From sle-security-updates at lists.suse.com Thu Jun 1 10:09:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Jun 2017 18:09:40 +0200 (CEST) Subject: SUSE-SU-2017:1471-1: important: Security update for strongswan Message-ID: <20170601160940.D89ED101CB@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1471-1 Rating: important References: #1039514 #1039515 Cross-References: CVE-2017-9022 CVE-2017-9023 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service (bsc#1039514) - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service (bsc#1039515) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-strongswan-13136=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-strongswan-13136=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.35.1 strongswan-doc-4.4.0-6.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-debuginfo-4.4.0-6.35.1 strongswan-debugsource-4.4.0-6.35.1 References: https://www.suse.com/security/cve/CVE-2017-9022.html https://www.suse.com/security/cve/CVE-2017-9023.html https://bugzilla.suse.com/1039514 https://bugzilla.suse.com/1039515 From sle-security-updates at lists.suse.com Thu Jun 1 10:11:14 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 1 Jun 2017 18:11:14 +0200 (CEST) Subject: SUSE-SU-2017:1473-1: important: Security update for strongswan Message-ID: <20170601161114.BF697101C9@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1473-1 Rating: important References: #1039514 #1039515 #985012 Cross-References: CVE-2017-9022 CVE-2017-9023 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service (bsc#1039514) - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service (bsc#1039515) - IKEv1 protocol is vulnerable to DoS amplification attack (bsc#985012) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-906=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-906=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-906=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): strongswan-5.1.3-25.1 strongswan-debugsource-5.1.3-25.1 strongswan-hmac-5.1.3-25.1 strongswan-ipsec-5.1.3-25.1 strongswan-ipsec-debuginfo-5.1.3-25.1 strongswan-libs0-5.1.3-25.1 strongswan-libs0-debuginfo-5.1.3-25.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): strongswan-doc-5.1.3-25.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): strongswan-5.1.3-25.1 strongswan-debugsource-5.1.3-25.1 strongswan-hmac-5.1.3-25.1 strongswan-ipsec-5.1.3-25.1 strongswan-ipsec-debuginfo-5.1.3-25.1 strongswan-libs0-5.1.3-25.1 strongswan-libs0-debuginfo-5.1.3-25.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): strongswan-doc-5.1.3-25.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): strongswan-5.1.3-25.1 strongswan-debugsource-5.1.3-25.1 strongswan-ipsec-5.1.3-25.1 strongswan-ipsec-debuginfo-5.1.3-25.1 strongswan-libs0-5.1.3-25.1 strongswan-libs0-debuginfo-5.1.3-25.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): strongswan-doc-5.1.3-25.1 References: https://www.suse.com/security/cve/CVE-2017-9022.html https://www.suse.com/security/cve/CVE-2017-9023.html https://bugzilla.suse.com/1039514 https://bugzilla.suse.com/1039515 https://bugzilla.suse.com/985012 From sle-security-updates at lists.suse.com Fri Jun 2 10:10:18 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 2 Jun 2017 18:10:18 +0200 (CEST) Subject: SUSE-SU-2017:1479-1: moderate: Security update for ceph Message-ID: <20170602161018.E81BF101C8@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1479-1 Rating: moderate References: #1003891 #1008435 #1008501 #1012100 #1014986 #1015748 #1029482 #970642 Cross-References: CVE-2016-9579 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update provides Ceph 10.2.6, which brings fixes and enhancements: This security issue was fixed: - CVE-2016-9579: Do not abort RGW server when accepting a CORS request with short origin. (bsc#1014986) These non-security issues were fixed: - common: Add rdbmap to ceph-common. (bsc#1029482) - tools/rados: Default to include clone objects when executing "cache-flush-evict-all". (bsc#1003891) - mon, ceph-disk: Add lockbox permissions to