewalk-search: - Remove executable bit from service files. (bsc#1051518) spacewalk-utils: - Don't show password on input in spacewalk-manage-channel-lifecycle. (bsc#1043795) spacewalk-web: - Fix overlapping of elements. (bsc#1031143) - Fix formulas action buttons position. (bsc#1047513) - Do not show old messages. (bsc#1043831) - Add a dynamic counter of the remaining textarea length. - Confirm if navigating away while bootstrapping. susemanager: - Assert correct java version. (bsc#1049575) - Create bootstrap repository for SLES for SAP 11 SP1. (bsc#1049471) - Adjust the bootstrap repository with SLE 12 SP3 repositories. susemanager-docs_en: - Improve Icinga services example. (bsc#1019759) - Make Section reference Configuration Management more clear. (bsc#1047352) - Add missing "host_name" in service definition example for Icinga. (bsc#1049162) - Fix documentation on moving database. (bsc#1031602) - Add missing Autoinstallation page in Advanced Topics guide. (bsc#1047680) - Make API documentation available online. (bsc#1047641) - Fix Reference Guide Documentation issues. (bsc#1045266) - Update online documentation components. (bsc#1046314) - Update online documentation. (bsc#1046176) susemanager-schema: - Adapt for the new gpgcheck flag for the channels. susemanager-sync-data: - Add support for SLE 12 SP3 product family, SUSE Enterprise Storage 5, OpenStack Cloud 6 Continuous Delivery and Public Cloud for ppc64le. (bsc#1028098, bsc#1039458, bsc#1037609, bsc#1049665) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-1387=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): jabberd-2.6.1-3.3.1 jabberd-db-2.6.1-3.3.1 jabberd-db-debuginfo-2.6.1-3.3.1 jabberd-debuginfo-2.6.1-3.3.1 jabberd-debugsource-2.6.1-3.3.1 jabberd-sqlite-2.6.1-3.3.1 jabberd-sqlite-debuginfo-2.6.1-3.3.1 smdba-1.5.8-0.2.3.1 spacewalk-branding-2.7.2.7-2.3.1 susemanager-3.1.8-2.3.1 susemanager-tools-3.1.8-2.3.1 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.3.1 osa-common-5.11.80.3-2.3.1 osa-dispatcher-5.11.80.3-2.3.1 rhnpush-5.5.104.3-2.3.2 salt-netapi-client-0.12.0-3.3.1 spacecmd-2.7.8.6-2.3.1 spacewalk-backend-2.7.73.7-2.3.1 spacewalk-backend-app-2.7.73.7-2.3.1 spacewalk-backend-applet-2.7.73.7-2.3.1 spacewalk-backend-config-files-2.7.73.7-2.3.1 spacewalk-backend-config-files-common-2.7.73.7-2.3.1 spacewalk-backend-config-files-tool-2.7.73.7-2.3.1 spacewalk-backend-iss-2.7.73.7-2.3.1 spacewalk-backend-iss-export-2.7.73.7-2.3.1 spacewalk-backend-libs-2.7.73.7-2.3.1 spacewalk-backend-package-push-server-2.7.73.7-2.3.1 spacewalk-backend-server-2.7.73.7-2.3.1 spacewalk-backend-sql-2.7.73.7-2.3.1 spacewalk-backend-sql-oracle-2.7.73.7-2.3.1 spacewalk-backend-sql-postgresql-2.7.73.7-2.3.1 spacewalk-backend-tools-2.7.73.7-2.3.1 spacewalk-backend-xml-export-libs-2.7.73.7-2.3.1 spacewalk-backend-xmlrpc-2.7.73.7-2.3.1 spacewalk-base-2.7.1.10-2.3.1 spacewalk-base-minimal-2.7.1.10-2.3.1 spacewalk-base-minimal-config-2.7.1.10-2.3.1 spacewalk-certs-tools-2.7.0.7-2.3.1 spacewalk-html-2.7.1.10-2.3.1 spacewalk-java-2.7.46.5-2.3.1 spacewalk-java-config-2.7.46.5-2.3.1 spacewalk-java-lib-2.7.46.5-2.3.1 spacewalk-java-oracle-2.7.46.5-2.3.1 spacewalk-java-postgresql-2.7.46.5-2.3.1 spacewalk-search-2.7.3.2-2.3.4 spacewalk-taskomatic-2.7.46.5-2.3.1 spacewalk-utils-2.7.10.5-2.3.1 susemanager-advanced-topics_en-pdf-3-10.3.1 susemanager-best-practices_en-pdf-3-10.3.1 susemanager-docs_en-3-10.3.1 susemanager-getting-started_en-pdf-3-10.3.1 susemanager-jsp_en-3-10.3.1 susemanager-reference_en-pdf-3-10.3.1 susemanager-schema-3.1.9-2.3.1 susemanager-sync-data-3.1.6-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-10807.html https://www.suse.com/security/cve/CVE-2017-7538.html https://bugzilla.suse.com/1009118 https://bugzilla.suse.com/1017513 https://bugzilla.suse.com/1019759 https://bugzilla.suse.com/1028098 https://bugzilla.suse.com/1030898 https://bugzilla.suse.com/1031143 https://bugzilla.suse.com/1031602 https://bugzilla.suse.com/1032324 https://bugzilla.suse.com/1032350 https://bugzilla.suse.com/1033999 https://bugzilla.suse.com/1035728 https://bugzilla.suse.com/1037609 https://bugzilla.suse.com/1038321 https://bugzilla.suse.com/1039458 https://bugzilla.suse.com/1039579 https://bugzilla.suse.com/1039913 https://bugzilla.suse.com/1042199 https://bugzilla.suse.com/1042552 https://bugzilla.suse.com/1042846 https://bugzilla.suse.com/1042975 https://bugzilla.suse.com/1043143 https://bugzilla.suse.com/1043430 https://bugzilla.suse.com/1043795 https://bugzilla.suse.com/1043831 https://bugzilla.suse.com/1044719 https://bugzilla.suse.com/1045152 https://bugzilla.suse.com/1045266 https://bugzilla.suse.com/1045981 https://bugzilla.suse.com/1046176 https://bugzilla.suse.com/1046218 https://bugzilla.suse.com/1046314 https://bugzilla.suse.com/1046865 https://bugzilla.suse.com/1047282 https://bugzilla.suse.com/1047352 https://bugzilla.suse.com/1047513 https://bugzilla.suse.com/1047641 https://bugzilla.suse.com/1047656 https://bugzilla.suse.com/1047680 https://bugzilla.suse.com/1047707 https://bugzilla.suse.com/1048183 https://bugzilla.suse.com/1048968 https://bugzilla.suse.com/1049162 https://bugzilla.suse.com/1049425 https://bugzilla.suse.com/1049471 https://bugzilla.suse.com/1049575 https://bugzilla.suse.com/1049664 https://bugzilla.suse.com/1049665 https://bugzilla.suse.com/1050385 https://bugzilla.suse.com/1051518 https://bugzilla.suse.com/1051719 From sle-security-updates at lists.suse.com Fri Aug 25 10:18:33 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Aug 2017 18:18:33 +0200 (CEST) Subject: SUSE-SU-2017:2258-1: important: Security update for postgresql94 Message-ID: <20170825161833.37216FC56@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2258-1 Rating: important References: #1051684 #1051685 #1053259 Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Postgresql94 was updated to 9.4.13 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for this release is here: https://www.postgresql.org/docs/9.4/static/release-9-4-13.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-postgresql94-13247=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgresql94-13247=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-postgresql94-13247=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-postgresql94-13247=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-postgresql94-13247=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-postgresql94-13247=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.13-0.23.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.13-0.23.5.1 libpq5-9.4.13-0.23.5.1 postgresql94-9.4.13-0.23.5.1 postgresql94-contrib-9.4.13-0.23.5.1 postgresql94-docs-9.4.13-0.23.5.1 postgresql94-server-9.4.13-0.23.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpq5-32bit-9.4.13-0.23.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libecpg6-9.4.13-0.23.5.1 libpq5-9.4.13-0.23.5.1 postgresql94-9.4.13-0.23.5.1 postgresql94-contrib-9.4.13-0.23.5.1 postgresql94-docs-9.4.13-0.23.5.1 postgresql94-server-9.4.13-0.23.5.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libpq5-32bit-9.4.13-0.23.5.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libecpg6-9.4.13-0.23.5.1 libpq5-9.4.13-0.23.5.1 postgresql94-9.4.13-0.23.5.1 postgresql94-contrib-9.4.13-0.23.5.1 postgresql94-docs-9.4.13-0.23.5.1 postgresql94-server-9.4.13-0.23.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.13-0.23.5.1 postgresql94-debugsource-9.4.13-0.23.5.1 postgresql94-libs-debuginfo-9.4.13-0.23.5.1 postgresql94-libs-debugsource-9.4.13-0.23.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): postgresql94-debuginfo-9.4.13-0.23.5.1 postgresql94-debugsource-9.4.13-0.23.5.1 References: https://www.suse.com/security/cve/CVE-2017-7546.html https://www.suse.com/security/cve/CVE-2017-7547.html https://www.suse.com/security/cve/CVE-2017-7548.html https://bugzilla.suse.com/1051684 https://bugzilla.suse.com/1051685 https://bugzilla.suse.com/1053259 From sle-security-updates at lists.suse.com Fri Aug 25 10:23:02 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Aug 2017 18:23:02 +0200 (CEST) Subject: SUSE-SU-2017:2263-1: important: Security update for java-1_8_0-ibm Message-ID: <20170825162302.ACAAAFCA2@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2263-1 Rating: important References: #1053431 Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Version update to 8.0-4.10 [bsc#1053431] CVE-2017-10111, CVE-2017-10110, CVE-2017-10107, CVE-2017-10101, CVE-2017-10096, CVE-2017-10090, CVE-2017-10089, CVE-2017-10087, CVE-2017-10102, CVE-2017-10116, CVE-2017-10074, CVE-2017-10078, CVE-2017-10115, CVE-2017-10067, CVE-2017-10125, CVE-2017-10243, CVE-2017-10109, CVE-2017-10108, CVE-2017-10053, CVE-2017-10105, CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could lead to code execution or sandbox escape More information can be found here: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_ July_18_2017_CPU Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1389=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1389=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1389=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1389=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1389=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1389=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1389=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1 java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1 References: https://www.suse.com/security/cve/CVE-2017-10053.html https://www.suse.com/security/cve/CVE-2017-10067.html https://www.suse.com/security/cve/CVE-2017-10074.html https://www.suse.com/security/cve/CVE-2017-10078.html https://www.suse.com/security/cve/CVE-2017-10081.html https://www.suse.com/security/cve/CVE-2017-10087.html https://www.suse.com/security/cve/CVE-2017-10089.html https://www.suse.com/security/cve/CVE-2017-10090.html https://www.suse.com/security/cve/CVE-2017-10096.html https://www.suse.com/security/cve/CVE-2017-10101.html https://www.suse.com/security/cve/CVE-2017-10102.html https://www.suse.com/security/cve/CVE-2017-10105.html https://www.suse.com/security/cve/CVE-2017-10107.html https://www.suse.com/security/cve/CVE-2017-10108.html https://www.suse.com/security/cve/CVE-2017-10109.html https://www.suse.com/security/cve/CVE-2017-10110.html https://www.suse.com/security/cve/CVE-2017-10111.html https://www.suse.com/security/cve/CVE-2017-10115.html https://www.suse.com/security/cve/CVE-2017-10116.html https://www.suse.com/security/cve/CVE-2017-10125.html https://www.suse.com/security/cve/CVE-2017-10243.html https://bugzilla.suse.com/1053431 From sle-security-updates at lists.suse.com Fri Aug 25 10:23:31 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Aug 2017 18:23:31 +0200 (CEST) Subject: SUSE-SU-2017:2264-1: important: Security update for libzypp Message-ID: <20170825162331.A20F6FCA2@maintenance.suse.de> SUSE Security Update: Security update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2264-1 Rating: important References: #1009745 #1036659 #1038984 #1043218 #1045735 #1046417 #1047785 #1048315 Cross-References: CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984) - Fix gpg-pubkey release (creation time) computation. (bsc#1036659) - Update lsof blacklist. (bsc#1046417) - Re-probe on refresh if the repository type changes. (bsc#1048315) - Propagate proper error code to DownloadProgressReport. (bsc#1047785) - Allow to trigger an appdata refresh unconditionally. (bsc#1009745) - Support custom repo variables defined in /etc/zypp/vars.d. yast2-pkg-bindings: - Do not crash when the repository URL is not defined. (bsc#1043218) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1390=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1390=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1390=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libzypp-debuginfo-16.15.3-2.3.1 libzypp-debugsource-16.15.3-2.3.1 libzypp-devel-16.15.3-2.3.1 libzypp-devel-doc-16.15.3-2.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): yast2-pkg-bindings-devel-doc-3.2.4-2.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libzypp-16.15.3-2.3.1 libzypp-debuginfo-16.15.3-2.3.1 libzypp-debugsource-16.15.3-2.3.1 yast2-pkg-bindings-3.2.4-2.3.1 yast2-pkg-bindings-debuginfo-3.2.4-2.3.1 yast2-pkg-bindings-debugsource-3.2.4-2.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libzypp-16.15.3-2.3.1 libzypp-debuginfo-16.15.3-2.3.1 libzypp-debugsource-16.15.3-2.3.1 yast2-pkg-bindings-3.2.4-2.3.1 yast2-pkg-bindings-debuginfo-3.2.4-2.3.1 yast2-pkg-bindings-debugsource-3.2.4-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-7435.html https://www.suse.com/security/cve/CVE-2017-7436.html https://www.suse.com/security/cve/CVE-2017-9269.html https://bugzilla.suse.com/1009745 https://bugzilla.suse.com/1036659 https://bugzilla.suse.com/1038984 https://bugzilla.suse.com/1043218 https://bugzilla.suse.com/1045735 https://bugzilla.suse.com/1046417 https://bugzilla.suse.com/1047785 https://bugzilla.suse.com/1048315 From sle-security-updates at lists.suse.com Fri Aug 25 10:25:57 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Aug 2017 18:25:57 +0200 (CEST) Subject: SUSE-SU-2017:2266-1: moderate: Security update for SUSE Manager Proxy 3.1 Message-ID: <20170825162557.661BBFC56@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Proxy 3.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2266-1 Rating: moderate References: #1031143 #1032324 #1036260 #1038321 #1039913 #1043831 #1047282 #1047513 #1049936 #1052039 Cross-References: CVE-2017-10807 Affected Products: SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update for SUSE Manager Proxy 3.1 provides several fixes and improvements: The following security issues have been fixed: jabberd: - Fix offered SASL mechanism check. (bsc#1047282, CVE-2017-10807) Additionally, the following non-security issues have been fixed: jabberd: - Fix memory leak in pgsql storage driver. - Fix two double-frees caused by dangling pointers. - wss:// (WebSocket over SSL) support in c2s. - Allow BareJID S10N packets. - SQLite postconnect SQL support. - Support WebSocket fragmented packets. - Module to verify users using e-mail. - Use OpenSSL functions for base64 en/decoding when available. - Option to dump packet-filter matched packets to file. - bcrypt support for PostgreSQL and MySQL storage. - Option to set authreg module per realm. - WebSocket C2S SX plugin. - Support for RSA/DH/ECDH key agreement. - For a detailed description of all fixes, please refer to the changelog. osad: - Reduce maximal size of osad log before rotating. - Perform osad restart in posttrans. (bsc#1039913) spacewalk-backend: - Make master_label static to keep its value when retrying. (bsc#1038321) - Adapt for the new gpgcheck flag for the channels. spacewalk-certs-tools: - Improve text for bootstrap. (bsc#1032324) spacewalk-proxy: - Use query string in upstream HEAD requests. (bsc#1036260) spacewalk-web: - Fix overlapping of elements. (bsc#1031143) - Fix formulas action buttons position. (bsc#1047513) - Do not show old messages. (bsc#1043831) - Add a dynamic counter of the remaining textarea length. - Confirm if navigating away while bootstrapping. spacewalksd: - Fix permissions of PID files in spacewalksd. (bsc#1049936) zypp-plugin-spacewalk: - Fix setting pkg_gpgcheck. - Make pkg_gpgcheck configurable. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2017-1387=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.1 (ppc64le x86_64): jabberd-2.6.1-3.3.1 jabberd-db-2.6.1-3.3.1 jabberd-db-debuginfo-2.6.1-3.3.1 jabberd-debuginfo-2.6.1-3.3.1 jabberd-debugsource-2.6.1-3.3.1 jabberd-sqlite-2.6.1-3.3.1 jabberd-sqlite-debuginfo-2.6.1-3.3.1 spacewalksd-5.0.26.3-2.3.1 spacewalksd-debuginfo-5.0.26.3-2.3.1 spacewalksd-debugsource-5.0.26.3-2.3.1 zypp-plugin-spacewalk-0.9.16-2.3.1 - SUSE Manager Proxy 3.1 (noarch): osa-common-5.11.80.3-2.3.1 osad-5.11.80.3-2.3.1 rhnpush-5.5.104.3-2.3.2 spacewalk-backend-2.7.73.7-2.3.1 spacewalk-backend-libs-2.7.73.7-2.3.1 spacewalk-base-minimal-2.7.1.10-2.3.1 spacewalk-base-minimal-config-2.7.1.10-2.3.1 spacewalk-certs-tools-2.7.0.7-2.3.1 spacewalk-proxy-broker-2.7.1.4-2.3.1 spacewalk-proxy-common-2.7.1.4-2.3.1 spacewalk-proxy-management-2.7.1.4-2.3.1 spacewalk-proxy-package-manager-2.7.1.4-2.3.1 spacewalk-proxy-redirect-2.7.1.4-2.3.1 spacewalk-proxy-salt-2.7.1.4-2.3.1 supportutils-plugin-susemanager-client-3.1.2-2.3.1 References: https://www.suse.com/security/cve/CVE-2017-10807.html https://bugzilla.suse.com/1031143 https://bugzilla.suse.com/1032324 https://bugzilla.suse.com/1036260 https://bugzilla.suse.com/1038321 https://bugzilla.suse.com/1039913 https://bugzilla.suse.com/1043831 https://bugzilla.suse.com/1047282 https://bugzilla.suse.com/1047513 https://bugzilla.suse.com/1049936 https://bugzilla.suse.com/1052039 From sle-security-updates at lists.suse.com Fri Aug 25 10:27:42 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 25 Aug 2017 18:27:42 +0200 (CEST) Subject: SUSE-SU-2017:2267-1: moderate: Security update for jabberd Message-ID: <20170825162742.5B659FC56@maintenance.suse.de> SUSE Security Update: Security update for jabberd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2267-1 Rating: moderate References: #1047282 Cross-References: CVE-2017-10807 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jabberd fixes the following issues: - CVE-2017-10807: SASLANONYMOUS authentication method allowed anyone to authentication even if option was disabled (bsc#1047282) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1392=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-1392=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (s390x x86_64): jabberd-2.6.1-4.6.1 jabberd-db-2.6.1-4.6.1 jabberd-db-debuginfo-2.6.1-4.6.1 jabberd-debuginfo-2.6.1-4.6.1 jabberd-debugsource-2.6.1-4.6.1 jabberd-sqlite-2.6.1-4.6.1 jabberd-sqlite-debuginfo-2.6.1-4.6.1 - SUSE Manager Proxy 3.0 (x86_64): jabberd-2.6.1-4.6.1 jabberd-db-2.6.1-4.6.1 jabberd-db-debuginfo-2.6.1-4.6.1 jabberd-debuginfo-2.6.1-4.6.1 jabberd-debugsource-2.6.1-4.6.1 jabberd-sqlite-2.6.1-4.6.1 jabberd-sqlite-debuginfo-2.6.1-4.6.1 References: https://www.suse.com/security/cve/CVE-2017-10807.html https://bugzilla.suse.com/1047282 From sle-security-updates at lists.suse.com Tue Aug 29 04:09:27 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Aug 2017 12:09:27 +0200 (CEST) Subject: SUSE-SU-2017:2280-1: important: Security update for java-1_7_1-ibm Message-ID: <20170829100927.D073EFCB3@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2280-1 Rating: important References: #1053431 Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-4.