bootstrap-osd. (bsc#1008435) - ceph_volume_client: Fix _recover_auth_meta() method. (bsc#1008501) - systemd/ceph-disk: Reduce ceph-disk flock contention. (bsc#1012100) - doc: Add verbiage to rbdmap manpage. (bsc#1015748) - doc: Add Install section to systemd rbdmap.service file. (bsc#1015748) - doc: Remove references to mds destroy from ceph-deploy man page. (bsc#970642) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-911=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): ceph-10.2.6+git.1490339825.57146d8-11.7 ceph-base-10.2.6+git.1490339825.57146d8-11.7 ceph-base-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-common-10.2.6+git.1490339825.57146d8-11.7 ceph-common-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-debugsource-10.2.6+git.1490339825.57146d8-11.7 ceph-fuse-10.2.6+git.1490339825.57146d8-11.7 ceph-fuse-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-mds-10.2.6+git.1490339825.57146d8-11.7 ceph-mds-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-mon-10.2.6+git.1490339825.57146d8-11.7 ceph-mon-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-osd-10.2.6+git.1490339825.57146d8-11.7 ceph-osd-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-radosgw-10.2.6+git.1490339825.57146d8-11.7 ceph-radosgw-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-test-10.2.6+git.1490339825.57146d8-11.7 ceph-test-debuginfo-10.2.6+git.1490339825.57146d8-11.7 ceph-test-debugsource-10.2.6+git.1490339825.57146d8-11.7 libcephfs1-10.2.6+git.1490339825.57146d8-11.7 libcephfs1-debuginfo-10.2.6+git.1490339825.57146d8-11.7 librados2-10.2.6+git.1490339825.57146d8-11.7 librados2-debuginfo-10.2.6+git.1490339825.57146d8-11.7 libradosstriper1-10.2.6+git.1490339825.57146d8-11.7 libradosstriper1-debuginfo-10.2.6+git.1490339825.57146d8-11.7 librbd1-10.2.6+git.1490339825.57146d8-11.7 librbd1-debuginfo-10.2.6+git.1490339825.57146d8-11.7 librgw2-10.2.6+git.1490339825.57146d8-11.7 librgw2-debuginfo-10.2.6+git.1490339825.57146d8-11.7 python-ceph-compat-10.2.6+git.1490339825.57146d8-11.7 python-cephfs-10.2.6+git.1490339825.57146d8-11.7 python-cephfs-debuginfo-10.2.6+git.1490339825.57146d8-11.7 python-rados-10.2.6+git.1490339825.57146d8-11.7 python-rados-debuginfo-10.2.6+git.1490339825.57146d8-11.7 python-rbd-10.2.6+git.1490339825.57146d8-11.7 python-rbd-debuginfo-10.2.6+git.1490339825.57146d8-11.7 rbd-fuse-10.2.6+git.1490339825.57146d8-11.7 rbd-fuse-debuginfo-10.2.6+git.1490339825.57146d8-11.7 rbd-mirror-10.2.6+git.1490339825.57146d8-11.7 rbd-mirror-debuginfo-10.2.6+git.1490339825.57146d8-11.7 rbd-nbd-10.2.6+git.1490339825.57146d8-11.7 rbd-nbd-debuginfo-10.2.6+git.1490339825.57146d8-11.7 References: https://www.suse.com/security/cve/CVE-2016-9579.html https://bugzilla.suse.com/1003891 https://bugzilla.suse.com/1008435 https://bugzilla.suse.com/1008501 https://bugzilla.suse.com/1012100 https://bugzilla.suse.com/1014986 https://bugzilla.suse.com/1015748 https://bugzilla.suse.com/1029482 https://bugzilla.suse.com/970642 From sle-security-updates at lists.suse.com Fri Jun 2 10:12:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 2 Jun 2017 18:12:56 +0200 (CEST) Subject: SUSE-SU-2017:1481-1: moderate: Security update for libnettle Message-ID: <20170602161256.12395101C8@maintenance.suse.de> SUSE Security Update: Security update for libnettle ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1481-1 Rating: moderate References: #991464 Cross-References: CVE-2016-6489 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libnettle fixes the following issues: - CVE-2016-6489: * Reject invalid RSA keys with even modulo. * Check for invalid keys, with even p, in dsa_sign(). * Use function mpz_powm_sec() instead of mpz_powm() (bsc#991464). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-910=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-910=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-910=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-910=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libnettle-debugsource-2.7.1-12.1 libnettle-devel-2.7.1-12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libhogweed2-2.7.1-12.1 libhogweed2-debuginfo-2.7.1-12.1 libnettle-debugsource-2.7.1-12.1 libnettle4-2.7.1-12.1 libnettle4-debuginfo-2.7.1-12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libhogweed2-2.7.1-12.1 libhogweed2-debuginfo-2.7.1-12.1 libnettle-debugsource-2.7.1-12.1 libnettle4-2.7.1-12.1 libnettle4-debuginfo-2.7.1-12.