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109 CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could lead to code execution or sandbox escape More information can be found here: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_ July_18_2017_CPU Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1395=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1395=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1395=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1395=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1395=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1395=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1395=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1395=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1395=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): java-1_7_1-ibm-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): java-1_7_1-ibm-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server 12-SP3 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-devel-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.10-38.5.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.10-38.5.1 java-1_7_1-ibm-plugin-1.7.1_sr4.10-38.5.1 References: https://www.suse.com/security/cve/CVE-2017-10053.html https://www.suse.com/security/cve/CVE-2017-10067.html https://www.suse.com/security/cve/CVE-2017-10074.html https://www.suse.com/security/cve/CVE-2017-10081.html https://www.suse.com/security/cve/CVE-2017-10087.html https://www.suse.com/security/cve/CVE-2017-10089.html https://www.suse.com/security/cve/CVE-2017-10090.html https://www.suse.com/security/cve/CVE-2017-10096.html https://www.suse.com/security/cve/CVE-2017-10101.html https://www.suse.com/security/cve/CVE-2017-10102.html https://www.suse.com/security/cve/CVE-2017-10105.html https://www.suse.com/security/cve/CVE-2017-10107.html https://www.suse.com/security/cve/CVE-2017-10108.html https://www.suse.com/security/cve/CVE-2017-10109.html https://www.suse.com/security/cve/CVE-2017-10110.html https://www.suse.com/security/cve/CVE-2017-10111.html https://www.suse.com/security/cve/CVE-2017-10115.html https://www.suse.com/security/cve/CVE-2017-10116.html https://www.suse.com/security/cve/CVE-2017-10125.html https://www.suse.com/security/cve/CVE-2017-10243.html https://bugzilla.suse.com/1053431 From sle-security-updates at lists.suse.com Tue Aug 29 04:09:59 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Aug 2017 12:09:59 +0200 (CEST) Subject: SUSE-SU-2017:2281-1: important: Security update for java-1_7_1-ibm Message-ID: <20170829100959.CCD39FCA4@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2281-1 Rating: important References: #1053431 Cross-References: CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-4.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109 CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could lead to code execution or sandbox escape More information can be found here: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_ July_18_2017_CPU Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-13248=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-13248=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.10-26.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.10-26.5.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.10-26.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.10-26.5.1 java-1_7_1-ibm-plugin-1.7.1_sr4.10-26.5.1 References: https://www.suse.com/security/cve/CVE-2017-10053.html https://www.suse.com/security/cve/CVE-2017-10067.html https://www.suse.com/security/cve/CVE-2017-10074.html https://www.suse.com/security/cve/CVE-2017-10081.html https://www.suse.com/security/cve/CVE-2017-10087.html https://www.suse.com/security/cve/CVE-2017-10089.html https://www.suse.com/security/cve/CVE-2017-10090.html https://www.suse.com/security/cve/CVE-2017-10096.html https://www.suse.com/security/cve/CVE-2017-10101.html https://www.suse.com/security/cve/CVE-2017-10102.html https://www.suse.com/security/cve/CVE-2017-10105.html https://www.suse.com/security/cve/CVE-2017-10107.html https://www.suse.com/security/cve/CVE-2017-10108.html https://www.suse.com/security/cve/CVE-2017-10109.html https://www.suse.com/security/cve/CVE-2017-10110.html https://www.suse.com/security/cve/CVE-2017-10111.html https://www.suse.com/security/cve/CVE-2017-10115.html https://www.suse.com/security/cve/CVE-2017-10116.html https://www.suse.com/security/cve/CVE-2017-10125.html https://www.suse.com/security/cve/CVE-2017-10243.html https://bugzilla.suse.com/1053431 From sle-security-updates at lists.suse.com Tue Aug 29 10:11:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Aug 2017 18:11:40 +0200 (CEST) Subject: SUSE-SU-2017:2286-1: important: Security update for the Linux Kernel Message-ID: <20170829161140.7A55BFCA4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2286-1 Rating: important References: #1005778 #1006180 #1011913 #1012829 #1013887 #1015337 #1015342 #1016119 #1019151 #1019695 #1020645 #1022476 #1022600 #1022604 #1023175 #1024346 #1024373 #1025461 #1026570 #1028173 #1028286 #1029693 #1030552 #1031515 #1031717 #1031784 #1033587 #1034075 #1034113 #1034762 #1036215 #1036632 #1037344 #1037404 #1037838 #1037994 #1038078 #1038616 #1038792 #1039153 #1039348 #1039915 #1040307 #1040347 #1040351 #1041958 #1042257 #1042286 #1042314 #1042422 #1042778 #1043261 #1043347 #1043520 #1043598 #1043652 #1043805 #1043912 #1044112 #1044443 #1044623 #1044636 #1045154 #1045293 #1045330 #1045404 #1045563 #1045596 #1045709 #1045715 #1045866 #1045922 #1045937 #1046105 #1046170 #1046434 #1046651 #1046655 #1046682 #1046821 #1046985 #1047027 #1047048 #1047096 #1047118 #1047121 #1047152 #1047174 #1047277 #1047343 #1047354 #1047418 #1047506 #1047595 #1047651 #1047653 #1047670 #1047802 #1048146 #1048155 #1048221 #1048317 #1048348 #1048356 #1048421 #1048451 #1048501 #1048891 #1048912 #1048914 #1048916 #1048919 #1049231 #1049289 #1049298 #1049361 #1049483 #1049486 #1049603 #1049619 #1049645 #1049706 #1049882 #1050061 #1050188 #1050211 #1050320 #1050322 #1050677 #1051022 #1051048 #1051059 #1051239 #1051399 #1051471 #1051478 #1051479 #1051556 #1051663 #1051689 #1051979 #1052049 #1052223 #1052311 #1052325 #1052365 #1052442 #1052533 #1052709 #1052773 #1052794 #1052899 #1052925 #1053043 #1053117 #964063 #974215 #998664 Cross-References: CVE-2017-1000111 CVE-2017-1000112 CVE-2017-10810 CVE-2017-11473 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-8831 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 150 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 bnc#1050677). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). The following non-security bugs were fixed: - acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2 (bsc#1052325). - acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325). - acpi / processor: Avoid reserving IO regions too early (bsc#1051478). - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes). - Add "shutdown" to "struct class" (bsc#1053117). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - alsa: hda - add more ML register definitions (bsc#1048356). - alsa: hda - add sanity check to force the separate stream tags (bsc#1048356). - alsa: hda: Add support for parsing new HDA capabilities (bsc#1048356). - alsa: hdac: Add support for hda DMA Resume capability (bsc#1048356). - alsa: hdac_regmap - fix the register access for runtime PM (bsc#1048356). - alsa: hda: Fix cpu lockup when stopping the cmd dmas (bsc#1048356). - alsa: hda - Fix endless loop of codec configure (bsc#1031717). - alsa: hda: fix to wait for RIRB & CORB DMA to set (bsc#1048356). - alsa: hda - Loop interrupt handling until really cleared (bsc#1048356). - alsa: hda - move bus_parse_capabilities to core (bsc#1048356). - alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717). - alsa: hda - set intel audio clock to a proper value (bsc#1048356). - arm64: kernel: restrict /dev/mem read() calls to linear region (bsc#1046651). - arm64: mm: remove page_mapping check in __sync_icache_dcache (bsc#1040347). - arm64: Update config files. Disable DEVKMEM - b43: Add missing MODULE_FIRMWARE() (bsc#1037344). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307). - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061) - blacklist.conf: add inapplicable commits for wifi (bsc#1031717) - blacklist.conf: add non-applicable fixes for iwlwifi (FATE#323335) - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717). - blacklist.conf: add unapplicable drm fixes (bsc#1031717). - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning. - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478). - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478). - blkfront: add uevent for size change (bnc#1036632). - blk-mq: map all HWQ also in hyperthreaded system (bsc#1045866). - block: add kblock_mod_delayed_work_on() (bsc#1050211). - block: Allow bdi re-registration (bsc#1040307). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: Fix front merge check (bsc#1051239). - block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet time (bsc#1050211). - block: Make del_gendisk() safer for disks without queues (bsc#1040307). - block: Move bdi_unregister() to del_gendisk() (bsc#1040307). - block: provide bio_uninit() free freeing integrity/task associations (bsc#1050211). - bluetooth: hidp: fix possible might sleep error in hidp_session_thread (bsc#1031784). - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717). - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286). - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682). - btrfs: incremental send, fix invalid path for link commands (bsc#1051479). - btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479). - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912). - btrfs: resume qgroup rescan on rw remount (bsc#1047152). - btrfs: Round down values which are written for total_bytes_size (bsc#1043912). - btrfs: send, fix invalid path after renaming and linking file (bsc#1051479). - cifs: Fix some return values in case of error in 'crypt_message' (bnc#1047802). - clocksource/drivers/arm_arch_timer: Fix read and iounmap of incorrect variable (bsc#1045937). - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476). - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154). - cxgb4: fix a NULL dereference (bsc#1005778). - cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778). - cxgb4: fix memory leak in init_one() (bsc#1005778). - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes). - dentry name snapshots (bsc#1049483). - device-dax: fix sysfs attribute deadlock (bsc#1048919). - dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670). - dm: make flush bios explicitly sync (bsc#1050211). - dm raid1: fixes two crash cases if mirror leg failed (bsc#1043520) - drivers/char: kmem: disable on arm64 (bsc#1046655). - drivers: hv: As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60 seconds (bnc#1039153) - drivers: hv: Fix a typo (fate#320485). - drivers: hv: Fix the bug in generating the guest ID (fate#320485). - drivers: hv: util: Fix a typo (fate#320485). - drivers: hv: util: Make hv_poll_channel() a little more efficient (fate#320485). - drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page (fate#320485). - drivers: hv: vmbus: Fix error code returned by vmbus_post_msg() (fate#320485). - drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112). - drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112). - drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112). - drivers: hv: vmbus: Move the code to signal end of message (fate#320485). - drivers: hv: vmbus: Move the definition of generate_guest_id() (fate#320485). - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents (fate#320485). - drivers: hv: vmbus: Restructure the clockevents code (fate#320485). - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions (bsc#1031717). - drm/bochs: Implement nomodeset (bsc#1047096). - drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717). - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717). - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821). - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277). - drm/vmwgfx: Fix large topology crash (bsc#1048155). - drm/vmwgfx: Support topology greater than texture size (bsc#1048155). - Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state' - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829). - Fix kABI breakage by HD-audio bus caps extensions (bsc#1048356). - Fix kABI breakage by KVM CVE fix (bsc#1045922). - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180). - fs: pass on flags in compat_writev (bsc#1050211). - fuse: initialize the flock flag in fuse_file on allocation (git-fixes). - gcov: add support for gcc version >= 6 (bsc#1051663). - gcov: support GCC 7.1 (bsc#1051663). - gfs2: fix flock panic issue (bsc#1012829). - hpsa: limit transfer length to 1MB (bsc#1025461). - hrtimer: Catch invalid clockids again (bsc#1047651). - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651). - hv_netvsc: change netvsc device default duplex to FULL (fate#320485). - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421). - hv_netvsc: Fix the carrier state error when data path is off (fate#320485). - hv_netvsc: Fix the queue index computation in forwarding case (bsc#1048421). - hv_netvsc: Remove unnecessary var link_state from struct netvsc_device_info (fate#320485). - hv: print extra debug in kvp_on_msg in error paths (bnc#1039153). - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112). - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112). - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_util: switch to using timespec64 (fate#320485). - hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105). - hyperv: fix warning about missing prototype (fate#320485). - hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary (fate#320485). - hyperv: remove unnecessary return variable (fate#320485). - i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913). - i40e: add hw struct local variable (bsc#1039915). - i40e: add private flag to control source pruning (bsc#1034075). - i40e: add VSI info to macaddr messages (bsc#1039915). - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915). - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915). - i40e: delete filter after adding its replacement when converting (bsc#1039915). - i40e: do not add broadcast filter for VFs (bsc#1039915). - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (bsc#1039915). - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915). - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915). - i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915). - i40e: fix ethtool to get EEPROM data from X722 interface (bsc#1047418). - i40e: fix MAC filters when removing VLANs (bsc#1039915). - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (bsc#1039915). - i40e/i40evf: Fix use after free in Rx cleanup path (bsc#1051689). - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915). - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915). - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters (bsc#1039915). - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (bsc#1039915). - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters (bsc#1039915). - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915). - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan (bsc#1039915). - i40e: refactor i40e_update_filter_state to avoid passing aq_err (bsc#1039915). - i40e: refactor Rx filter handling (bsc#1039915). - i40e: Removal of workaround for simple MAC address filter deletion (bsc#1039915). - i40e: remove code to handle dev_addr specially (bsc#1039915). - i40e: removed unreachable code (bsc#1039915). - i40e: remove duplicate add/delete adminq command code for filters (bsc#1039915). - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid (bsc#1039915). - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: restore workaround for removing default MAC filter (bsc#1039915). - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915). - i40e: store MAC/VLAN filters in a hash with the MAC Address as key (bsc#1039915). - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID (bsc#1039915). - i40evf: fix merge error in older patch (bsc#1024346 FATE#321239 bsc#1024373 FATE#321247). - i40e: when adding or removing MAC filters, correctly handle VLANs (bsc#1039915). - i40e: When searching all MAC/VLAN filters, ignore removed filters (bsc#1039915). - i40e: write HENA for VFs (bsc#1039915). - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151). - IB/iser: Fix connection teardown race condition (bsc#1050211). - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709). - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223). - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794). - IB/rxe: Fix kernel panic from skb destructor (bsc#1049361). - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value (bsc#1031717). - include/linux/mmzone.h: simplify zone_intersects() (bnc#1047506). - input: gpio-keys - fix check for disabling unsupported keys (bsc#1031717). - introduce the walk_process_tree() helper (bnc#1022476). - iommu/amd: Add flush counters to struct dma_ops_domain (bsc#1045709). - iommu/amd: Add locking to per-domain flush-queue (bsc#1045709). - iommu/amd: Add new init-state IOMMU_CMDLINE_DISABLED (bsc#1045715). - iommu/amd: Add per-domain flush-queue data structures (bsc#1045709). - iommu/amd: Add per-domain timer to flush per-cpu queues (bsc#1045709). - iommu/amd: Check for error states first in iommu_go_to_state() (bsc#1045715). - iommu/amd: Constify irq_domain_ops (bsc#1045709). - iommu/amd: Disable IOMMUs at boot if they are enabled (bsc#1045715). - iommu/amd: Enable ga_log_intr when enabling guest_mode (bsc1052533). - iommu/amd: Fix interrupt remapping when disable guest_mode (bsc#1051471). - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533). - iommu/amd: Free already flushed ring-buffer entries before full-check (bsc#1045709). - iommu/amd: Free IOMMU resources when disabled on command line (bsc#1045715). - iommu/amd: Make use of the per-domain flush queue (bsc#1045709). - iommu/amd: Ratelimit io-page-faults per device (bsc#1045709). - iommu/amd: Reduce amount of MMIO when submitting commands (bsc#1045709). - iommu/amd: Reduce delay waiting for command buffer space (bsc#1045709). - iommu/amd: Remove amd_iommu_disabled check from amd_iommu_detect() (bsc#1045715). - iommu/amd: Remove queue_release() function (bsc#1045709). - iommu/amd: Rename free_on_init_error() (bsc#1045715). - iommu/amd: Rip out old queue flushing code (bsc#1045709). - iommu/amd: Set global pointers to NULL after freeing them (bsc#1045715). - iommu/amd: Suppress IO_PAGE_FAULTs in kdump kernel (bsc#1045715 bsc#1043261). - iommu: Remove a patch because it caused problems for users. See bsc#1048348. - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (bsc#1041958). - ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (bsc#1041958). - iw_cxgb4: Fix error return code in c4iw_rdev_open() (bsc#1026570). - iwlwifi: 8000: fix MODULE_FIRMWARE input (FATE#321353, FATE#323335). - iwlwifi: 9000: increase the number of queues (FATE#321353, FATE#323335). - iwlwifi: add device ID for 8265 (FATE#321353, FATE#323335). - iwlwifi: add device IDs for the 8265 device (FATE#321353, FATE#323335). - iwlwifi: add disable_11ac module param (FATE#321353, FATE#323335). - iwlwifi: add new 3168 series devices support (FATE#321353, FATE#323335). - iwlwifi: add new 8260 PCI IDs (FATE#321353, FATE#323335). - iwlwifi: add new 8265 (FATE#321353, FATE#323335). - iwlwifi: add new 8265 series PCI ID (FATE#321353, FATE#323335). - iwlwifi: Add new PCI IDs for 9260 and 5165 series (FATE#321353, FATE#323335). - iwlwifi: Add PCI IDs for the new 3168 series (FATE#321353, FATE#323335). - iwlwifi: Add PCI IDs for the new series 8165 (FATE#321353, FATE#323335). - iwlwifi: add support for 12K Receive Buffers (FATE#321353, FATE#323335). - iwlwifi: add support for getting HW address from CSR (FATE#321353, FATE#323335). - iwlwifi: avoid d0i3 commands when no/init ucode is loaded (FATE#321353, FATE#323335). - iwlwifi: bail out in case of bad trans state (FATE#321353, FATE#323335). - iwlwifi: block the queues when we send ADD_STA for uAPSD (FATE#321353, FATE#323335). - iwlwifi: change the Intel Wireless email address (FATE#321353, FATE#323335). - iwlwifi: change the Intel Wireless email address (FATE#321353, FATE#323335). - iwlwifi: check for valid ethernet address provided by OEM (FATE#321353, FATE#323335). - iwlwifi: clean up transport debugfs handling (FATE#321353, FATE#323335). - iwlwifi: clear ieee80211_tx_info->driver_data in the op_mode (FATE#321353, FATE#323335). - iwlwifi: Document missing module options (FATE#321353, FATE#323335). - iwlwifi: dump prph registers in a common place for all transports (FATE#321353, FATE#323335). - iwlwifi: dvm: advertise NETIF_F_SG (FATE#321353, FATE#323335). - iwlwifi: dvm: fix compare_const_fl.cocci warnings (FATE#321353, FATE#323335). - iwlwifi: dvm: handle zero brightness for wifi LED (FATE#321353, FATE#323335). - iwlwifi: dvm: remove a wrong dependency on m (FATE#321353, FATE#323335). - iwlwifi: dvm: remove Kconfig default (FATE#321353, FATE#323335). - iwlwifi: dvm: remove stray debug code (FATE#321353, FATE#323335). - iwlwifi: export the _no_grab version of PRPH IO functions (FATE#321353, FATE#323335). - iwlwifi: expose fw usniffer mode to more utilities (FATE#321353, FATE#323335). - iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000 (FATE#321353, FATE#323335). - iwlwifi: Fix firmware name maximum length definition (FATE#321353, FATE#323335). - iwlwifi: fix name of ucode loaded for 8265 series (FATE#321353, FATE#323335). - iwlwifi: fix printf specifier (FATE#321353, FATE#323335). - iwlwifi: generalize d0i3_entry_timeout module parameter (FATE#321353, FATE#323335). - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717). - iwlwifi: mvm: adapt the firmware assert log to new firmware (FATE#321353, FATE#323335). - iwlwifi: mvm: add 9000-series RX API (FATE#321353, FATE#323335). - iwlwifi: mvm: add 9000 series RX processing (FATE#321353, FATE#323335). - iwlwifi: mvm: add a non-trigger window to fw dbg triggers (FATE#321353, FATE#323335). - iwlwifi: mvm: add an option to start rs from HT/VHT rates (FATE#321353, FATE#323335). - iwlwifi: mvm: Add a station in monitor mode (FATE#321353, FATE#323335). - iwlwifi: mvm: add bt rrc and ttc to debugfs (FATE#321353, FATE#323335). - iwlwifi: mvm: add bt settings to debugfs (FATE#321353, FATE#323335). - iwlwifi: mvm: add ctdp operations to debugfs (FATE#321353, FATE#323335). - iwlwifi: mvm: add CT-KILL notification (FATE#321353, FATE#323335). - iwlwifi: mvm: add debug print if scan config is ignored (FATE#321353, FATE#323335). - iwlwifi: mvm: add extended dwell time (FATE#321353, FATE#323335). - iwlwifi: mvm: add new ADD_STA command version (FATE#321353, FATE#323335). - iwlwifi: mvm: Add P2P client snoozing (FATE#321353, FATE#323335). - iwlwifi: mvm: add registration to cooling device (FATE#321353, FATE#323335). - iwlwifi: mvm: add registration to thermal zone (FATE#321353, FATE#323335). - iwlwifi: mvm: add support for negative temperatures (FATE#321353, FATE#323335). - iwlwifi: mvm: add tlv for multi queue rx support (FATE#321353, FATE#323335). - iwlwifi: mvm: add trigger for firmware dump upon TDLS events (FATE#321353, FATE#323335). - iwlwifi: mvm: add trigger for firmware dump upon TX response status (FATE#321353, FATE#323335). - iwlwifi: mvm: advertise NETIF_F_SG (FATE#321353, FATE#323335). - iwlwifi: mvm: Align bt-coex priority with requirements (FATE#321353, FATE#323335). - iwlwifi: mvm: allow to disable beacon filtering for AP/GO interface (FATE#321353, FATE#323335). - iwlwifi: mvm: avoid harmless -Wmaybe-uninialized warning (FATE#321353, FATE#323335). - iwlwifi: mvm: avoid panics with thermal device usage (FATE#321353, FATE#323335). - iwlwifi: mvm: avoid to WARN about gscan capabilities (FATE#321353, FATE#323335). - iwlwifi: mvm: bail out if CTDP start operation fails (FATE#321353, FATE#323335). - iwlwifi: mvm: bump firmware API to 21 (FATE#321353, FATE#323335). - iwlwifi: mvm: bump max API to 20 (FATE#321353, FATE#323335). - iwlwifi: mvm: change access to ieee80211_hdr (FATE#321353, FATE#323335). - iwlwifi: mvm: change iwl_mvm_get_key_sta_id() to return the station (FATE#321353, FATE#323335). - iwlwifi: mvm: change mcc update API (FATE#321353, FATE#323335). - iwlwifi: mvm: change name of iwl_mvm_d3_update_gtk (FATE#321353, FATE#323335). - iwlwifi: mvm: Change number of associated stations when station becomes associated (FATE#321353, FATE#323335). - iwlwifi: mvm: change protocol offload flows (FATE#321353, FATE#323335). - iwlwifi: mvm: change the check for ADD_STA status (FATE#321353, FATE#323335). - iwlwifi: mvm: check FW's response for nvm access write cmd (FATE#321353, FATE#323335). - iwlwifi: mvm: check iwl_mvm_wowlan_config_key_params() return value (FATE#321353, FATE#323335). - iwlwifi: mvm: check minimum temperature notification length (FATE#321353, FATE#323335). - iwlwifi: mvm: cleanup roc te on restart cleanup (FATE#321353, FATE#323335). - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335). - iwlwifi: mvm: Configure fragmented scan for scheduled scan (FATE#321353, FATE#323335). - iwlwifi: mvm: configure scheduled scan according to traffic conditions (FATE#321353, FATE#323335). - iwlwifi: mvm: constify the parameters of a few functions in fw-dbg.c (FATE#321353, FATE#323335). - iwlwifi: mvm: Disable beacon storing in D3 when WOWLAN configured (FATE#321353, FATE#323335). - iwlwifi: mvm: disable DQA support (FATE#321353, FATE#323335). - iwlwifi: mvm: do not ask beacons when P2P GO vif and no assoc sta (FATE#321353, FATE#323335). - iwlwifi: mvm: do not keep an mvm ref when the interface is down (FATE#321353, FATE#323335). - iwlwifi: mvm: do not let NDPs mess the packet tracking (FATE#321353, FATE#323335). - iwlwifi: mvm: do not restart HW if suspend fails with unified image (FATE#321353, FATE#323335). - iwlwifi: mvm: Do not switch to D3 image on suspend (FATE#321353, FATE#323335). - iwlwifi: mvm: do not try to offload AES-CMAC in AP/IBSS modes (FATE#321353, FATE#323335). - iwlwifi: mvm: drop low_latency_agg_frame_cnt_limit (FATE#321353, FATE#323335). - iwlwifi: mvm: dump more registers upon error (FATE#321353, FATE#323335). - iwlwifi: mvm: dump the radio registers when the firmware crashes (FATE#321353, FATE#323335). - iwlwifi: mvm: enable L3 filtering (FATE#321353, FATE#323335). - iwlwifi: mvm: Enable MPLUT only on supported hw (FATE#321353, FATE#323335). - iwlwifi: mvm: enable VHT MU-MIMO for supported hardware (FATE#321353, FATE#323335). - iwlwifi: mvm: extend time event duration (FATE#321353, FATE#323335). - iwlwifi: mvm: fix accessing Null pointer during fw dump collection (FATE#321353, FATE#323335). - iwlwifi: mvm: fix d3_test with unified D0/D3 images (FATE#321353, FATE#323335). - iwlwifi: mvm: fix debugfs signedness warning (FATE#321353, FATE#323335). - iwlwifi: mvm: fix extended dwell time (FATE#321353, FATE#323335). - iwlwifi: mvm: fix incorrect fallthrough in iwl_mvm_check_running_scans() (FATE#321353, FATE#323335). - iwlwifi: mvm: fix memory leaks in error paths upon fw error dump (FATE#321353, FATE#323335). - iwlwifi: mvm: fix netdetect starting/stopping for unified images (FATE#321353, FATE#323335). - iwlwifi: mvm: fix RSS key sizing (FATE#321353, FATE#323335). - iwlwifi: mvm: fix unregistration of thermal in some error flows (FATE#321353, FATE#323335). - iwlwifi: mvm: flush all used TX queues before suspending (FATE#321353, FATE#323335). - iwlwifi: mvm: forbid U-APSD for P2P Client if the firmware does not support it (FATE#321353, FATE#323335). - iwlwifi: mvm: handle pass all scan reporting (FATE#321353, FATE#323335). - iwlwifi: mvm: ignore LMAC scan notifications when running UMAC scans (FATE#321353, FATE#323335). - iwlwifi: mvm: infrastructure for frame-release message (FATE#321353, FATE#323335). - iwlwifi: mvm: kill iwl_mvm_enable_agg_txq (FATE#321353, FATE#323335). - iwlwifi: mvm: let the firmware choose the antenna for beacons (FATE#321353, FATE#323335). - iwlwifi: mvm: make collecting fw debug data optional (FATE#321353, FATE#323335). - iwlwifi: mvm: move fw-dbg code to separate file (FATE#321353, FATE#323335). - iwlwifi: mvm: only release the trans ref if d0i3 is supported in fw (FATE#321353, FATE#323335). - iwlwifi: mvm: prepare the code towards TSO implementation (FATE#321353, FATE#323335). - iwlwifi: mvm: refactor d3 key update functions (FATE#321353, FATE#323335). - iwlwifi: mvm: refactor the way fw_key_table is handled (FATE#321353, FATE#323335). - iwlwifi: mvm: remove an extra tab (FATE#321353, FATE#323335). - iwlwifi: mvm: Remove bf_vif from iwl_power_vifs (FATE#321353, FATE#323335). - iwlwifi: mvm: Remove iwl_mvm_update_beacon_abort (FATE#321353, FATE#323335). - iwlwifi: mvm: remove redundant d0i3 flag from the config struct (FATE#321353, FATE#323335). - iwlwifi: mvm: remove shadowing variable (FATE#321353, FATE#323335). - iwlwifi: mvm: remove stray nd_config element (FATE#321353, FATE#323335). - iwlwifi: mvm: remove the vif parameter of iwl_mvm_configure_bcast_filter() (FATE#321353, FATE#323335). - iwlwifi: mvm: remove unnecessary check in iwl_mvm_is_d0i3_supported() (FATE#321353, FATE#323335). - iwlwifi: mvm: remove useless WARN_ON and rely on cfg80211's combination (FATE#321353, FATE#323335). - iwlwifi: mvm: report wakeup for wowlan (FATE#321353, FATE#323335). - iwlwifi: mvm: reset mvm->scan_type when firmware is started (FATE#321353, FATE#323335). - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717). - iwlwifi: mvm: return the cooling state index instead of the budget (FATE#321353, FATE#323335). - iwlwifi: mvm: ROC: cleanup time event info on FW failure (FATE#321353, FATE#323335). - iwlwifi: mvm: ROC: Extend the ROC max delay duration & limit ROC duration (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix a potential out of bounds access (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix a theoretical access to uninitialized array elements (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix a warning message (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix TPC action decision algorithm (FATE#321353, FATE#323335). - iwlwifi: mvm: rs: fix TPC statistics handling (FATE#321353, FATE#323335). - iwlwifi: mvm: Send power command on BSS_CHANGED_BEACON_INFO if needed (FATE#321353, FATE#323335). - iwlwifi: mvm: set default new STA as non-aggregated (FATE#321353, FATE#323335). - iwlwifi: mvm: set the correct amsdu enum values (FATE#321353, FATE#323335). - iwlwifi: mvm: set the correct descriptor size for tracing (FATE#321353, FATE#323335). - iwlwifi: mvm: small update in the firmware API (FATE#321353, FATE#323335). - iwlwifi: mvm: support A-MSDU in A-MPDU (FATE#321353, FATE#323335). - iwlwifi: mvm: support beacon storing (FATE#321353, FATE#323335). - iwlwifi: mvm: support description for user triggered fw dbg collection (FATE#321353, FATE#323335). - iwlwifi: mvm: support rss queues configuration command (FATE#321353, FATE#323335). - iwlwifi: mvm: Support setting continuous recording debug mode (FATE#321353, FATE#323335). - iwlwifi: mvm: support setting minimum quota from debugfs (FATE#321353, FATE#323335). - iwlwifi: mvm: support sw queue start/stop from mvm (FATE#321353, FATE#323335). - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353, FATE#323335). - iwlwifi: mvm: take care of padded packets (FATE#321353, FATE#323335). - iwlwifi: mvm: take the transport ref back when leaving (FATE#321353, FATE#323335). - iwlwifi: mvm: track low-latency sources separately (FATE#321353, FATE#323335). - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717). - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353, FATE#323335). - iwlwifi: mvm: update GSCAN capabilities (FATE#321353, FATE#323335). - iwlwifi: mvm: update ucode status before stopping device (FATE#321353, FATE#323335). - iwlwifi: mvm: use build-time assertion for fw trigger ID (FATE#321353, FATE#323335). - iwlwifi: mvm: use firmware station lookup, combine code (FATE#321353, FATE#323335). - iwlwifi: mvm: various trivial cleanups (FATE#321353, FATE#323335). - iwlwifi: mvm: writing zero bytes to debugfs causes a crash (FATE#321353, FATE#323335). - iwlwifi: nvm: fix loading default NVM file (FATE#321353, FATE#323335). - iwlwifi: nvm: fix up phy section when reading it (FATE#321353, FATE#323335). - iwlwifi: pcie: add 9000 series multi queue rx DMA support (FATE#321353, FATE#323335). - iwlwifi: pcie: add infrastructure for multi-queue rx (FATE#321353, FATE#323335). - iwlwifi: pcie: add initial RTPM support for PCI (FATE#321353, FATE#323335). - iwlwifi: pcie: Add new configuration to enable MSIX (FATE#321353, FATE#323335). - iwlwifi: pcie: add pm_prepare and pm_complete ops (FATE#321353, FATE#323335). - iwlwifi: pcie: add RTPM support when wifi is enabled (FATE#321353, FATE#323335). - iwlwifi: pcie: aggregate Flow Handler configuration writes (FATE#321353, FATE#323335). - iwlwifi: pcie: allow the op_mode to block the tx queues (FATE#321353, FATE#323335). - iwlwifi: pcie: allow to pretend to have Tx CSUM for debug (FATE#321353, FATE#323335). - iwlwifi: pcie: avoid restocks inside rx loop if not emergency (FATE#321353, FATE#323335). - iwlwifi: pcie: buffer packets to avoid overflowing Tx queues (FATE#321353, FATE#323335). - iwlwifi: pcie: build an A-MSDU using TSO core (FATE#321353, FATE#323335). - iwlwifi: pcie: configure more RFH settings (FATE#321353, FATE#323335). - iwlwifi: pcie: detect and workaround invalid write ptr behavior (FATE#321353, FATE#323335). - iwlwifi: pcie: do not increment / decrement a bool (FATE#321353, FATE#323335). - iwlwifi: pcie: enable interrupts before releasing the NIC's CPU (FATE#321353, FATE#323335). - iwlwifi: pcie: enable multi-queue rx path (FATE#321353, FATE#323335). - iwlwifi: pcie: extend device reset delay (FATE#321353, FATE#323335). - iwlwifi: pcie: fine tune number of rxbs (FATE#321353, FATE#323335). - iwlwifi: pcie: fix a race in firmware loading flow (FATE#321353, FATE#323335). - iwlwifi: pcie: fix command completion name debug (bsc#1031717). - iwlwifi: pcie: fix erroneous return value (FATE#321353, FATE#323335). - iwlwifi: pcie: fix global table size (FATE#321353, FATE#323335). - iwlwifi: pcie: fix identation in trans.c (FATE#321353, FATE#323335). - iwlwifi: pcie: fix RF-Kill vs. firmware load race (FATE#321353, FATE#323335). - iwlwifi: pcie: forbid RTPM on device removal (FATE#321353, FATE#323335). - iwlwifi: pcie: mark command queue lock with separate lockdep class (FATE#321353, FATE#323335). - iwlwifi: pcie: prevent skbs shadowing in iwl_trans_pcie_reclaim (FATE#321353, FATE#323335). - iwlwifi: pcie: refactor RXBs reclaiming code (FATE#321353, FATE#323335). - iwlwifi: pcie: remove ICT allocation message (FATE#321353, FATE#323335). - iwlwifi: pcie: remove pointer from debug message (FATE#321353, FATE#323335). - iwlwifi: pcie: re-organize code towards TSO (FATE#321353, FATE#323335). - iwlwifi: pcie: set RB chunk size back to 64 (FATE#321353, FATE#323335). - iwlwifi: pcie: update iwl_mpdu_desc fields (FATE#321353, FATE#323335). - iwlwifi: print index in api/capa flags parsing message (FATE#321353, FATE#323335). - iwlwifi: refactor the code that reads the MAC address from the NVM (FATE#321353, FATE#323335). - iwlwifi: remove IWL_DL_LED (FATE#321353, FATE#323335). - iwlwifi: remove unused parameter from grab_nic_access (FATE#321353, FATE#323335). - iwlwifi: replace d0i3_mode and wowlan_d0i3 with more generic variables (FATE#321353, FATE#323335). - iwlwifi: set max firmware version of 7265 to 17 (FATE#321353, FATE#323335). - iwlwifi: support ucode with d0 unified image - regular and usniffer (FATE#321353, FATE#323335). - iwlwifi: trans: make various conversion macros inlines (FATE#321353, FATE#323335). - iwlwifi: trans: support a callback for ASYNC commands (FATE#321353, FATE#323335). - iwlwifi: treat iwl_parse_nvm_data() MAC addr as little endian (FATE#321353, FATE#323335). - iwlwifi: tt: move ucode_loaded check under mutex (FATE#321353, FATE#323335). - iwlwifi: uninline iwl_trans_send_cmd (FATE#321353, FATE#323335). - iwlwifi: update host command messages to new format (FATE#321353, FATE#323335). - iwlwifi: Update PCI IDs for 8000 and 9000 series (FATE#321353, FATE#323335). - iwlwifi: update support for 3168 series firmware and NVM (FATE#321353, FATE#323335). - iwlwifi: various comments and code cleanups (FATE#321353, FATE#323335). - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly version in panic path" (bsc#1051478). - kABI: protect lwtunnel include in ip6_route.h (kabi). - KABI protect struct acpi_nfit_desc (bsc#1052325). - kABI: protect struct iscsi_tpg_attrib (kabi). - kABI: protect struct se_lun (kabi). - kABI: protect struct tpm_chip (kabi). - kABI: protect struct xfrm_dst (kabi). - kABI: protect struct xfrm_dst (kabi). - kabi/severities: add drivers/scsi/hisi_sas to kabi severities - kabi/severities: ignore kABi changes in iwlwifi stuff itself - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478). - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478). - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478). - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478). - libnvdimm: fix badblock range handling of ARS range (bsc#1023175). - libnvdimm: fix badblock range handling of ARS range (bsc#1051048). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1048919). - libnvdimm, region: fix flush hint detection crash (bsc#1048919). - lightnvm: fix "warning: ???ret??? may be used uninitialized" (FATE#319466). - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651). - md-cluster: Fix a memleak in an error handling path (bsc#1049289). - md: do not return -EAGAIN in md_allow_write for external metadata arrays (bsc#1047174). - md: fix sleep in atomic (bsc#1040351). - mm: call page_ext_init() after all struct pages are initialized (VM Debugging Functionality, bsc#1047048). - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality, bsc#1042314). - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891). - mm, memory_hotplug: get rid of is_zone_device_section fix (bnc#1047595). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - mwifiex: do not update MCS set from hostapd (bsc#1031717). - net: account for current skb length when deciding about UFO (bsc#1041958). - net: add netdev_lockdep_set_classes() helper (fate#320485). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net/ena: switch to pci_alloc_irq_vectors (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() (bsc#1042286). - net: hns: Bugfix for Tx timeout handling in hns driver (bsc#1048451). - net: hyperv: use new api ethtool_{get|set}_link_ksettings (fate#320485). - net/mlx4_core: Fixes missing capability bit in flags2 capability dump (bsc#1015337). - net/mlx4_core: Fix namespace misalignment in QinQ VST support commit (bsc#1015337). - net/mlx4_core: Fix sl_to_vl_change bit offset in flags2 dump (bsc#1015337). - net/mlx5: Cancel delayed recovery work when unloading the driver (bsc#1015342). - net/mlx5: Clean SRIOV eswitch resources upon VF creation failure (bsc#1015342). - net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342). - net/mlx5e: Add field select to MTPPS register (bsc#1015342). - net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342). - net/mlx5e: Change 1PPS out scheme (bsc#1015342). - net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342). - net/mlx5e: Fix outer_header_zero() check size (bsc#1015342). - net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342). - net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff (bsc#1015342). - net/mlx5e: Rename physical symbol errors counter (bsc#1015342). - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes). - net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests (bsc#1015342). - net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342). - net/mlx5: Fix offset of hca cap reserved field (bsc#1015342). - net: phy: Do not perform software reset for Generic PHY (bsc#1042286). - netvsc: add comments about callback's and NAPI (fate#320485). - netvsc: Add #include's for csum_* function declarations (fate#320485). - netvsc: add rtnl annotations in rndis (fate#320485). - netvsc: add some rtnl_dereference annotations (fate#320485). - netvsc: avoid race with callback (fate#320485). - netvsc: change logic for change mtu and set_queues (fate#320485). - netvsc: change max channel calculation (fate#320485). - netvsc: change order of steps in setting queues (fate#320485). - netvsc: Deal with rescinded channels correctly (fate#320485). - netvsc: do not access netdev->num_rx_queues directly (fate#320485). - netvsc: do not overload variable in same function (fate#320485). - netvsc: do not print pointer value in error message (fate#320485). - netvsc: eliminate unnecessary skb == NULL checks (fate#320485). - netvsc: enable GRO (fate#320485). - netvsc: Fix a bug in sub-channel handling (fate#320485). - netvsc: fix and cleanup rndis_filter_set_packet_filter (fate#320485). - netvsc: fix calculation of available send sections (fate#320485). - netvsc: fix dereference before null check errors (fate#320485). - netvsc: fix error unwind on device setup failure (fate#320485). - netvsc: fix hang on netvsc module removal (fate#320485). - netvsc: fix NAPI performance regression (fate#320485). - netvsc: fix net poll mode (fate#320485). - netvsc: fix netvsc_set_channels (fate#320485). - netvsc: fix ptr_ret.cocci warnings (fate#320485). - netvsc: fix rcu dereference warning from ethtool (fate#320485). - netvsc: fix RCU warning in get_stats (fate#320485). - netvsc: fix return value for set_channels (fate#320485). - netvsc: fix rtnl deadlock on unregister of vf (fate#320485, bsc#1052442). - netvsc: fix use after free on module removal (fate#320485). - netvsc: fix warnings reported by lockdep (fate#320485). - netvsc: fold in get_outbound_net_device (fate#320485). - netvsc: force link update after MTU change (fate#320485). - netvsc: handle offline mtu and channel change (fate#320485). - netvsc: implement NAPI (fate#320485). - netvsc: include rtnetlink.h (fate#320485). - netvsc: Initialize all channel related state prior to opening the channel (fate#320485). - netvsc: make sure and unregister datapath (fate#320485, bsc#1052899). - netvsc: make sure napi enabled before vmbus_open (fate#320485). - netvsc: mark error cases as unlikely (fate#320485). - netvsc: move filter setting to rndis_device (fate#320485). - netvsc: need napi scheduled during removal (fate#320485). - netvsc: need rcu_derefence when accessing internal device info (fate#320485). - netvsc: optimize calculation of number of slots (fate#320485). - netvsc: optimize receive completions (fate#320485). - netvsc: pass net_device to netvsc_init_buf and netvsc_connect_vsp (fate#320485). - netvsc: prefetch the first incoming ring element (fate#320485). - netvsc: Properly initialize the return value (fate#320485). - netvsc: remove bogus rtnl_unlock (fate#320485). - netvsc: remove no longer used max_num_rss queues (fate#320485). - netvsc: Remove redundant use of ipv6_hdr() (fate#320485). - netvsc: remove unnecessary indirection of page_buffer (fate#320485). - netvsc: remove unnecessary lock on shutdown (fate#320485). - netvsc: remove unused #define (fate#320485). - netvsc: replace netdev_alloc_skb_ip_align with napi_alloc_skb (fate#320485). - netvsc: save pointer to parent netvsc_device in channel table (fate#320485). - netvsc: signal host if receive ring is emptied (fate#320485). - netvsc: transparent VF management (fate#320485, bsc#1051979). - netvsc: use ERR_PTR to avoid dereference issues (fate#320485). - netvsc: use hv_get_bytes_to_read (fate#320485). - netvsc: use napi_consume_skb (fate#320485). - netvsc: use RCU to protect inner device structure (fate#320485). - netvsc: uses RCU instead of removal flag (fate#320485). - netvsc: use typed pointer for internal state (fate#320485). - nfs: Cache aggressively when file is open for writing (bsc#1033587). - nfs: Do not flush caches for a getattr that races with writeback (bsc#1033587). - nfs: invalidate file size when taking a lock (git-fixes). - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118). - nfs: Optimize fallocate by refreshing mapping when needed (git-fixes). - nvme: add hostid token to fabric options (bsc#1045293). - nvme: also provide a UUID in the WWID sysfs attribute (bsc#1048146). - nvme: fabrics commands should use the fctype field for data direction (bsc#1043805). - nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211). - nvme/pci: Fix stuck nvme reset (bsc#1043805). - nvmet: identify controller: improve standard compliance (bsc#1048146). - nvme: wwid_show: strip trailing 0-bytes (bsc#1048146). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829). - ocfs2: Make ocfs2_set_acl() static (bsc#1030552). - pci: Add Mellanox device IDs (bsc#1051478). - pci: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478). - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478). - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478). - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478). - pci: Enable ECRC only if device supports it (bsc#1051478). - pci: hv: Allocate interrupt descriptors with GFP_ATOMIC (fate#320295, bnc#1034113). - pci: hv: Lock PCI bus on device eject (fate#320295, bnc#1034113). Replaces a change for (bnc#998664) - pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211). - pci/msi: Ignore affinity if pre/post vector count is more than min_vecs (1050211). - pci/pm: Fix native PME handling during system suspend/resume (bsc#1051478). - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478). - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478). - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478). - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478). - pipe: cap initial pipe capacity according to pipe-max-size limit (bsc#1045330). - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022). - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022). - pm / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059). - powerpc: Add POWER9 architected mode to cputable (bsc#1048916, fate#321439). - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bsc#1049231). - powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS (FATE#322421). - powerpc/perf: Fix branch event code for power9 (fate#321438, Pending SUSE Kernel Fixes). - powerpc/perf: Fix oops when kthread execs user process - powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9 (bsc#1053043 (git-fixes)). - powerpc: Support POWER9 in architected mode (bsc#1048916, fate#321439). - powerpc/tm: Fix saving of TM SPRs in core dump (fate#318470, git-fixes 08e1c01d6aed). - prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476). - printk: Correctly handle preemption in console_unlock() (bsc#1046434). - printk/xen: Force printk sync mode when migrating Xen guest (bsc#1043347). - qed: Add missing static/local dcbx info (bsc#1019695). - qed: Correct print in iscsi error-flow (bsc#1019695). - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374). - rbd: drop extra rbd_img_request_get (bsc#1045596). - rbd: make sure pages are freed by libceph (bsc#1045596). - rdma/bnxt_re: checking for NULL instead of IS_ERR() (bsc#1052925). - rdma/iw_cxgb4: Always wake up waiter in c4iw_peer_abort_intr() (bsc#1026570). - rdma/mlx5: Fix existence check for extended address vector (bsc#1015342). - rdma/qedr: Prevent memory overrun in verbs' user responses (bsc#1022604 FATE#321747). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - Remove upstream commit e14b4db7a567 netvsc: fix race during initialization will be replaced by following changes - reorder upstream commit d0c2c9973ecd net: use core MTU range checking in virt drivers - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" (bsc#1031717). - Revert "Add "shutdown" to "struct class"." (kabi). - Revert "KVM: x86: fix emulation of RSM and IRET instructions" (kabi). - Revert "Make file credentials available to the seqfile interfaces" (kabi). - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi). - Revert "netvsc: optimize calculation of number of slots" (fate#320485). - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" (bsc#1048914). - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" (bsc#1048914). - Revert "/proc/iomem: only expose physical resource addresses to privileged users" (kabi). - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi). - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063). - s390/crash: Remove unused KEXEC_NOTE_BYTES (bsc#1049706). - s390/kdump: remove code to create ELF notes in the crashed system (bsc#1049706). - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476). - sched/debug: Print the scheduler topology group mask (bnc#1022476). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476). - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476). - sched/topology: Add sched_group_capacity debugging (bnc#1022476). - sched/topology: Fix building of overlapping sched-groups (bnc#1022476). - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476). - sched/topology: Move comment about asymmetric node setups (bnc#1022476). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476). - sched/topology: Small cleanup (bnc#1022476). - sched/topology: Verify the first group matches the child domain (bnc#1022476). - scsi: aacraid: Do not copy uninitialized stack memory to userspace (bsc#1048912). - scsi: aacraid: fix leak of data from stack back to userspace (bsc#1048912). - scsi: aacraid: fix PCI error recovery path (bsc#1048912). - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi_devinfo: fixup string compare (bsc#1037404). - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792). - scsi: hisi_sas: add pci_dev in hisi_hba struct (bsc#1049298). - scsi: hisi_sas: add v2 hw internal abort timeout workaround (bsc#1049298). - scsi: hisi_sas: controller reset for multi-bits ECC and AXI fatal errors (bsc#1049298). - scsi: hisi_sas: fix NULL deference when TMF timeouts (bsc#1049298). - scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort() (bsc#1049298). - scsi: hisi_sas: optimise DMA slot memory (bsc#1049298). - scsi: hisi_sas: optimise the usage of hisi_hba.lock (bsc#1049298). - scsi: hisi_sas: relocate get_ata_protocol() (bsc#1049298). - scsi: hisi_sas: workaround a SoC SATA IO processing bug (bsc#1049298). - scsi: hisi_sas: workaround SoC about abort timeout bug (bsc#1049298). - scsi: hisi_sas: workaround STP link SoC bug (bsc#1049298). - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887). - scsi: lpfc: Add auto EQ delay logic (bsc#1042257). - scsi: lpfc: Added recovery logic for running out of NVMET IO context resources (bsc#1037838). - scsi: lpfc: Adding additional stats counters for nvme (bsc#1037838). - scsi: lpfc: Add MDS Diagnostic support (bsc#1037838). - scsi: lpfc: Cleanup entry_repost settings on SLI4 queues (bsc#1037838). - scsi: lpfc: do not double count abort errors (bsc#1048912). - scsi: lpfc: Driver responds LS_RJT to Beacon Off ELS - Linux (bsc#1044623). - scsi: lpfc: Fix crash after firmware flash when IO is running (bsc#1044623). - scsi: lpfc: Fix crash doing IO with resets (bsc#1044623). - scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an abort request (bsc#1044623). - scsi: lpfc: Fix debugfs root inode "lpfc" not getting deleted on driver unload (bsc#1037838). - scsi: lpfc: Fix defects reported by Coverity Scan (bsc#1042257). - scsi: lpfc: fix linking against modular NVMe support (bsc#1048912). - scsi: lpfc: Fix NMI watchdog assertions when running nvmet IOPS tests (bsc#1037838). - scsi: lpfc: Fix NVMEI driver not decrementing counter causing bad rport state (bsc#1037838). - scsi: lpfc: Fix nvme io stoppage after link bounce (bsc#1045404). - scsi: lpfc: Fix NVMEI's handling of NVMET's PRLI response attributes (bsc#1037838). - scsi: lpfc: Fix NVME I+T not registering NVME as a supported FC4 type (bsc#1037838). - scsi: lpfc: Fix nvmet RQ resource needs for large block writes (bsc#1037838). - scsi: lpfc: fix refcount error on node list (bsc#1045404). - scsi: lpfc: Fix SLI3 drivers attempting NVME ELS commands (bsc#1044623). - scsi: lpfc: Fix system crash when port is reset (bsc#1037838). - scsi: lpfc: Fix system panic when express lane enabled (bsc#1044623). - scsi: lpfc: Fix used-RPI accounting problem (bsc#1037838). - scsi: lpfc: Reduce time spent in IRQ for received NVME commands (bsc#1044623). - scsi: lpfc: Separate NVMET data buffer pool fir ELS/CT (bsc#1037838). - scsi: lpfc: Separate NVMET RQ buffer posting from IO resources SGL/iocbq/context (bsc#1037838). - scsi: lpfc: update to revision to 11.4.0.1 (bsc#1044623). - scsi: lpfc: update version to 11.2.0.14 (bsc#1037838). - scsi: lpfc: Vport creation is failing with "Link Down" error (bsc#1044623). - scsi: qedf: Fix a return value in case of error in 'qedf_alloc_global_queues' (bsc#1048912). - scsi: qedi: Fix return code in qedi_ep_connect() (bsc#1048912). - scsi: qedi: Remove WARN_ON for untracked cleanup (bsc#1044443). - scsi: qedi: Remove WARN_ON from clear task context (bsc#1044443). - scsi: storvsc: Prefer kcalloc over kzalloc with multiply (fate#320485). - scsi: storvsc: remove return at end of void function (fate#320485). - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485, bnc#1044636). - sfc: Add ethtool -m support for QSFP modules (bsc#1049619). - smartpqi: limit transfer length to 1MB (bsc#1025461). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - string.h: add memcpy_and_pad() (bsc#1048146). - sysctl: do not print negative flag for proc_douintvec (bnc#1046985). - Temporarily disable iwlwifi-expose-default-fallback-ucode-api ... for updating iwlwifi stack - timers: Plug locking race vs. timer migration (bnc#1022476). - tools: hv: Add clean up for included files in Ubuntu net config (fate#320485). - tools: hv: Add clean up function for Ubuntu config (fate#320485). - tools: hv: properly handle long paths (fate#320485). - tools: hv: set allow-hotplug for VF on Ubuntu (fate#320485). - tools: hv: set hotplug for VF on Suse (fate#320485). - Tools: hv: vss: Thaw the filesystem and continue if freeze call has timed out (fate#320485). - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117). - tpm: KABI fix (bsc#1053117). - tpm_tis: Fix IRQ autoprobing when using platform_device (bsc#1020645, fate#321435, fate#321507, fate#321600, Pending fixes 2017-07-06). - tpm_tis: Use platform_get_irq (bsc#1020645, fate#321435, fate#321507, fate#321600, Pending fixes 2017-07-06). - tpm/tpm_crb: fix priv->cmd_size initialisation (bsc#1020645, fate#321435, fate#321507, fate#321600, Pending SUSE Kernel Fixes). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829). - udf: Fix races with i_size changes during readpage (bsc#1012829). - Update config files: add CONFIG_IWLWIFI_PCIE_RTPM=y (FATE#323335) - vfs: fix missing inode_get_dev sites (bsc#1052049). - vmbus: cleanup header file style (fate#320485). - vmbus: expose debug info for drivers (fate#320485). - vmbus: fix spelling errors (fate#320485). - vmbus: introduce in-place packet iterator (fate#320485). - vmbus: only reschedule tasklet if time limit exceeded (fate#320485). - vmbus: re-enable channel tasklet (fate#320485). - vmbus: remove unnecessary initialization (fate#320485). - vmbus: remove useless return's (fate#320485). - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399). - x86/hyperv: Check frequency MSRs presence according to the specification (fate#320485). - x86/LDT: Print the real LDT base address (bsc#1051478). - x86/mce: Make timer handling more robust (bsc#1042422). - x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478). - x86/platform/uv/BAU: Disable BAU on single hub configurations (bsc#1050320). - x86/platform/uv/BAU: Fix congested_response_us not taking effect (bsc#1050322). - xen: allocate page for shared info page from low memory (bnc#1038616). - xen/balloon: do not online new memory initially (bnc#1028173). - xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422). - xen-netfront: Rework the fix for Rx stall during OOM and network stress (git-fixes). - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598). - xfs: detect and trim torn writes during log recovery (bsc#1036215). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188). - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - xfs: refactor and open code log record crc check (bsc#1036215). - xfs: refactor log record start detection into a new helper (bsc#1036215). - xfs: return start block of first bad log record during recovery (bsc#1036215). - xfs: support a crc verification only log record pass (bsc#1036215). - xgene: Do not fail probe, if there is no clk resource for SGMII interfaces (bsc#1048501). - xilinx network drivers: disable (bsc#1046170). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1404=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1404=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1404=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-1404=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1404=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1404=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.82-6.3.1 kernel-default-debugsource-4.4.82-6.3.1 kernel-default-extra-4.4.82-6.3.1 kernel-default-extra-debuginfo-4.4.82-6.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.82-6.3.3 kernel-obs-build-debugsource-4.4.82-6.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.82-6.3.5 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.82-6.3.1 kernel-default-base-4.4.82-6.3.1 kernel-default-base-debuginfo-4.4.82-6.3.1 kernel-default-debuginfo-4.4.82-6.3.1 kernel-default-debugsource-4.4.82-6.3.1 kernel-default-devel-4.4.82-6.3.1 kernel-syms-4.4.82-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.82-6.3.1 kernel-macros-4.4.82-6.3.1 kernel-source-4.4.82-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.82-6.3.1 - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_3-default-1-2.1 kgraft-patch-4_4_82-6_3-default-debuginfo-1-2.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.82-6.3.1 cluster-md-kmp-default-debuginfo-4.4.82-6.3.1 dlm-kmp-default-4.4.82-6.3.1 dlm-kmp-default-debuginfo-4.4.82-6.3.1 gfs2-kmp-default-4.4.82-6.3.1 gfs2-kmp-default-debuginfo-4.4.82-6.3.1 kernel-default-debuginfo-4.4.82-6.3.1 kernel-default-debugsource-4.4.82-6.3.1 ocfs2-kmp-default-4.4.82-6.3.1 ocfs2-kmp-default-debuginfo-4.4.82-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.82-6.3.1 kernel-macros-4.4.82-6.3.1 kernel-source-4.4.82-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.82-6.3.1 kernel-default-debuginfo-4.4.82-6.3.1 kernel-default-debugsource-4.4.82-6.3.1 kernel-default-devel-4.4.82-6.3.1 kernel-default-extra-4.4.82-6.3.1 kernel-default-extra-debuginfo-4.4.82-6.3.1 kernel-syms-4.4.82-6.3.1 References: https://www.suse.com/security/cve/CVE-2017-1000111.html https://www.suse.com/security/cve/CVE-2017-1000112.html https://www.suse.com/security/cve/CVE-2017-10810.html https://www.suse.com/security/cve/CVE-2017-11473.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7541.html https://www.suse.com/security/cve/CVE-2017-7542.html https://www.suse.com/security/cve/CVE-2017-8831.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1006180 https://bugzilla.suse.com/1011913 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1013887 https://bugzilla.suse.com/1015337 https://bugzilla.suse.com/1015342 https://bugzilla.suse.com/1016119 https://bugzilla.suse.com/1019151 https://bugzilla.suse.com/1019695 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1022476 https://bugzilla.suse.com/1022600 https://bugzilla.suse.com/1022604 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1024346 https://bugzilla.suse.com/1024373 https://bugzilla.suse.com/1025461 https://bugzilla.suse.com/1026570 https://bugzilla.suse.com/1028173 https://bugzilla.suse.com/1028286 https://bugzilla.suse.com/1029693 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1031515 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1031784 https://bugzilla.suse.com/1033587 https://bugzilla.suse.com/1034075 https://bugzilla.suse.com/1034113 https://bugzilla.suse.com/1034762 https://bugzilla.suse.com/1036215 https://bugzilla.suse.com/1036632 https://bugzilla.suse.com/1037344 https://bugzilla.suse.com/1037404 https://bugzilla.suse.com/1037838 https://bugzilla.suse.com/1037994 https://bugzilla.suse.com/1038078 https://bugzilla.suse.com/1038616 https://bugzilla.suse.com/1038792 https://bugzilla.suse.com/1039153 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1039915 https://bugzilla.suse.com/1040307 https://bugzilla.suse.com/1040347 https://bugzilla.suse.com/1040351 https://bugzilla.suse.com/1041958 https://bugzilla.suse.com/1042257 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1042314 https://bugzilla.suse.com/1042422 https://bugzilla.suse.com/1042778 https://bugzilla.suse.com/1043261 https://bugzilla.suse.com/1043347 https://bugzilla.suse.com/1043520 https://bugzilla.suse.com/1043598 https://bugzilla.suse.com/1043652 https://bugzilla.suse.com/1043805 https://bugzilla.suse.com/1043912 https://bugzilla.suse.com/1044112 https://bugzilla.suse.com/1044443 https://bugzilla.suse.com/1044623 https://bugzilla.suse.com/1044636 https://bugzilla.suse.com/1045154 https://bugzilla.suse.com/1045293 https://bugzilla.suse.com/1045330 https://bugzilla.suse.com/1045404 https://bugzilla.suse.com/1045563 https://bugzilla.suse.com/1045596 https://bugzilla.suse.com/1045709 https://bugzilla.suse.com/1045715 https://bugzilla.suse.com/1045866 https://bugzilla.suse.com/1045922 https://bugzilla.suse.com/1045937 https://bugzilla.suse.com/1046105 https://bugzilla.suse.com/1046170 https://bugzilla.suse.com/1046434 https://bugzilla.suse.com/1046651 https://bugzilla.suse.com/1046655 https://bugzilla.suse.com/1046682 https://bugzilla.suse.com/1046821 https://bugzilla.suse.com/1046985 https://bugzilla.suse.com/1047027 https://bugzilla.suse.com/1047048 https://bugzilla.suse.com/1047096 https://bugzilla.suse.com/1047118 https://bugzilla.suse.com/1047121 https://bugzilla.suse.com/1047152 https://bugzilla.suse.com/1047174 https://bugzilla.suse.com/1047277 https://bugzilla.suse.com/1047343 https://bugzilla.suse.com/1047354 https://bugzilla.suse.com/1047418 https://bugzilla.suse.com/1047506 https://bugzilla.suse.com/1047595 https://bugzilla.suse.com/1047651 https://bugzilla.suse.com/1047653 https://bugzilla.suse.com/1047670 https://bugzilla.suse.com/1047802 https://bugzilla.suse.com/1048146 https://bugzilla.suse.com/1048155 https://bugzilla.suse.com/1048221 https://bugzilla.suse.com/1048317 https://bugzilla.suse.com/1048348 https://bugzilla.suse.com/1048356 https://bugzilla.suse.com/1048421 https://bugzilla.suse.com/1048451 https://bugzilla.suse.com/1048501 https://bugzilla.suse.com/1048891 https://bugzilla.suse.com/1048912 https://bugzilla.suse.com/1048914 https://bugzilla.suse.com/1048916 https://bugzilla.suse.com/1048919 https://bugzilla.suse.com/1049231 https://bugzilla.suse.com/1049289 https://bugzilla.suse.com/1049298 https://bugzilla.suse.com/1049361 https://bugzilla.suse.com/1049483 https://bugzilla.suse.com/1049486 https://bugzilla.suse.com/1049603 https://bugzilla.suse.com/1049619 https://bugzilla.suse.com/1049645 https://bugzilla.suse.com/1049706 https://bugzilla.suse.com/1049882 https://bugzilla.suse.com/1050061 https://bugzilla.suse.com/1050188 https://bugzilla.suse.com/1050211 https://bugzilla.suse.com/1050320 https://bugzilla.suse.com/1050322 https://bugzilla.suse.com/1050677 https://bugzilla.suse.com/1051022 https://bugzilla.suse.com/1051048 https://bugzilla.suse.com/1051059 https://bugzilla.suse.com/1051239 https://bugzilla.suse.com/1051399 https://bugzilla.suse.com/1051471 https://bugzilla.suse.com/1051478 https://bugzilla.suse.com/1051479 https://bugzilla.suse.com/1051556 https://bugzilla.suse.com/1051663 https://bugzilla.suse.com/1051689 https://bugzilla.suse.com/1051979 https://bugzilla.suse.com/1052049 https://bugzilla.suse.com/1052223 https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052325 https://bugzilla.suse.com/1052365 https://bugzilla.suse.com/1052442 https://bugzilla.suse.com/1052533 https://bugzilla.suse.com/1052709 https://bugzilla.suse.com/1052773 https://bugzilla.suse.com/1052794 https://bugzilla.suse.com/1052899 https://bugzilla.suse.com/1052925 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1053117 https://bugzilla.suse.com/964063 https://bugzilla.suse.com/974215 https://bugzilla.suse.com/998664 From sle-security-updates at lists.suse.com Tue Aug 29 13:07:15 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Aug 2017 21:07:15 +0200 (CEST) Subject: SUSE-SU-2017:2290-1: moderate: Security update for mysql Message-ID: <20170829190715.53D4CFCA4@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2290-1 Rating: moderate References: #1049398 #1049399 #1049404 #1049411 #1049415 #1049416 #1049417 #1049422 Cross-References: CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for mysql fixes the following issues: - CVE-2017-3635: C API unspecified vulnerability (bsc#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (bsc#1049399) - CVE-2017-3641: DML unspecified vulnerability (bsc#1049404) - CVE-2017-3648: Charsets unspecified vulnerability (bsc#1049411) - CVE-2017-3651: Client mysqldump unspecified vulnerability (bsc#1049415) - CVE-2017-3652: DDL unspecified vulnerability (bsc#1049416) - CVE-2017-3653: DDL unspecified vulnerability (bsc#1049417) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13252=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13252=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13252=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.57-0.39.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.57-0.39.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.57-0.39.3.1 libmysql55client_r18-5.5.57-0.39.3.1 mysql-5.5.57-0.39.3.1 mysql-client-5.5.57-0.39.3.1 mysql-tools-5.5.57-0.39.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.57-0.39.3.1 libmysql55client_r18-32bit-5.5.57-0.39.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.57-0.39.3.1 libmysql55client_r18-x86-5.5.57-0.39.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.57-0.39.3.1 mysql-debugsource-5.5.57-0.39.3.1 References: https://www.suse.com/security/cve/CVE-2017-3635.html https://www.suse.com/security/cve/CVE-2017-3636.html https://www.suse.com/security/cve/CVE-2017-3641.html https://www.suse.com/security/cve/CVE-2017-3648.html https://www.suse.com/security/cve/CVE-2017-3651.html https://www.suse.com/security/cve/CVE-2017-3652.html https://www.suse.com/security/cve/CVE-2017-3653.html https://bugzilla.suse.com/1049398 https://bugzilla.suse.com/1049399 https://bugzilla.suse.com/1049404 https://bugzilla.suse.com/1049411 https://bugzilla.suse.com/1049415 https://bugzilla.suse.com/1049416 https://bugzilla.suse.com/1049417 https://bugzilla.suse.com/1049422 From sle-security-updates at lists.suse.com Tue Aug 29 13:10:00 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Aug 2017 21:10:00 +0200 (CEST) Subject: SUSE-SU-2017:2293-1: moderate: Security update for strongswan Message-ID: <20170829191000.B07DEFCA4@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2293-1 Rating: moderate References: #1051222 Cross-References: CVE-2017-11185 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for strongswan fixes the following issues: - CVE-2017-11185: Specific RSA signatures passed to the gmp plugin for verification can cause a null-pointer dereference and it may lead to a denial of service (bsc#1051222) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-strongswan-13251=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-strongswan-13251=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.36.3.1 strongswan-doc-4.4.0-6.36.