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libhogweed2-32bit-2.7.1-12.1 libhogweed2-debuginfo-32bit-2.7.1-12.1 libnettle4-32bit-2.7.1-12.1 libnettle4-debuginfo-32bit-2.7.1-12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libhogweed2-2.7.1-12.1 libhogweed2-32bit-2.7.1-12.1 libhogweed2-debuginfo-2.7.1-12.1 libhogweed2-debuginfo-32bit-2.7.1-12.1 libnettle-debugsource-2.7.1-12.1 libnettle4-2.7.1-12.1 libnettle4-32bit-2.7.1-12.1 libnettle4-debuginfo-2.7.1-12.1 libnettle4-debuginfo-32bit-2.7.1-12.1 References: https://www.suse.com/security/cve/CVE-2016-6489.html https://bugzilla.suse.com/991464 From sle-security-updates at lists.suse.com Tue Jun 6 10:11:04 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 6 Jun 2017 18:11:04 +0200 (CEST) Subject: SUSE-SU-2017:1489-1: moderate: Security update for ImageMagick Message-ID: <20170606161104.D2A4D101C9@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1489-1 Rating: moderate References: #1028075 #1033091 #1034870 #1034872 #1034876 #1036976 #1036977 #1036978 #1036980 #1036981 #1036982 #1036983 #1036984 #1036985 #1036986 #1036987 #1036988 #1036989 #1036990 #1036991 #1037527 #1038000 #1040025 #1040303 #1040304 #1040306 #1040332 Cross-References: CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-6502: Possible file-descriptor leak in libmagickcore that could be triggered via a specially crafted webp file (bsc#1028075). - CVE-2017-7943: The ReadSVGImage function in svg.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034870). Note that this only impacts the built-in SVG implementation. As we use the librsgv implementation, we are not affected. - CVE-2017-7942: The ReadAVSImage function in avs.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034872). - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8347: denial of service (memory leak) via a crafted file (ReadEXRImage func in exr.c) (bsc#1036982) - CVE-2017-8348: denial of service (memory leak) via a crafted file (ReadMATImage func in mat.c) (bsc#1036983) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8354: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c) (bsc#1036989) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8356: denial of service (memory leak) via a crafted file (ReadSUNImage function in sun.c) (bsc#1036991) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-8343: denial of service (memory leak) via a crafted file (ReadAAIImage func in aai.c) (bsc#1036977) - CVE-2017-8357: denial of service (memory leak) via a crafted file (ReadEPTImage func in ept.c) (bsc#1036976) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-917=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-917=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-917=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-917=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-917=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-70.1 ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 libMagick++-6_Q16-3-6.8.8.1-70.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-70.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-70.1 ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 ImageMagick-devel-6.8.8.1-70.1 libMagick++-6_Q16-3-6.8.8.1-70.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.1 libMagick++-devel-6.8.8.1-70.1 perl-PerlMagick-6.8.8.1-70.1 perl-PerlMagick-debuginfo-6.8.8.1-70.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 libMagickCore-6_Q16-1-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1 libMagickWand-6_Q16-1-6.8.8.1-70.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 libMagickCore-6_Q16-1-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1 libMagickWand-6_Q16-1-6.8.8.1-70.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-70.1 ImageMagick-debuginfo-6.8.8.1-70.1 ImageMagick-debugsource-6.8.8.1-70.1 libMagick++-6_Q16-3-6.8.8.1-70.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-70.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-70.1 libMagickCore-6_Q16-1-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-70.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-70.1 libMagickWand-6_Q16-1-6.8.8.1-70.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-70.1 References: https://www.suse.com/security/cve/CVE-2017-6502.html https://www.suse.com/security/cve/CVE-2017-7606.html https://www.suse.com/security/cve/CVE-2017-7941.html https://www.suse.com/security/cve/CVE-2017-7942.html https://www.suse.com/security/cve/CVE-2017-7943.html https://www.suse.com/security/cve/CVE-2017-8343.html https://www.suse.com/security/cve/CVE-2017-8344.html https://www.suse.com/security/cve/CVE-2017-8345.html https://www.suse.com/security/cve/CVE-2017-8346.html https://www.suse.com/security/cve/CVE-2017-8347.html https://www.suse.com/security/cve/CVE-2017-8348.html https://www.suse.com/security/cve/CVE-2017-8349.html https://www.suse.com/security/cve/CVE-2017-8350.html https://www.suse.com/security/cve/CVE-2017-8351.html https://www.suse.com/security/cve/CVE-2017-8352.html https://www.suse.com/security/cve/CVE-2017-8353.html https://www.suse.com/security/cve/CVE-2017-8354.html https://www.suse.com/security/cve/CVE-2017-8355.html https://www.suse.com/security/cve/CVE-2017-8356.html https://www.suse.com/security/cve/CVE-2017-8357.html https://www.suse.com/security/cve/CVE-2017-8765.html https://www.suse.com/security/cve/CVE-2017-8830.html https://www.suse.com/security/cve/CVE-2017-9098.html https://www.suse.com/security/cve/CVE-2017-9141.html https://www.suse.com/security/cve/CVE-2017-9142.html https://www.suse.com/security/cve/CVE-2017-9143.html https://www.suse.com/security/cve/CVE-2017-9144.html https://bugzilla.suse.com/1028075 https://bugzilla.suse.com/1033091 https://bugzilla.suse.com/1034870 https://bugzilla.suse.com/1034872 https://bugzilla.suse.com/1034876 https://bugzilla.suse.com/1036976 https://bugzilla.suse.com/1036977 https://bugzilla.suse.com/1036978 https://bugzilla.suse.com/1036980 https://bugzilla.suse.com/1036981 https://bugzilla.suse.com/1036982 https://bugzilla.suse.com/1036983 https://bugzilla.suse.com/1036984 https://bugzilla.suse.com/1036985 https://bugzilla.suse.com/1036986 https://bugzilla.suse.com/1036987 https://bugzilla.suse.com/1036988 https://bugzilla.suse.com/1036989 https://bugzilla.suse.com/1036990 https://bugzilla.suse.com/1036991 https://bugzilla.suse.com/1037527 https://bugzilla.suse.com/1038000 https://bugzilla.suse.com/1040025 https://bugzilla.suse.com/1040303 https://bugzilla.suse.com/1040304 https://bugzilla.suse.com/1040306 https://bugzilla.suse.com/1040332 From sle-security-updates at lists.suse.com Thu Jun 8 07:10:06 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 8 Jun 2017 15:10:06 +0200 (CEST) Subject: SUSE-SU-2017:1504-1: moderate: Security update for yodl Message-ID: <20170608131006.8C416101C8@maintenance.suse.de> SUSE Security Update: Security update for yodl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1504-1 Rating: moderate References: #1040917 Cross-References: CVE-2016-10375 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for yodl fixes the following issues: - CVE-2016-10375: invalid memory read in the function queue_push() could lead to Denial of service (bsc#1040917) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-922=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): yodl-3.03.0-3.1 yodl-debuginfo-3.03.0-3.1 yodl-debugsource-3.03.0-3.1 References: https://www.suse.com/security/cve/CVE-2016-10375.html https://bugzilla.suse.com/1040917 From sle-security-updates at lists.suse.com Mon Jun 12 07:10:07 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 12 Jun 2017 15:10:07 +0200 (CEST) Subject: SUSE-SU-2017:1538-1: moderate: Security update for libxml2 Message-ID: <20170612131007.EC28B101C8@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1538-1 