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-debuginfo-4.4.0-6.36.3.1 strongswan-debugsource-4.4.0-6.36.3.1 References: https://www.suse.com/security/cve/CVE-2017-11185.html https://bugzilla.suse.com/1051222 From sle-security-updates at lists.suse.com Tue Aug 29 13:10:30 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 29 Aug 2017 21:10:30 +0200 (CEST) Subject: SUSE-SU-2017:2294-1: important: Security update for quagga Message-ID: <20170829191030.20B89FCB0@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2294-1 Rating: important References: #1005258 #1021669 #1034273 Cross-References: CVE-2016-1245 CVE-2017-5495 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update provides Quagga 1.1.1, which brings several fixes and enhancements. Security issues fixed: - CVE-2017-5495: Telnet 'vty' interface DoS due to unbounded memory allocation. (bsc#1021669) - CVE-2016-1245: Stack overrun in IPv6 RA receive code. (bsc#1005258) Bug fixes: - Do not enable zebra's TCP interface (port 2600) to use default UNIX socket for communication between the daemons. (fate#323170) Between 0.99.22.1 and 1.1.1 the following improvements have been implemented: - Changed the default of 'link-detect' state, controlling whether zebra will respond to link-state events and consider an interface to be down when link is down. To retain the current behavior save your config before updating, otherwise remove the 'link-detect' flag from your config prior to updating. There is also a new global 'default link-detect (on|off)' flag to configure the global default. - Greatly improved nexthop resolution for recursive routes. - Event driven nexthop resolution for BGP. - Route tags support. - Transport of TE related metrics over OSPF, IS-IS. - IPv6 Multipath for zebra and BGP. - Multicast RIB support has been extended. It still is IPv4 only. - RIP for IPv4 now supports equal-cost multipath (ECMP). - route-maps have a new action "set ipv6 next-hop peer-address". - route-maps have a new action "set as-path prepend last-as". - "next-hop-self all" to override nexthop on iBGP route reflector setups. - New pimd daemon provides IPv4 PIM-SSM multicast routing. - IPv6 address management has been improved regarding tentative addresses. This is visible in that a freshly configured address will not immediately be marked as usable. - Recursive route support has been overhauled. Scripts parsing "show ip route" output may need adaptation. - A large amount of changes has been merged for ospf6d. Careful evaluation prior to deployment is recommended. - Multiprotocol peerings over IPv6 now try to find a more appropriate IPv4 nexthop by looking at the interface. - Relaxed bestpath criteria for multipath and improved display of multipath routes in "show ip bgp". Scripts parsing this output may need to be updated. - Support for iBGP TTL security. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1407=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1407=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1407=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1407=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1407=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): quagga-debuginfo-1.1.1-17.3.3 quagga-debugsource-1.1.1-17.3.3 quagga-devel-1.1.1-17.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): quagga-debuginfo-1.1.1-17.3.3 quagga-debugsource-1.1.1-17.3.3 quagga-devel-1.1.1-17.3.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libfpm_pb0-1.1.1-17.3.3 libfpm_pb0-debuginfo-1.1.1-17.3.3 libospf0-1.1.1-17.3.3 libospf0-debuginfo-1.1.1-17.3.3 libospfapiclient0-1.1.1-17.3.3 libospfapiclient0-debuginfo-1.1.1-17.3.3 libquagga_pb0-1.1.1-17.3.3 libquagga_pb0-debuginfo-1.1.1-17.3.3 libzebra1-1.1.1-17.3.3 libzebra1-debuginfo-1.1.1-17.3.3 quagga-1.1.1-17.3.3 quagga-debuginfo-1.1.1-17.3.3 quagga-debugsource-1.1.1-17.3.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libfpm_pb0-1.1.1-17.3.3 libfpm_pb0-debuginfo-1.1.1-17.3.3 libospf0-1.1.1-17.3.3 libospf0-debuginfo-1.1.1-17.3.3 libospfapiclient0-1.1.1-17.3.3 libospfapiclient0-debuginfo-1.1.1-17.3.3 libquagga_pb0-1.1.1-17.3.3 libquagga_pb0-debuginfo-1.1.1-17.3.3 libzebra1-1.1.1-17.3.3 libzebra1-debuginfo-1.1.1-17.3.3 quagga-1.1.1-17.3.3 quagga-debuginfo-1.1.1-17.3.3 quagga-debugsource-1.1.1-17.3.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libfpm_pb0-1.1.1-17.3.3 libfpm_pb0-debuginfo-1.1.1-17.3.3 libospf0-1.1.1-17.3.3 libospf0-debuginfo-1.1.1-17.3.3 libospfapiclient0-1.1.1-17.3.3 libospfapiclient0-debuginfo-1.1.1-17.3.3 libquagga_pb0-1.1.1-17.3.3 libquagga_pb0-debuginfo-1.1.1-17.3.3 libzebra1-1.1.1-17.3.3 libzebra1-debuginfo-1.1.1-17.3.3 quagga-1.1.1-17.3.3 quagga-debuginfo-1.1.1-17.3.3 quagga-debugsource-1.1.1-17.3.3 References: https://www.suse.com/security/cve/CVE-2016-1245.html https://www.suse.com/security/cve/CVE-2017-5495.html https://bugzilla.suse.com/1005258 https://bugzilla.suse.com/1021669 https://bugzilla.suse.com/1034273 From sle-security-updates at lists.suse.com Wed Aug 30 11:27:14 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Aug 2017 19:27:14 +0200 (CEST) Subject: SUSE-SU-2017:2299-1: moderate: Security update for expat Message-ID: <20170830172714.1534AFCB2@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2299-1 Rating: moderate References: #1047236 #1047240 Cross-References: CVE-2016-9063 CVE-2017-9233 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1419=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1419=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1419=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1419=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1419=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1419=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1419=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1419=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1419=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-21.3.1 expat-debugsource-2.1.0-21.3.1 libexpat-devel-2.1.0-21.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-21.3.1 expat-debugsource-2.1.0-21.3.1 libexpat-devel-2.1.0-21.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): expat-2.1.0-21.3.1 expat-debuginfo-2.1.0-21.3.1 expat-debugsource-2.1.0-21.3.1 libexpat1-2.1.0-21.3.1 libexpat1-debuginfo-2.1.0-21.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.3.1 expat-debuginfo-2.1.0-21.3.1 expat-debugsource-2.1.0-21.3.1 libexpat1-2.1.0-21.3.1 libexpat1-debuginfo-2.1.0-21.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.3.1 libexpat1-32bit-2.1.0-21.3.1 libexpat1-debuginfo-32bit-2.1.0-21.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.3.1 expat-debuginfo-2.1.0-21.3.1 expat-debugsource-2.1.0-21.3.1 libexpat1-2.1.0-21.3.1 libexpat1-debuginfo-2.1.0-21.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.3.1 libexpat1-32bit-2.1.0-21.3.1 libexpat1-debuginfo-32bit-2.1.0-21.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): expat-2.1.0-21.3.1 expat-debuginfo-2.1.0-21.3.1 expat-debuginfo-32bit-2.1.0-21.3.1 expat-debugsource-2.1.0-21.3.1 libexpat1-2.1.0-21.3.1 libexpat1-32bit-2.1.0-21.3.1 libexpat1-debuginfo-2.1.0-21.3.1 libexpat1-debuginfo-32bit-2.1.0-21.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): expat-2.1.0-21.3.1 expat-debuginfo-2.1.0-21.3.1 expat-debuginfo-32bit-2.1.0-21.3.1 expat-debugsource-2.1.0-21.3.1 libexpat1-2.1.0-21.3.1 libexpat1-32bit-2.1.0-21.3.1 libexpat1-debuginfo-2.1.0-21.3.1 libexpat1-debuginfo-32bit-2.1.0-21.3.1 - SUSE Container as a Service Platform ALL (x86_64): expat-2.1.0-21.3.1 expat-debuginfo-2.1.0-21.3.1 expat-debugsource-2.1.0-21.3.1 libexpat1-2.1.0-21.3.1 libexpat1-debuginfo-2.1.0-21.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): expat-2.1.0-21.3.1 expat-debuginfo-2.1.0-21.3.1 expat-debugsource-2.1.0-21.3.1 libexpat1-2.1.0-21.3.1 libexpat1-debuginfo-2.1.0-21.3.1 References: https://www.suse.com/security/cve/CVE-2016-9063.html https://www.suse.com/security/cve/CVE-2017-9233.html https://bugzilla.suse.com/1047236 https://bugzilla.suse.com/1047240 From sle-security-updates at lists.suse.com Wed Aug 30 11:27:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Aug 2017 19:27:58 +0200 (CEST) Subject: SUSE-SU-2017:2300-1: moderate: Security update for libraw Message-ID: <20170830172758.2CE39FCA4@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2300-1 Rating: moderate References: #1039209 #1039210 #1039379 #1039380 #930683 #957517 Cross-References: CVE-2015-3885 CVE-2015-8367 CVE-2017-6886 CVE-2017-6887 CVE-2017-6889 CVE-2017-6890 CVE-2017-6899 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for libraw fixes the following issues: - CVE-2015-3885: A specially crafted raw image file could have caused a Denial of Service through an integer overflow. (bsc#930683) - CVE-2015-8367: The function phase_one_correct() did not handle memory object initialization correctly, which may have caused some other problems. (bsc#957517) - CVE-2017-6886: memory corruption in parse_tiff_ifd() func (internal/dcraw_common.cpp) could lead to Denial of service (bsc#1039380) - CVE-2017-6889: integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) could lead to Denial of service (bsc#1039210) - CVE-2017-6890: boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) (bsc#1039209) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1416=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1416=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1416=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1416=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1416=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1416=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libraw-debugsource-0.15.4-9.2 libraw9-0.15.4-9.2 libraw9-debuginfo-0.15.4-9.2 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libraw-debugsource-0.15.4-9.2 libraw9-0.15.4-9.2 libraw9-debuginfo-0.15.4-9.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-9.2 libraw-devel-0.15.4-9.2 libraw-devel-static-0.15.4-9.2 libraw9-0.15.4-9.2 libraw9-debuginfo-0.15.4-9.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-9.2 libraw-devel-0.15.4-9.2 libraw-devel-static-0.15.4-9.2 libraw9-0.15.4-9.2 libraw9-debuginfo-0.15.4-9.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libraw-debugsource-0.15.4-9.2 libraw9-0.15.4-9.2 libraw9-debuginfo-0.15.4-9.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libraw-debugsource-0.15.4-9.2 libraw9-0.15.4-9.2 libraw9-debuginfo-0.15.4-9.2 References: https://www.suse.com/security/cve/CVE-2015-3885.html https://www.suse.com/security/cve/CVE-2015-8367.html https://www.suse.com/security/cve/CVE-2017-6886.html https://www.suse.com/security/cve/CVE-2017-6887.html https://www.suse.com/security/cve/CVE-2017-6889.html https://www.suse.com/security/cve/CVE-2017-6890.html https://www.suse.com/security/cve/CVE-2017-6899.html https://bugzilla.suse.com/1039209 https://bugzilla.suse.com/1039210 https://bugzilla.suse.com/1039379 https://bugzilla.suse.com/1039380 https://bugzilla.suse.com/930683 https://bugzilla.suse.com/957517 From sle-security-updates at lists.suse.com Wed Aug 30 11:29:57 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Aug 2017 19:29:57 +0200 (CEST) Subject: SUSE-SU-2017:2302-1: important: Security update for MozillaFirefox Message-ID: <20170830172957.83AC8FCA4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2302-1 Rating: important References: #1031485 #1052829 Cross-References: CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829) Following security issues were fixed: * MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback * MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts * MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID * MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections * MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads * MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG * MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM * MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers * MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements * MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools * MFSA 2017-19/CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher * MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 * MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during disconnection * MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window resizing * MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements * MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied This update also fixes: - fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups enabled and running on cpu >=1 (bsc#1031485) - The Itanium ia64 build was fixed. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-13254=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-13254=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-13254=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-13254=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-13254=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-13254=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-52.3.0esr-72.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-52.3.0esr-72.9.1 MozillaFirefox-branding-SLED-52-24.5.1 MozillaFirefox-translations-52.3.0esr-72.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-52.3.0esr-72.9.1 MozillaFirefox-branding-SLED-52-24.5.1 MozillaFirefox-translations-52.3.0esr-72.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-52.3.0esr-72.9.1 MozillaFirefox-branding-SLED-52-24.5.1 MozillaFirefox-translations-52.3.0esr-72.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-52.3.0esr-72.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-52.3.0esr-72.9.1 References: https://www.suse.com/security/cve/CVE-2017-7753.html https://www.suse.com/security/cve/CVE-2017-7779.html https://www.suse.com/security/cve/CVE-2017-7782.html https://www.suse.com/security/cve/CVE-2017-7784.html https://www.suse.com/security/cve/CVE-2017-7785.html https://www.suse.com/security/cve/CVE-2017-7786.html https://www.suse.com/security/cve/CVE-2017-7787.html https://www.suse.com/security/cve/CVE-2017-7791.html https://www.suse.com/security/cve/CVE-2017-7792.html https://www.suse.com/security/cve/CVE-2017-7798.html https://www.suse.com/security/cve/CVE-2017-7800.html https://www.suse.com/security/cve/CVE-2017-7801.html https://www.suse.com/security/cve/CVE-2017-7802.html https://www.suse.com/security/cve/CVE-2017-7803.html https://www.suse.com/security/cve/CVE-2017-7804.html https://www.suse.com/security/cve/CVE-2017-7807.html https://bugzilla.suse.com/1031485 https://bugzilla.suse.com/1052829 From sle-security-updates at lists.suse.com Wed Aug 30 11:30:51 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 30 Aug 2017 19:30:51 +0200 (CEST) Subject: SUSE-SU-2017:2303-1: important: Security update for php7 Message-ID: <20170830173051.F0838FCB7@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2303-1 Rating: important References: #1047454 #1048094 #1048096 #1048100 #1048111 #1048112 #1050241 #1050726 #1052389 #1053645 #986386 Cross-References: CVE-2016-10397 CVE-2016-5766 CVE-2017-11142 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-7890 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has two fixes is now available. Description: This update for php7 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes: - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1417=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1417=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1417=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.9.2 php7-debugsource-7.0.7-50.9.2 php7-devel-7.0.7-50.9.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.9.2 php7-debugsource-7.0.7-50.9.2 php7-devel-7.0.7-50.9.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.9.2 apache2-mod_php7-debuginfo-7.0.7-50.9.2 php7-7.0.7-50.9.2 php7-bcmath-7.0.7-50.9.2 php7-bcmath-debuginfo-7.0.7-50.9.2 php7-bz2-7.0.7-50.9.2 php7-bz2-debuginfo-7.0.7-50.9.2 php7-calendar-7.0.7-50.9.2 php7-calendar-debuginfo-7.0.7-50.9.2 php7-ctype-7.0.7-50.9.2 php7-ctype-debuginfo-7.0.7-50.9.2 php7-curl-7.0.7-50.9.2 php7-curl-debuginfo-7.0.7-50.9.2 php7-dba-7.0.7-50.9.2 php7-dba-debuginfo-7.0.7-50.9.2 php7-debuginfo-7.0.7-50.9.2 php7-debugsource-7.0.7-50.9.2 php7-dom-7.0.7-50.9.2 php7-dom-debuginfo-7.0.7-50.9.2 php7-enchant-7.0.7-50.9.2 php7-enchant-debuginfo-7.0.7-50.9.2 php7-exif-7.0.7-50.9.2 php7-exif-debuginfo-7.0.7-50.9.2 php7-fastcgi-7.0.7-50.9.2 php7-fastcgi-debuginfo-7.0.7-50.9.2 php7-fileinfo-7.0.7-50.9.2 php7-fileinfo-debuginfo-7.0.7-50.9.2 php7-fpm-7.0.7-50.9.2 php7-fpm-debuginfo-7.0.7-50.9.2 php7-ftp-7.0.7-50.9.2 php7-ftp-debuginfo-7.0.7-50.9.2 php7-gd-7.0.7-50.9.2 php7-gd-debuginfo-7.0.7-50.9.2 php7-gettext-7.0.7-50.9.2 php7-gettext-debuginfo-7.0.7-50.9.2 php7-gmp-7.0.7-50.9.2 php7-gmp-debuginfo-7.0.7-50.9.2 php7-iconv-7.0.7-50.9.2 php7-iconv-debuginfo-7.0.7-50.9.2 php7-imap-7.0.7-50.9.2 php7-imap-debuginfo-7.0.7-50.9.2 php7-intl-7.0.7-50.9.2 php7-intl-debuginfo-7.0.7-50.9.2 php7-json-7.0.7-50.9.2 php7-json-debuginfo-7.0.7-50.9.2 php7-ldap-7.0.7-50.9.2 php7-ldap-debuginfo-7.0.7-50.9.2 php7-mbstring-7.0.7-50.9.2 php7-mbstring-debuginfo-7.0.7-50.9.2 php7-mcrypt-7.0.7-50.9.2 php7-mcrypt-debuginfo-7.0.7-50.9.2 php7-mysql-7.0.7-50.9.2 php7-mysql-debuginfo-7.0.7-50.9.2 php7-odbc-7.0.7-50.9.2 php7-odbc-debuginfo-7.0.7-50.9.2 php7-opcache-7.0.7-50.9.2 php7-opcache-debuginfo-7.0.7-50.9.2 php7-openssl-7.0.7-50.9.2 php7-openssl-debuginfo-7.0.7-50.9.2 php7-pcntl-7.0.7-50.9.2 php7-pcntl-debuginfo-7.0.7-50.9.2 php7-pdo-7.0.7-50.9.2 php7-pdo-debuginfo-7.0.7-50.9.2 php7-pgsql-7.0.7-50.9.2 php7-pgsql-debuginfo-7.0.7-50.9.2 php7-phar-7.0.7-50.9.2 php7-phar-debuginfo-7.0.7-50.9.2 php7-posix-7.0.7-50.9.2 php7-posix-debuginfo-7.0.7-50.9.2 php7-pspell-7.0.7-50.9.2 php7-pspell-debuginfo-7.0.7-50.9.2 php7-shmop-7.0.7-50.9.2 php7-shmop-debuginfo-7.0.7-50.9.2 php7-snmp-7.0.7-50.9.2 php7-snmp-debuginfo-7.0.7-50.9.2 php7-soap-7.0.7-50.9.2 php7-soap-debuginfo-7.0.7-50.9.2 php7-sockets-7.0.7-50.9.2 php7-sockets-debuginfo-7.0.7-50.9.2 php7-sqlite-7.0.7-50.9.2 php7-sqlite-debuginfo-7.0.7-50.9.2 php7-sysvmsg-7.0.7-50.9.2 php7-sysvmsg-debuginfo-7.0.7-50.9.2 php7-sysvsem-7.0.7-50.9.2 php7-sysvsem-debuginfo-7.0.7-50.9.2 php7-sysvshm-7.0.7-50.9.2 php7-sysvshm-debuginfo-7.0.7-50.9.2 php7-tokenizer-7.0.7-50.9.2 php7-tokenizer-debuginfo-7.0.7-50.9.2 php7-wddx-7.0.7-50.9.2 php7-wddx-debuginfo-7.0.7-50.9.2 php7-xmlreader-7.0.7-50.9.2 php7-xmlreader-debuginfo-7.0.7-50.9.2 php7-xmlrpc-7.0.7-50.9.2 php7-xmlrpc-debuginfo-7.0.7-50.9.2 php7-xmlwriter-7.0.7-50.9.2 php7-xmlwriter-debuginfo-7.0.7-50.9.2 php7-xsl-7.0.7-50.9.2 php7-xsl-debuginfo-7.0.7-50.9.2 php7-zip-7.0.7-50.9.2 php7-zip-debuginfo-7.0.7-50.9.2 php7-zlib-7.0.7-50.9.2 php7-zlib-debuginfo-7.0.7-50.9.