Rating: moderate References: #1039063 #1039064 #1039066 #1039069 #1039661 Cross-References: CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for libxml2 fixes the following security issues: * CVE-2017-9050: A heap-based buffer over-read in xmlDictAddString (bsc#1039069, bsc#1039661) * CVE-2017-9049: A heap-based buffer overflow in xmlDictComputeFastKey (bsc#1039066) * CVE-2017-9048: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039063) * CVE-2017-9047: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039064) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-939=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-939=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-939=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-939=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-939=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-39.2 libxml2-devel-2.9.4-39.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxml2-2-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 libxml2-tools-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 python-libxml2-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libxml2-doc-2.9.4-39.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libxml2-2-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 libxml2-tools-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 python-libxml2-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): libxml2-doc-2.9.4-39.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libxml2-2-32bit-2.9.4-39.2 libxml2-2-debuginfo-32bit-2.9.4-39.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libxml2-2-2.9.4-39.2 libxml2-2-32bit-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-2-debuginfo-32bit-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 libxml2-tools-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 python-libxml2-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libxml2-2-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 References: https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://bugzilla.suse.com/1039063 https://bugzilla.suse.com/1039064 https://bugzilla.suse.com/1039066 https://bugzilla.suse.com/1039069 https://bugzilla.suse.com/1039661 From sle-security-updates at lists.suse.com Tue Jun 13 13:09:23 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Jun 2017 21:09:23 +0200 (CEST) Subject: SUSE-SU-2017:1557-1: moderate: Security update for libxml2 Message-ID: <20170613190923.DDC63101CB@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1557-1 Rating: moderate References: #1010675 #1013930 #1039063 #1039064 #1039066 #1039069 #1039661 Cross-References: CVE-2016-9318 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-13143=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-13143=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-libxml2-13143=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libxml2-13143=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-13143=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libxml2-13143=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.69.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.69.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.69.1 libxml2-doc-2.7.6-0.69.1 libxml2-python-2.7.6-0.69.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.69.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.69.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libxml2-2.7.6-0.69.1 libxml2-doc-2.7.6-0.69.1 libxml2-python-2.7.6-0.69.3 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libxml2-32bit-2.7.6-0.69.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libxml2-2.7.6-0.69.1 libxml2-doc-2.7.6-0.69.1 libxml2-python-2.7.6-0.69.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.69.1 libxml2-debugsource-2.7.6-0.69.1 libxml2-python-debuginfo-2.7.6-0.69.3 libxml2-python-debugsource-2.7.6-0.69.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libxml2-debuginfo-2.7.6-0.69.1 libxml2-debugsource-2.7.6-0.69.1 libxml2-python-debuginfo-2.7.6-0.69.3 libxml2-python-debugsource-2.7.6-0.69.3 References: https://www.suse.com/security/cve/CVE-2016-9318.html https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://bugzilla.suse.com/1010675 https://bugzilla.suse.com/1013930 https://bugzilla.suse.com/1039063 https://bugzilla.suse.com/1039064 https://bugzilla.suse.com/1039066 https://bugzilla.suse.com/1039069 https://bugzilla.suse.com/1039661 From sle-security-updates at lists.suse.com Tue Jun 13 13:10:53 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 13 Jun 2017 21:10:53 +0200 (CEST) Subject: SUSE-SU-2017:1558-1: important: Security update for mercurial Message-ID: <20170613191053.5D514101C8@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1558-1 Rating: important References: #1043063 #1043502 Cross-References: CVE-2017-9462 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mercurial fixes the following issues: - CVE-2017-9462: Arbitrary code execution was possible by remote users via "hg serve --stdio" (bsc#1043063): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mercurial-13144=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mercurial-13144=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-2.3.2-0.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-debuginfo-2.3.2-0.17.1 mercurial-debugsource-2.3.2-0.17.1 References: https://www.suse.com/security/cve/CVE-2017-9462.html https://bugzilla.suse.com/1043063 https://bugzilla.suse.com/1043502 From sle-security-updates at lists.suse.com Wed Jun 14 13:09:27 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 14 Jun 2017 21:09:27 +0200 (CEST) Subject: SUSE-SU-2017:1567-1: moderate: Security update for openldap2 Message-ID: <20170614190927.83719101CB@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1567-1 Rating: moderate References: #1009470 #1037396 #1041764 #972331 Cross-References: CVE-2017-9287 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764) Non security bugs fixed: - Let OpenLDAP read system-wide certificates by default and don't hide the error if the user-specified CA location cannot be read. (bsc#1009470) - Fix an uninitialised variable that causes startup failure (bsc#1037396) - Fix an issue with transaction management that can cause server crash (bsc#972331) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-962=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-962=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-962=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-962=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-962=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.29.1 openldap2-back-perl-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 openldap2-devel-2.4.41-18.29.1 openldap2-devel-static-2.4.41-18.29.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libldap-2_4-2-2.4.41-18.29.1 libldap-2_4-2-debuginfo-2.4.41-18.29.1 openldap2-2.4.41-18.29.1 openldap2-back-meta-2.4.41-18.29.1 openldap2-back-meta-debuginfo-2.4.41-18.29.1 openldap2-client-2.4.41-18.29.1 openldap2-client-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libldap-2_4-2-2.4.41-18.29.1 libldap-2_4-2-debuginfo-2.4.41-18.29.1 openldap2-2.4.41-18.29.1 openldap2-back-meta-2.4.41-18.29.1 openldap2-back-meta-debuginfo-2.4.41-18.29.1 openldap2-client-2.4.41-18.29.1 openldap2-client-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libldap-2_4-2-32bit-2.4.41-18.29.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.29.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libldap-2_4-2-2.4.41-18.29.1 libldap-2_4-2-32bit-2.4.41-18.29.1 libldap-2_4-2-debuginfo-2.4.41-18.29.