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.9.2 php7-pear-Archive_Tar-7.0.7-50.9.2 References: https://www.suse.com/security/cve/CVE-2016-10397.html https://www.suse.com/security/cve/CVE-2016-5766.html https://www.suse.com/security/cve/CVE-2017-11142.html https://www.suse.com/security/cve/CVE-2017-11144.html https://www.suse.com/security/cve/CVE-2017-11145.html https://www.suse.com/security/cve/CVE-2017-11146.html https://www.suse.com/security/cve/CVE-2017-11147.html https://www.suse.com/security/cve/CVE-2017-11628.html https://www.suse.com/security/cve/CVE-2017-7890.html https://bugzilla.suse.com/1047454 https://bugzilla.suse.com/1048094 https://bugzilla.suse.com/1048096 https://bugzilla.suse.com/1048100 https://bugzilla.suse.com/1048111 https://bugzilla.suse.com/1048112 https://bugzilla.suse.com/1050241 https://bugzilla.suse.com/1050726 https://bugzilla.suse.com/1052389 https://bugzilla.suse.com/1053645 https://bugzilla.suse.com/986386 From sle-security-updates at lists.suse.com Thu Aug 31 10:08:16 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 31 Aug 2017 18:08:16 +0200 (CEST) Subject: SUSE-SU-2017:2312-1: moderate: Security update for curl Message-ID: <20170831160816.EB134F364@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2312-1 Rating: moderate References: #1015332 #1032309 #1051644 Cross-References: CVE-2016-9586 CVE-2017-1000100 CVE-2017-7407 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read (bsc#1032309) - CVE-2016-9586: libcurl printf issue could lead to buffer overflow (bsc#1015332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-curl-13256=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-curl-13256=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-13256=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-13256=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.70.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.70.3.1 libcurl4-7.19.7-1.70.3.1 - SUSE Linux Enterprise Server 11-SP4 (s390x x86_64): libcurl4-32bit-7.19.7-1.70.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libcurl4-x86-7.19.7-1.70.3.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.19.7-1.70.3.1 libcurl4-openssl1-7.19.7-1.70.3.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.19.7-1.70.3.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.19.7-1.70.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.70.3.1 curl-debugsource-7.19.7-1.70.3.1 References: https://www.suse.com/security/cve/CVE-2016-9586.html https://www.suse.com/security/cve/CVE-2017-1000100.html https://www.suse.com/security/cve/CVE-2017-7407.html https://bugzilla.suse.com/1015332 https://bugzilla.suse.com/1032309 https://bugzilla.suse.com/1051644 From sle-security-updates at lists.suse.com Thu Aug 31 16:09:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Sep 2017 00:09:40 +0200 (CEST) Subject: SUSE-SU-2017:2315-1: moderate: Security update for libreoffice Message-ID: <20170831220940.3320EF3F9@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2315-1 Rating: moderate References: #1015115 #1015118 #1015360 #1017925 #1021369 #1021373 #1021675 #1028817 #1034192 #1034329 #1034568 #1035087 #1035589 #1036975 #1042828 #1045339 #947117 #948058 #954776 #959926 #962777 #963436 #972777 #975283 #976831 #989564 Cross-References: CVE-2015-8947 CVE-2016-10327 CVE-2016-2052 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2017-9433 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 19 fixes is now available. Description: LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements: Writer: - New "Go to Page" dialog for quickly jumping to another page. - Support for "Table Styles". - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc: - New drawing tools were added. - In new installations the default setting for new documents is now "Enable wildcards in formulas" instead of regular expressions. - Improved compatibility with ODF 1.2 Impress: - Images inserted via "Photo Album" can now be linked instead of embedded in the document. - When launching Impress, a Template Selector allows you to choose a Template to start with. - Two new default templates: Vivid and Pencil. - All existing templates have been improved. Draw: - New arrow endings, including Crow's foot notation's ones. Base: - Firebird has been upgraded to version 3.0.0. It is unable to read back Firebird 2.5 data, so embedded Firebird odb files created in LibreOffice version up to 5.2 cannot be opened with LibreOffice 5.3. Some security issues have also been fixed: - CVE-2017-7870: An out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function. - CVE-2017-7882: An out-of-bounds write related to the HWPFile::TagsRead function. - CVE-2017-8358: an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function. - CVE-2016-10327: An out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function. - CVE-2017-9433: An out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in libmwaw. A comprehensive list of new features and changes in this release is available at: https://wiki.documentfoundation.org/ReleaseNotes/5.3 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1427=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1427=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1427=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libixion-0_12-0-0.12.1-13.2.1 libixion-0_12-0-debuginfo-0.12.1-13.2.1 libixion-debugsource-0.12.1-13.2.1 libmwaw-0_3-3-0.3.11-7.5.1 libmwaw-0_3-3-debuginfo-0.3.11-7.5.1 libmwaw-debugsource-0.3.11-7.5.1 liborcus-0_12-0-0.12.1-10.5.1 liborcus-0_12-0-debuginfo-0.12.1-10.5.1 liborcus-debugsource-0.12.1-10.5.1 libreoffice-5.3.5.2-43.5.4 libreoffice-base-5.3.5.2-43.5.4 libreoffice-base-debuginfo-5.3.5.2-43.5.4 libreoffice-base-drivers-mysql-5.3.5.2-43.5.4 libreoffice-base-drivers-mysql-debuginfo-5.3.5.2-43.5.4 libreoffice-base-drivers-postgresql-5.3.5.2-43.5.4 libreoffice-base-drivers-postgresql-debuginfo-5.3.5.2-43.5.4 libreoffice-calc-5.3.5.2-43.5.4 libreoffice-calc-debuginfo-5.3.5.2-43.5.4 libreoffice-calc-extensions-5.3.5.2-43.5.4 libreoffice-debuginfo-5.3.5.2-43.5.4 libreoffice-debugsource-5.3.5.2-43.5.4 libreoffice-draw-5.3.5.2-43.5.4 libreoffice-draw-debuginfo-5.3.5.2-43.5.4 libreoffice-filters-optional-5.3.5.2-43.5.4 libreoffice-gnome-5.3.5.2-43.5.4 libreoffice-gnome-debuginfo-5.3.5.2-43.5.4 libreoffice-impress-5.3.5.2-43.5.4 libreoffice-impress-debuginfo-5.3.5.2-43.5.4 libreoffice-mailmerge-5.3.5.2-43.5.4 libreoffice-math-5.3.5.2-43.5.4 libreoffice-math-debuginfo-5.3.5.2-43.5.4 libreoffice-officebean-5.3.5.2-43.5.4 libreoffice-officebean-debuginfo-5.3.5.2-43.5.4 libreoffice-pyuno-5.3.5.2-43.5.4 libreoffice-pyuno-debuginfo-5.3.5.2-43.5.4 libreoffice-writer-5.3.5.2-43.5.4 libreoffice-writer-debuginfo-5.3.5.2-43.5.4 libreoffice-writer-extensions-5.3.5.2-43.5.4 libreofficekit-5.3.5.2-43.5.4 libstaroffice-0_0-0-0.0.3-4.1 libstaroffice-0_0-0-debuginfo-0.0.3-4.1 libstaroffice-debugsource-0.0.3-4.1 libzmf-0_0-0-0.0.1-4.1 libzmf-0_0-0-debuginfo-0.0.1-4.1 libzmf-debugsource-0.0.1-4.1 myspell-dictionaries-20170511-16.2.1 myspell-lightproof-en-20170511-16.2.1 myspell-lightproof-hu_HU-20170511-16.2.1 myspell-lightproof-pt_BR-20170511-16.2.1 myspell-lightproof-ru_RU-20170511-16.2.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libreoffice-icon-theme-galaxy-5.3.5.2-43.5.4 libreoffice-icon-theme-tango-5.3.5.2-43.5.4 libreoffice-l10n-af-5.3.5.2-43.5.4 libreoffice-l10n-ar-5.3.5.2-43.5.4 libreoffice-l10n-bg-5.3.5.2-43.5.4 libreoffice-l10n-ca-5.3.5.2-43.5.4 libreoffice-l10n-cs-5.3.5.2-43.5.4 libreoffice-l10n-da-5.3.5.2-43.5.4 libreoffice-l10n-de-5.3.5.2-43.5.4 libreoffice-l10n-en-5.3.5.2-43.5.4 libreoffice-l10n-es-5.3.5.2-43.5.4 libreoffice-l10n-fi-5.3.5.2-43.5.4 libreoffice-l10n-fr-5.3.5.2-43.5.4 libreoffice-l10n-gu-5.3.5.2-43.5.4 libreoffice-l10n-hi-5.3.5.2-43.5.4 libreoffice-l10n-hr-5.3.5.2-43.5.4 libreoffice-l10n-hu-5.3.5.2-43.5.4 libreoffice-l10n-it-5.3.5.2-43.5.4 libreoffice-l10n-ja-5.3.5.2-43.5.4 libreoffice-l10n-ko-5.3.5.2-43.5.4 libreoffice-l10n-lt-5.3.5.2-43.5.4 libreoffice-l10n-nb-5.3.5.2-43.5.4 libreoffice-l10n-nl-5.3.5.2-43.5.4 libreoffice-l10n-nn-5.3.5.2-43.5.4 libreoffice-l10n-pl-5.3.5.2-43.5.4 libreoffice-l10n-pt_BR-5.3.5.2-43.5.4 libreoffice-l10n-pt_PT-5.3.5.2-43.5.4 libreoffice-l10n-ro-5.3.5.2-43.5.4 libreoffice-l10n-ru-5.3.5.2-43.5.4 libreoffice-l10n-sk-5.3.5.2-43.5.4 libreoffice-l10n-sv-5.3.5.2-43.5.4 libreoffice-l10n-uk-5.3.5.2-43.5.4 libreoffice-l10n-xh-5.3.5.2-43.5.4 libreoffice-l10n-zh_CN-5.3.5.2-43.5.4 libreoffice-l10n-zh_TW-5.3.5.2-43.5.4 libreoffice-l10n-zu-5.3.5.2-43.5.4 myspell-af_NA-20170511-16.2.1 myspell-af_ZA-20170511-16.2.1 myspell-ar-20170511-16.2.1 myspell-ar_AE-20170511-16.2.1 myspell-ar_BH-20170511-16.2.1 myspell-ar_DZ-20170511-16.2.1 myspell-ar_EG-20170511-16.2.1 myspell-ar_IQ-20170511-16.2.1 myspell-ar_JO-20170511-16.2.1 myspell-ar_KW-20170511-16.2.1 myspell-ar_LB-20170511-16.2.1 myspell-ar_LY-20170511-16.2.1 myspell-ar_MA-20170511-16.2.1 myspell-ar_OM-20170511-16.2.1 myspell-ar_QA-20170511-16.2.1 myspell-ar_SA-20170511-16.2.1 myspell-ar_SD-20170511-16.2.1 myspell-ar_SY-20170511-16.2.1 myspell-ar_TN-20170511-16.2.1 myspell-ar_YE-20170511-16.2.1 myspell-be_BY-20170511-16.2.1 myspell-bg_BG-20170511-16.2.1 myspell-bn_BD-20170511-16.2.1 myspell-bn_IN-20170511-16.2.1 myspell-bs-20170511-16.2.1 myspell-bs_BA-20170511-16.2.1 myspell-ca-20170511-16.2.1 myspell-ca_AD-20170511-16.2.1 myspell-ca_ES-20170511-16.2.1 myspell-ca_ES_valencia-20170511-16.2.1 myspell-ca_FR-20170511-16.2.1 myspell-ca_IT-20170511-16.2.1 myspell-cs_CZ-20170511-16.2.1 myspell-da_DK-20170511-16.2.1 myspell-de-20170511-16.2.1 myspell-de_AT-20170511-16.2.1 myspell-de_CH-20170511-16.2.1 myspell-de_DE-20170511-16.2.1 myspell-el_GR-20170511-16.2.1 myspell-en-20170511-16.2.1 myspell-en_AU-20170511-16.2.1 myspell-en_BS-20170511-16.2.1 myspell-en_BZ-20170511-16.2.1 myspell-en_CA-20170511-16.2.1 myspell-en_GB-20170511-16.2.1 myspell-en_GH-20170511-16.2.1 myspell-en_IE-20170511-16.2.1 myspell-en_IN-20170511-16.2.1 myspell-en_JM-20170511-16.2.1 myspell-en_MW-20170511-16.2.1 myspell-en_NA-20170511-16.2.1 myspell-en_NZ-20170511-16.2.1 myspell-en_PH-20170511-16.2.1 myspell-en_TT-20170511-16.2.1 myspell-en_US-20170511-16.2.1 myspell-en_ZA-20170511-16.2.1 myspell-en_ZW-20170511-16.2.1 myspell-es-20170511-16.2.1 myspell-es_AR-20170511-16.2.1 myspell-es_BO-20170511-16.2.1 myspell-es_CL-20170511-16.2.1 myspell-es_CO-20170511-16.2.1 myspell-es_CR-20170511-16.2.1 myspell-es_CU-20170511-16.2.1 myspell-es_DO-20170511-16.2.1 myspell-es_EC-20170511-16.2.1 myspell-es_ES-20170511-16.2.1 myspell-es_GT-20170511-16.2.1 myspell-es_HN-20170511-16.2.1 myspell-es_MX-20170511-16.2.1 myspell-es_NI-20170511-16.2.1 myspell-es_PA-20170511-16.2.1 myspell-es_PE-20170511-16.2.1 myspell-es_PR-20170511-16.2.1 myspell-es_PY-20170511-16.2.1 myspell-es_SV-20170511-16.2.1 myspell-es_UY-20170511-16.2.1 myspell-es_VE-20170511-16.2.1 myspell-et_EE-20170511-16.2.1 myspell-fr_BE-20170511-16.2.1 myspell-fr_CA-20170511-16.2.1 myspell-fr_CH-20170511-16.2.1 myspell-fr_FR-20170511-16.2.1 myspell-fr_LU-20170511-16.2.1 myspell-fr_MC-20170511-16.2.1 myspell-gu_IN-20170511-16.2.1 myspell-he_IL-20170511-16.2.1 myspell-hi_IN-20170511-16.2.1 myspell-hr_HR-20170511-16.2.1 myspell-hu_HU-20170511-16.2.1 myspell-it_IT-20170511-16.2.1 myspell-lo_LA-20170511-16.2.1 myspell-lt_LT-20170511-16.2.1 myspell-lv_LV-20170511-16.2.1 myspell-nb_NO-20170511-16.2.1 myspell-nl_BE-20170511-16.2.1 myspell-nl_NL-20170511-16.2.1 myspell-nn_NO-20170511-16.2.1 myspell-no-20170511-16.2.1 myspell-pl_PL-20170511-16.2.1 myspell-pt_AO-20170511-16.2.1 myspell-pt_BR-20170511-16.2.1 myspell-pt_PT-20170511-16.2.1 myspell-ro-20170511-16.2.1 myspell-ro_RO-20170511-16.2.1 myspell-ru_RU-20170511-16.2.1 myspell-sk_SK-20170511-16.2.1 myspell-sl_SI-20170511-16.2.1 myspell-sr-20170511-16.2.1 myspell-sr_CS-20170511-16.2.1 myspell-sr_Latn_CS-20170511-16.2.1 myspell-sr_Latn_RS-20170511-16.2.1 myspell-sr_RS-20170511-16.2.1 myspell-sv_FI-20170511-16.2.1 myspell-sv_SE-20170511-16.2.1 myspell-te-20170511-16.2.1 myspell-te_IN-20170511-16.2.1 myspell-th_TH-20170511-16.2.1 myspell-uk_UA-20170511-16.2.1 myspell-vi-20170511-16.2.1 myspell-vi_VN-20170511-16.2.1 myspell-zu_ZA-20170511-16.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libixion-debugsource-0.12.1-13.2.1 libixion-devel-0.12.1-13.2.1 libmwaw-debugsource-0.3.11-7.5.1 libmwaw-devel-0.3.11-7.5.1 liborcus-debugsource-0.12.1-10.5.1 liborcus-devel-0.12.1-10.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): libreoffice-debuginfo-5.3.5.2-43.5.4 libreoffice-debugsource-5.3.5.2-43.5.4 libreoffice-sdk-5.3.5.2-43.5.4 libreoffice-sdk-debuginfo-5.3.5.2-43.5.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libmwaw-devel-doc-0.3.11-7.5.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libixion-0_12-0-0.12.1-13.2.1 libixion-0_12-0-debuginfo-0.12.1-13.2.1 libixion-debugsource-0.12.1-13.2.1 libmwaw-0_3-3-0.3.11-7.5.1 libmwaw-0_3-3-debuginfo-0.3.11-7.5.1 libmwaw-debugsource-0.3.11-7.5.1 liborcus-0_12-0-0.12.1-10.5.1 liborcus-0_12-0-debuginfo-0.12.1-10.5.1 liborcus-debugsource-0.12.1-10.5.1 libreoffice-5.3.5.2-43.5.4 libreoffice-base-5.3.5.2-43.5.4 libreoffice-base-debuginfo-5.3.5.2-43.5.4 libreoffice-base-drivers-mysql-5.3.5.2-43.5.4 libreoffice-base-drivers-mysql-debuginfo-5.3.5.2-43.5.4 libreoffice-base-drivers-postgresql-5.3.5.2-43.5.4 libreoffice-base-drivers-postgresql-debuginfo-5.3.5.2-43.5.4 libreoffice-calc-5.3.5.2-43.5.4 libreoffice-calc-debuginfo-5.3.5.2-43.5.4 libreoffice-calc-extensions-5.3.5.2-43.5.4 libreoffice-debuginfo-5.3.5.2-43.5.4 libreoffice-debugsource-5.3.5.2-43.5.4 libreoffice-draw-5.3.5.2-43.5.4 libreoffice-draw-debuginfo-5.3.5.2-43.5.4 libreoffice-filters-optional-5.3.5.2-43.5.4 libreoffice-gnome-5.3.5.2-43.5.4 libreoffice-gnome-debuginfo-5.3.5.2-43.5.4 libreoffice-impress-5.3.5.2-43.5.4 libreoffice-impress-debuginfo-5.3.5.2-43.5.4 libreoffice-mailmerge-5.3.5.2-43.5.4 libreoffice-math-5.3.5.2-43.5.4 libreoffice-math-debuginfo-5.3.5.2-43.5.4 libreoffice-officebean-5.3.5.2-43.5.4 libreoffice-officebean-debuginfo-5.3.5.2-43.5.4 libreoffice-pyuno-5.3.5.2-43.5.4 libreoffice-pyuno-debuginfo-5.3.5.2-43.5.4 libreoffice-writer-5.3.5.2-43.5.4 libreoffice-writer-debuginfo-5.3.5.2-43.5.4 libreoffice-writer-extensions-5.3.5.2-43.5.4 libreofficekit-5.3.5.2-43.5.4 libstaroffice-0_0-0-0.0.3-4.1 libstaroffice-0_0-0-debuginfo-0.0.3-4.1 libstaroffice-debugsource-0.0.3-4.1 libzmf-0_0-0-0.0.1-4.1 libzmf-0_0-0-debuginfo-0.0.1-4.1 libzmf-debugsource-0.0.1-4.1 myspell-dictionaries-20170511-16.2.1 myspell-lightproof-en-20170511-16.2.1 myspell-lightproof-hu_HU-20170511-16.2.1 myspell-lightproof-pt_BR-20170511-16.2.1 myspell-lightproof-ru_RU-20170511-16.2.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libreoffice-icon-theme-galaxy-5.3.5.2-43.5.4 libreoffice-icon-theme-tango-5.3.5.2-43.5.4 libreoffice-l10n-af-5.3.5.2-43.5.4 libreoffice-l10n-ar-5.3.5.2-43.5.4 libreoffice-l10n-ca-5.3.5.2-43.5.4 libreoffice-l10n-cs-5.3.5.2-43.5.4 libreoffice-l10n-da-5.3.5.2-43.5.4 libreoffice-l10n-de-5.3.5.2-43.5.4 libreoffice-l10n-en-5.3.5.2-43.5.4 libreoffice-l10n-es-5.3.5.2-43.5.4 libreoffice-l10n-fi-5.3.5.2-43.5.4 libreoffice-l10n-fr-5.3.5.2-43.5.4 libreoffice-l10n-gu-5.3.5.2-43.5.4 libreoffice-l10n-hi-5.3.5.2-43.5.4 libreoffice-l10n-hu-5.3.5.2-43.5.4 libreoffice-l10n-it-5.3.5.2-43.5.4 libreoffice-l10n-ja-5.3.5.2-43.5.4 libreoffice-l10n-ko-5.3.5.2-43.5.4 libreoffice-l10n-nb-5.3.5.2-43.5.4 libreoffice-l10n-nl-5.3.5.2-43.5.4 libreoffice-l10n-nn-5.3.5.2-43.5.4 libreoffice-l10n-pl-5.3.5.2-43.5.4 libreoffice-l10n-pt_BR-5.3.5.2-43.5.4 libreoffice-l10n-pt_PT-5.3.5.2-43.5.4 libreoffice-l10n-ro-5.3.5.2-43.5.4 libreoffice-l10n-ru-5.3.5.2-43.5.4 libreoffice-l10n-sk-5.3.5.2-43.5.4 libreoffice-l10n-sv-5.3.5.2-43.5.4 libreoffice-l10n-xh-5.3.5.2-43.5.4 libreoffice-l10n-zh_CN-5.3.5.2-43.5.4 libreoffice-l10n-zh_TW-5.3.5.2-43.5.4 libreoffice-l10n-zu-5.3.5.2-43.5.4 myspell-af_NA-20170511-16.2.1 myspell-af_ZA-20170511-16.2.1 myspell-ar-20170511-16.2.1 myspell-ar_AE-20170511-16.2.1 myspell-ar_BH-20170511-16.2.1 myspell-ar_DZ-20170511-16.2.1 myspell-ar_EG-20170511-16.2.1 myspell-ar_IQ-20170511-16.2.1 myspell-ar_JO-20170511-16.2.1 myspell-ar_KW-20170511-16.2.1 myspell-ar_LB-20170511-16.2.1 myspell-ar_LY-20170511-16.2.1 myspell-ar_MA-20170511-16.2.1 myspell-ar_OM-20170511-16.2.1 myspell-ar_QA-20170511-16.2.1 myspell-ar_SA-20170511-16.2.1 myspell-ar_SD-20170511-16.2.1 myspell-ar_SY-20170511-16.2.1 myspell-ar_TN-20170511-16.2.1 myspell-ar_YE-20170511-16.2.1 myspell-be_BY-20170511-16.2.1 myspell-bg_BG-20170511-16.2.1 myspell-bn_BD-20170511-16.2.1 myspell-bn_IN-20170511-16.2.1 myspell-bs-20170511-16.2.1 myspell-bs_BA-20170511-16.2.1 myspell-ca-20170511-16.2.1 myspell-ca_AD-20170511-16.2.1 myspell-ca_ES-20170511-16.2.1 myspell-ca_ES_valencia-20170511-16.2.1 myspell-ca_FR-20170511-16.2.1 myspell-ca_IT-20170511-16.2.1 myspell-cs_CZ-20170511-16.2.1 myspell-da_DK-20170511-16.2.1 myspell-de-20170511-16.2.1 myspell-de_AT-20170511-16.2.1 myspell-de_CH-20170511-16.2.1 myspell-de_DE-20170511-16.2.1 myspell-el_GR-20170511-16.2.1 myspell-en-20170511-16.2.1 myspell-en_AU-20170511-16.2.1 myspell-en_BS-20170511-16.2.1 myspell-en_BZ-20170511-16.2.1 myspell-en_CA-20170511-16.2.1 myspell-en_GB-20170511-16.2.1 myspell-en_GH-20170511-16.2.1 myspell-en_IE-20170511-16.2.1 myspell-en_IN-20170511-16.2.1 myspell-en_JM-20170511-16.2.1 myspell-en_MW-20170511-16.2.1 myspell-en_NA-20170511-16.2.1 myspell-en_NZ-20170511-16.2.1 myspell-en_PH-20170511-16.2.1 myspell-en_TT-20170511-16.2.1 myspell-en_US-20170511-16.2.1 myspell-en_ZA-20170511-16.2.1 myspell-en_ZW-20170511-16.2.1 myspell-es-20170511-16.2.1 myspell-es_AR-20170511-16.2.1 myspell-es_BO-20170511-16.2.1 myspell-es_CL-20170511-16.2.1 myspell-es_CO-20170511-16.2.1 