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.29.1 openldap2-client-2.4.41-18.29.1 openldap2-client-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libldap-2_4-2-2.4.41-18.29.1 libldap-2_4-2-debuginfo-2.4.41-18.29.1 openldap2-debuginfo-2.4.41-18.29.1 openldap2-debugsource-2.4.41-18.29.1 References: https://www.suse.com/security/cve/CVE-2017-9287.html https://bugzilla.suse.com/1009470 https://bugzilla.suse.com/1037396 https://bugzilla.suse.com/1041764 https://bugzilla.suse.com/972331 From sle-security-updates at lists.suse.com Wed Jun 14 16:09:02 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 15 Jun 2017 00:09:02 +0200 (CEST) Subject: SUSE-SU-2017:1568-1: important: Security update for jakarta-taglibs-standard Message-ID: <20170614220902.6D4D4101CB@maintenance.suse.de> SUSE Security Update: Security update for jakarta-taglibs-standard ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1568-1 Rating: important References: #920813 Cross-References: CVE-2015-0254 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-963=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-963=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): jakarta-taglibs-standard-1.1.1-255.2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): jakarta-taglibs-standard-1.1.1-255.2 jakarta-taglibs-standard-javadoc-1.1.1-255.2 References: https://www.suse.com/security/cve/CVE-2015-0254.html https://bugzilla.suse.com/920813 From sle-security-updates at lists.suse.com Thu Jun 15 19:09:38 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Jun 2017 03:09:38 +0200 (CEST) Subject: SUSE-SU-2017:1575-1: moderate: Security update for netpbm Message-ID: <20170616010938.99CB6101C8@maintenance.suse.de> SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1575-1 Rating: moderate References: #1024287 Cross-References: CVE-2017-2581 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netpbm fixes the following security issues: - CVE-2017-2581: An out-of-bounds write in writeRasterPbm() could lead to memory corruption and potential code execution. (bsc#1024287) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-netpbm-13146=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-netpbm-13146=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-netpbm-13146=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libnetpbm-devel-10.26.44-101.14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libnetpbm-devel-32bit-10.26.44-101.14.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libnetpbm10-10.26.44-101.14.1 netpbm-10.26.44-101.14.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libnetpbm10-32bit-10.26.44-101.14.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libnetpbm10-x86-10.26.44-101.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): netpbm-debuginfo-10.26.44-101.14.1 netpbm-debugsource-10.26.44-101.14.1 References: https://www.suse.com/security/cve/CVE-2017-2581.html https://bugzilla.suse.com/1024287 From sle-security-updates at lists.suse.com Fri Jun 16 04:10:42 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Jun 2017 12:10:42 +0200 (CEST) Subject: SUSE-SU-2017:1576-1: moderate: Security update for libmicrohttpd Message-ID: <20170616101042.C8EC7101C8@maintenance.suse.de> SUSE Security Update: Security update for libmicrohttpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1576-1 Rating: moderate References: #1041216 #854443 Cross-References: CVE-2013-7038 CVE-2013-7039 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libmicrohttpd fixes the following issues: - CVE-2013-7038: The MHD_http_unescape function in libmicrohttpd might have allowed remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. (bsc#854443) - CVE-2013-7039: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. (bsc#854443) - Fixed various bugs found during a 2017 audit, which are more hardening measures and not security issues. (bsc#1041216) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-966=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-966=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-966=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmicrohttpd-debugsource-0.9.30-5.1 libmicrohttpd-devel-0.9.30-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmicrohttpd-debugsource-0.9.30-5.1 libmicrohttpd10-0.9.30-5.1 libmicrohttpd10-debuginfo-0.9.30-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libmicrohttpd-debugsource-0.9.30-5.1 libmicrohttpd10-0.9.30-5.1 libmicrohttpd10-debuginfo-0.9.30-5.1 References: https://www.suse.com/security/cve/CVE-2013-7038.html https://www.suse.com/security/cve/CVE-2013-7039.html