myspell-es_CR-20170511-16.2.1 myspell-es_CU-20170511-16.2.1 myspell-es_DO-20170511-16.2.1 myspell-es_EC-20170511-16.2.1 myspell-es_ES-20170511-16.2.1 myspell-es_GT-20170511-16.2.1 myspell-es_HN-20170511-16.2.1 myspell-es_MX-20170511-16.2.1 myspell-es_NI-20170511-16.2.1 myspell-es_PA-20170511-16.2.1 myspell-es_PE-20170511-16.2.1 myspell-es_PR-20170511-16.2.1 myspell-es_PY-20170511-16.2.1 myspell-es_SV-20170511-16.2.1 myspell-es_UY-20170511-16.2.1 myspell-es_VE-20170511-16.2.1 myspell-et_EE-20170511-16.2.1 myspell-fr_BE-20170511-16.2.1 myspell-fr_CA-20170511-16.2.1 myspell-fr_CH-20170511-16.2.1 myspell-fr_FR-20170511-16.2.1 myspell-fr_LU-20170511-16.2.1 myspell-fr_MC-20170511-16.2.1 myspell-gu_IN-20170511-16.2.1 myspell-he_IL-20170511-16.2.1 myspell-hi_IN-20170511-16.2.1 myspell-hr_HR-20170511-16.2.1 myspell-hu_HU-20170511-16.2.1 myspell-it_IT-20170511-16.2.1 myspell-lo_LA-20170511-16.2.1 myspell-lt_LT-20170511-16.2.1 myspell-lv_LV-20170511-16.2.1 myspell-nb_NO-20170511-16.2.1 myspell-nl_BE-20170511-16.2.1 myspell-nl_NL-20170511-16.2.1 myspell-nn_NO-20170511-16.2.1 myspell-no-20170511-16.2.1 myspell-pl_PL-20170511-16.2.1 myspell-pt_AO-20170511-16.2.1 myspell-pt_BR-20170511-16.2.1 myspell-pt_PT-20170511-16.2.1 myspell-ro-20170511-16.2.1 myspell-ro_RO-20170511-16.2.1 myspell-ru_RU-20170511-16.2.1 myspell-sk_SK-20170511-16.2.1 myspell-sl_SI-20170511-16.2.1 myspell-sr-20170511-16.2.1 myspell-sr_CS-20170511-16.2.1 myspell-sr_Latn_CS-20170511-16.2.1 myspell-sr_Latn_RS-20170511-16.2.1 myspell-sr_RS-20170511-16.2.1 myspell-sv_FI-20170511-16.2.1 myspell-sv_SE-20170511-16.2.1 myspell-te-20170511-16.2.1 myspell-te_IN-20170511-16.2.1 myspell-th_TH-20170511-16.2.1 myspell-uk_UA-20170511-16.2.1 myspell-vi-20170511-16.2.1 myspell-vi_VN-20170511-16.2.1 myspell-zu_ZA-20170511-16.2.1 References: https://www.suse.com/security/cve/CVE-2015-8947.html https://www.suse.com/security/cve/CVE-2016-10327.html https://www.suse.com/security/cve/CVE-2016-2052.html https://www.suse.com/security/cve/CVE-2017-7870.html https://www.suse.com/security/cve/CVE-2017-7882.html https://www.suse.com/security/cve/CVE-2017-8358.html https://www.suse.com/security/cve/CVE-2017-9433.html https://bugzilla.suse.com/1015115 https://bugzilla.suse.com/1015118 https://bugzilla.suse.com/1015360 https://bugzilla.suse.com/1017925 https://bugzilla.suse.com/1021369 https://bugzilla.suse.com/1021373 https://bugzilla.suse.com/1021675 https://bugzilla.suse.com/1028817 https://bugzilla.suse.com/1034192 https://bugzilla.suse.com/1034329 https://bugzilla.suse.com/1034568 https://bugzilla.suse.com/1035087 https://bugzilla.suse.com/1035589 https://bugzilla.suse.com/1036975 https://bugzilla.suse.com/1042828 https://bugzilla.suse.com/1045339 https://bugzilla.suse.com/947117 https://bugzilla.suse.com/948058 https://bugzilla.suse.com/954776 https://bugzilla.suse.com/959926 https://bugzilla.suse.com/962777 https://bugzilla.suse.com/963436 https://bugzilla.suse.com/972777 https://bugzilla.suse.com/975283 https://bugzilla.suse.com/976831 https://bugzilla.suse.com/989564 From sle-security-updates at lists.suse.com Thu Aug 31 19:07:17 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Sep 2017 03:07:17 +0200 (CEST) Subject: SUSE-SU-2017:2317-1: moderate: Security update for php5 Message-ID: <20170901010717.8E7B6F3F9@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2317-1 Rating: moderate References: #1047454 #1048094 #1048096 #1048097 #1048111 #1048112 #1050241 #1050726 #986386 Cross-References: CVE-2016-10397 CVE-2016-5766 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-7890 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for php5 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1431=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1431=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1431=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.5.1 php5-debugsource-5.5.14-109.5.1 php5-devel-5.5.14-109.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.5.1 php5-debugsource-5.5.14-109.5.1 php5-devel-5.5.14-109.5.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.5.1 apache2-mod_php5-debuginfo-5.5.14-109.5.1 php5-5.5.14-109.5.1 php5-bcmath-5.5.14-109.5.1 php5-bcmath-debuginfo-5.5.14-109.5.1 php5-bz2-5.5.14-109.5.1 php5-bz2-debuginfo-5.5.14-109.5.1 php5-calendar-5.5.14-109.5.1 php5-calendar-debuginfo-5.5.14-109.5.1 php5-ctype-5.5.14-109.5.1 php5-ctype-debuginfo-5.5.14-109.5.1 php5-curl-5.5.14-109.5.1 php5-curl-debuginfo-5.5.14-109.5.1 php5-dba-5.5.14-109.5.1 php5-dba-debuginfo-5.5.14-109.5.1 php5-debuginfo-5.5.14-109.5.1 php5-debugsource-5.5.14-109.5.1 php5-dom-5.5.14-109.5.1 php5-dom-debuginfo-5.5.14-109.5.1 php5-enchant-5.5.14-109.5.1 php5-enchant-debuginfo-5.5.14-109.5.1 php5-exif-5.5.14-109.5.1 php5-exif-debuginfo-5.5.14-109.5.1 php5-fastcgi-5.5.14-109.5.1 php5-fastcgi-debuginfo-5.5.14-109.5.1 php5-fileinfo-5.5.14-109.5.1 php5-fileinfo-debuginfo-5.5.14-109.5.1 php5-fpm-5.5.14-109.5.1 php5-fpm-debuginfo-5.5.14-109.5.1 php5-ftp-5.5.14-109.5.1 php5-ftp-debuginfo-5.5.14-109.5.1 php5-gd-5.5.14-109.5.1 php5-gd-debuginfo-5.5.14-109.5.1 php5-gettext-5.5.14-109.5.1 php5-gettext-debuginfo-5.5.14-109.5.1 php5-gmp-5.5.14-109.5.1 php5-gmp-debuginfo-5.5.14-109.5.1 php5-iconv-5.5.14-109.5.1 php5-iconv-debuginfo-5.5.14-109.5.1 php5-imap-5.5.14-109.5.1 php5-imap-debuginfo-5.5.14-109.5.1 php5-intl-5.5.14-109.5.1 php5-intl-debuginfo-5.5.14-109.5.1 php5-json-5.5.14-109.5.1 php5-json-debuginfo-5.5.14-109.5.1 php5-ldap-5.5.14-109.5.1 php5-ldap-debuginfo-5.5.14-109.5.1 php5-mbstring-5.5.14-109.5.1 php5-mbstring-debuginfo-5.5.14-109.5.1 php5-mcrypt-5.5.14-109.5.1 php5-mcrypt-debuginfo-5.5.14-109.5.1 php5-mysql-5.5.14-109.5.1 php5-mysql-debuginfo-5.5.14-109.5.1 php5-odbc-5.5.14-109.5.1 php5-odbc-debuginfo-5.5.14-109.5.1 php5-opcache-5.5.14-109.5.1 php5-opcache-debuginfo-5.5.14-109.5.1 php5-openssl-5.5.14-109.5.1 php5-openssl-debuginfo-5.5.14-109.5.1 php5-pcntl-5.5.14-109.5.1 php5-pcntl-debuginfo-5.5.14-109.5.1 php5-pdo-5.5.14-109.5.1 php5-pdo-debuginfo-5.5.14-109.5.1 php5-pgsql-5.5.14-109.5.1 php5-pgsql-debuginfo-5.5.14-109.5.1 php5-phar-5.5.14-109.5.1 php5-phar-debuginfo-5.5.14-109.5.1 php5-posix-5.5.14-109.5.1 php5-posix-debuginfo-5.5.14-109.5.1 php5-pspell-5.5.14-109.5.1 php5-pspell-debuginfo-5.5.14-109.5.1 php5-shmop-5.5.14-109.5.1 php5-shmop-debuginfo-5.5.14-109.5.1 php5-snmp-5.5.14-109.5.1 php5-snmp-debuginfo-5.5.14-109.5.1 php5-soap-5.5.14-109.5.1 php5-soap-debuginfo-5.5.14-109.5.1 php5-sockets-5.5.14-109.5.1 php5-sockets-debuginfo-5.5.14-109.5.1 php5-sqlite-5.5.14-109.5.1 php5-sqlite-debuginfo-5.5.14-109.5.1 php5-suhosin-5.5.14-109.5.1 php5-suhosin-debuginfo-5.5.14-109.5.1 php5-sysvmsg-5.5.14-109.5.1 php5-sysvmsg-debuginfo-5.5.14-109.5.1 php5-sysvsem-5.5.14-109.5.1 php5-sysvsem-debuginfo-5.5.14-109.5.1 php5-sysvshm-5.5.14-109.5.1 php5-sysvshm-debuginfo-5.5.14-109.5.1 php5-tokenizer-5.5.14-109.5.1 php5-tokenizer-debuginfo-5.5.14-109.5.1 php5-wddx-5.5.14-109.5.1 php5-wddx-debuginfo-5.5.14-109.5.1 php5-xmlreader-5.5.14-109.5.1 php5-xmlreader-debuginfo-5.5.14-109.5.1 php5-xmlrpc-5.5.14-109.5.1 php5-xmlrpc-debuginfo-5.5.14-109.5.1 php5-xmlwriter-5.5.14-109.5.1 php5-xmlwriter-debuginfo-5.5.14-109.5.1 php5-xsl-5.5.14-109.5.1 php5-xsl-debuginfo-5.5.14-109.5.1 php5-zip-5.5.14-109.5.1 php5-zip-debuginfo-5.5.14-109.5.1 php5-zlib-5.5.14-109.5.1 php5-zlib-debuginfo-5.5.14-109.5.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.5.1 References: https://www.suse.com/security/cve/CVE-2016-10397.html https://www.suse.com/security/cve/CVE-2016-5766.html https://www.suse.com/security/cve/CVE-2017-11143.html https://www.suse.com/security/cve/CVE-2017-11144.html https://www.suse.com/security/cve/CVE-2017-11145.html https://www.suse.com/security/cve/CVE-2017-11146.html https://www.suse.com/security/cve/CVE-2017-11147.html https://www.suse.com/security/cve/CVE-2017-11628.html https://www.suse.com/security/cve/CVE-2017-7890.html https://bugzilla.suse.com/1047454 https://bugzilla.suse.com/1048094 https://bugzilla.suse.com/1048096 https://bugzilla.suse.com/1048097 https://bugzilla.suse.com/1048111 https://bugzilla.suse.com/1048112 https://bugzilla.suse.com/1050241 https://bugzilla.suse.com/1050726 https://bugzilla.suse.com/986386 From sle-security-updates at lists.suse.com Thu Aug 31 19:08:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Sep 2017 03:08:54 +0200 (CEST) Subject: SUSE-SU-2017:2318-1: moderate: Security update for icu Message-ID: <20170901010854.3C545F3F9@maintenance.suse.de> SUSE Security Update: Security update for icu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2318-1 Rating: moderate References: #929629 Cross-References: CVE-2014-8146 CVE-2014-8147 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1430=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1430=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1430=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1430=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1430=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1430=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1430=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1430=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1430=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1430=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1430=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): icu-52.1-8.3.1 icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): icu-52.1-8.3.1 icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 libicu-devel-52.1-8.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 libicu-devel-52.1-8.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 libicu-doc-52.1-8.3.1 libicu52_1-52.1-8.3.1 libicu52_1-data-52.1-8.3.1 libicu52_1-debuginfo-52.1-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 libicu-doc-52.1-8.3.1 libicu52_1-52.1-8.3.1 libicu52_1-data-52.1-8.3.1 libicu52_1-debuginfo-52.1-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libicu52_1-32bit-52.1-8.3.1 libicu52_1-debuginfo-32bit-52.1-8.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 libicu-doc-52.1-8.3.1 libicu52_1-52.1-8.3.1 libicu52_1-data-52.1-8.3.1 libicu52_1-debuginfo-52.1-8.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libicu52_1-32bit-52.1-8.3.1 libicu52_1-debuginfo-32bit-52.1-8.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): icu-52.1-8.3.1 icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 libicu52_1-32bit-52.1-8.3.1 libicu52_1-52.1-8.3.1 libicu52_1-data-52.1-8.3.1 libicu52_1-debuginfo-32bit-52.1-8.3.1 libicu52_1-debuginfo-52.1-8.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): icu-52.1-8.3.1 icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 libicu52_1-32bit-52.1-8.3.1 libicu52_1-52.1-8.3.1 libicu52_1-data-52.1-8.3.1 libicu52_1-debuginfo-32bit-52.1-8.3.1 libicu52_1-debuginfo-52.1-8.3.1 - SUSE Container as a Service Platform ALL (x86_64): icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 libicu52_1-52.1-8.3.1 libicu52_1-data-52.1-8.3.1 libicu52_1-debuginfo-52.1-8.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): icu-debuginfo-52.1-8.3.1 icu-debugsource-52.1-8.3.1 libicu52_1-52.1-8.3.1 libicu52_1-data-52.1-8.3.1 libicu52_1-debuginfo-52.1-8.3.1 References: https://www.suse.com/security/cve/CVE-2014-8146.html https://www.suse.com/security/cve/CVE-2014-8147.html https://bugzilla.suse.com/929629 From sle-security-updates at lists.suse.com Thu Aug 31 19:09:21 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Sep 2017 03:09:21 +0200 (CEST) Subject: SUSE-SU-2017:2319-1: important: Security update for xen Message-ID: <20170901010921.54413F433@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2319-1 Rating: important References: #1002573 #1046637 #1047675 #1048920 #1049578 #1051787 #1051788 #1052686 Cross-References: CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-12135 CVE-2017-12137 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-11334: The address_space_write_continue function in exec.c allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048920). - CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed local guest OS users to cause a denial of service via vectors related to logging debug messages (bsc#1047675). - bsc#1052686: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230). This non-security issue was fixed: - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1428=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1428=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1428=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): xen-4.5.5_14-22.25.1 xen-debugsource-4.5.5_14-22.25.1 xen-doc-html-4.5.5_14-22.25.1 xen-kmp-default-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-kmp-default-debuginfo-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-libs-32bit-4.5.5_14-22.25.1 xen-libs-4.5.5_14-22.25.1 xen-libs-debuginfo-32bit-4.5.5_14-22.25.1 xen-libs-debuginfo-4.5.5_14-22.25.1 xen-tools-4.5.5_14-22.25.1 xen-tools-debuginfo-4.5.5_14-22.25.1 xen-tools-domU-4.5.5_14-22.25.1 xen-tools-domU-debuginfo-4.5.5_14-22.25.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_14-22.25.1 xen-debugsource-4.5.5_14-22.25.1 xen-doc-html-4.5.5_14-22.25.1 xen-kmp-default-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-kmp-default-debuginfo-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-libs-32bit-4.5.5_14-22.25.1 xen-libs-4.5.5_14-22.25.1 xen-libs-debuginfo-32bit-4.5.5_14-22.25.1 xen-libs-debuginfo-4.5.5_14-22.25.1 xen-tools-4.5.5_14-22.25.1 xen-tools-debuginfo-4.5.5_14-22.25.1 xen-tools-domU-4.5.5_14-22.25.1 xen-tools-domU-debuginfo-4.5.5_14-22.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_14-22.25.1 xen-debugsource-4.5.5_14-22.25.1 xen-doc-html-4.5.5_14-22.25.1 xen-kmp-default-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-kmp-default-debuginfo-4.5.5_14_k3.12.74_60.64.54-22.25.1 xen-libs-32bit-4.5.5_14-22.25.1 xen-libs-4.5.5_14-22.25.1 xen-libs-debuginfo-32bit-4.5.5_14-22.25.1 xen-libs-debuginfo-4.5.5_14-22.25.1 xen-tools-4.5.5_14-22.25.1 xen-tools-debuginfo-4.5.5_14-22.25.1 xen-tools-domU-4.5.5_14-22.25.1 xen-tools-domU-debuginfo-4.5.5_14-22.25.1 References: https://www.suse.com/security/cve/CVE-2017-10664.html https://www.suse.com/security/cve/CVE-2017-10806.html https://www.suse.com/security/cve/CVE-2017-11334.html https://www.suse.com/security/cve/CVE-2017-11434.html https://www.suse.com/security/cve/CVE-2017-12135.html https://www.suse.com/security/cve/CVE-2017-12137.html https://bugzilla.suse.com/1002573 https://bugzilla.suse.com/1046637 https://bugzilla.suse.com/1047675 https://bugzilla.suse.com/1048920 https://bugzilla.suse.com/1049578 https://bugzilla.suse.com/1051787 https://bugzilla.suse.com/1051788 https://bugzilla.suse.com/1052686 From sle-security-updates at lists.suse.com Thu Aug 31 19:10:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 1 Sep 2017 03:10:54 +0200 (CEST) Subject: SUSE-SU-2017:2320-1: important: Security update for git Message-ID: <20170901011054.3EF2BF433@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2320-1 Rating: important References: #1052481 Cross-References: CVE-2017-1000117 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1429=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1429=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1429=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1429=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1429=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1429=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1429=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1429=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1429=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1429=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1429=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1429=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): git-doc-2.12.3-27.5.1 - SUSE OpenStack Cloud 6 (x86_64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): git-2.12.3-27.5.1 git-arch-2.12.3-27.5.1 git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-cvs-2.12.3-27.5.1 git-daemon-2.12.3-27.5.1 git-daemon-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 git-email-2.12.3-27.5.1 git-gui-2.12.3-27.5.1 git-svn-2.12.3-27.5.1 git-svn-debuginfo-2.12.3-27.5.1 git-web-2.12.3-27.5.1 gitk-2.12.3-27.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): git-doc-2.12.3-27.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): git-2.12.3-27.5.1 git-arch-2.12.3-27.5.1 git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-cvs-2.12.3-27.5.1 git-daemon-2.12.3-27.5.1 git-daemon-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 git-email-2.12.3-27.5.1 git-gui-2.12.3-27.5.1 git-svn-2.12.3-27.5.1 git-svn-debuginfo-2.12.3-27.5.1 git-web-2.12.3-27.5.1 gitk-2.12.3-27.5.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): git-doc-2.12.3-27.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): git-doc-2.12.3-27.5.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): git-doc-2.12.3-27.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): git-doc-2.12.3-27.5.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): git-doc-2.12.3-27.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): git-doc-2.12.3-27.5.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): git-doc-2.12.3-27.5.1 - SUSE Container as a Service Platform ALL (x86_64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): git-core-2.12.3-27.5.1 git-core-debuginfo-2.12.3-27.5.1 git-debugsource-2.12.3-27.5.1 References: https://www.suse.com/security/cve/CVE-2017-1000117.html https://bugzilla.suse.com/1052481