https://bugzilla.suse.com/1041216 https://bugzilla.suse.com/854443 From sle-security-updates at lists.suse.com Fri Jun 16 04:11:21 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Jun 2017 12:11:21 +0200 (CEST) Subject: SUSE-SU-2017:1577-1: moderate: Security update for libqt5-qtbase, libqt5-qtdeclarative Message-ID: <20170616101121.29947101C8@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase, libqt5-qtdeclarative ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1577-1 Rating: moderate References: #1013095 #1034005 #1034402 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libqt5-qtbase and libqt5-qtdeclarative fixes the following issues: This security issue was fixed: - Prevent potential information leak due to race condition in QSaveFile (bsc#1034005). These non-security issues were fixed: - Fixed crash in QPlainTextEdit - Fixed Burmese rendering issue - Fixed reuse of C++-owned QObjects by different QML engines that could lead to crashes in kwin (bsc#1034402) - Make libqt5-qtquickcontrols available in SUSE Linux Enterprise. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-967=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-967=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-967=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-967=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.1-17.3.15 libQt5Concurrent-devel-5.6.1-17.3.15 libQt5Core-devel-5.6.1-17.3.15 libQt5DBus-devel-5.6.1-17.3.15 libQt5DBus-devel-debuginfo-5.6.1-17.3.15 libQt5Gui-devel-5.6.1-17.3.15 libQt5Network-devel-5.6.1-17.3.15 libQt5OpenGL-devel-5.6.1-17.3.15 libQt5OpenGLExtensions-devel-static-5.6.1-17.3.15 libQt5PlatformHeaders-devel-5.6.1-17.3.15 libQt5PlatformSupport-devel-static-5.6.1-17.3.15 libQt5PrintSupport-devel-5.6.1-17.3.15 libQt5Sql-devel-5.6.1-17.3.15 libQt5Test-devel-5.6.1-17.3.15 libQt5Widgets-devel-5.6.1-17.3.15 libQt5Xml-devel-5.6.1-17.3.15 libqt5-qtbase-common-devel-5.6.1-17.3.15 libqt5-qtbase-common-devel-debuginfo-5.6.1-17.3.15 libqt5-qtbase-debugsource-5.6.1-17.3.15 libqt5-qtbase-devel-5.6.1-17.3.15 libqt5-qtdeclarative-debugsource-5.6.1-13.3.1 libqt5-qtdeclarative-devel-5.6.1-13.3.1 libqt5-qtdeclarative-devel-debuginfo-5.6.1-13.3.1 libqt5-qtdeclarative-tools-5.6.1-13.3.1 libqt5-qtdeclarative-tools-debuginfo-5.6.1-13.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): libQt5Core-private-headers-devel-5.6.1-17.3.15 libQt5DBus-private-headers-devel-5.6.1-17.3.15 libQt5Gui-private-headers-devel-5.6.1-17.3.15 libQt5Network-private-headers-devel-5.6.1-17.3.15 libQt5OpenGL-private-headers-devel-5.6.1-17.3.15 libQt5PlatformSupport-private-headers-devel-5.6.1-17.3.15 libQt5PrintSupport-private-headers-devel-5.6.1-17.3.15 libQt5Sql-private-headers-devel-5.6.1-17.3.15 libQt5Test-private-headers-devel-5.6.1-17.3.15 libQt5Widgets-private-headers-devel-5.6.1-17.3.15 libqt5-qtbase-private-headers-devel-5.6.1-17.3.15 libqt5-qtdeclarative-private-headers-devel-5.6.1-13.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libQt5Concurrent5-5.6.1-17.3.15 libQt5Concurrent5-debuginfo-5.6.1-17.3.15 libQt5Core5-5.6.1-17.3.15 libQt5Core5-debuginfo-5.6.1-17.3.15 libQt5DBus5-5.6.1-17.3.15 libQt5DBus5-debuginfo-5.6.1-17.3.15 libQt5Gui5-5.6.1-17.3.15 libQt5Gui5-debuginfo-5.6.1-17.3.15 libQt5Network5-5.6.1-17.3.15 libQt5Network5-debuginfo-5.6.1-17.3.15 libQt5OpenGL5-5.6.1-17.3.15 libQt5OpenGL5-debuginfo-5.6.1-17.3.15 libQt5PrintSupport5-5.6.1-17.3.15 libQt5PrintSupport5-debuginfo-5.6.1-17.3.15 libQt5Sql5-5.6.1-17.3.15 libQt5Sql5-debuginfo-5.6.1-17.3.15 libQt5Sql5-mysql-5.6.1-17.3.15 libQt5Sql5-mysql-debuginfo-5.6.1-17.3.15 libQt5Sql5-postgresql-5.6.1-17.3.15 libQt5Sql5-postgresql-debuginfo-5.6.1-17.3.15 libQt5Sql5-sqlite-5.6.1-17.3.15 libQt5Sql5-sqlite-debuginfo-5.6.1-17.3.15 libQt5Sql5-unixODBC-5.6.1-17.3.15 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.3.15 libQt5Test5-5.6.1-17.3.15 libQt5Test5-debuginfo-5.6.1-17.3.15 libQt5Widgets5-5.6.1-17.3.15 libQt5Widgets5-debuginfo-5.6.1-17.3.15 libQt5Xml5-5.6.1-17.3.15 libQt5Xml5-debuginfo-5.6.1-17.3.15 libQtQuick5-5.6.1-13.3.1 libQtQuick5-debuginfo-5.6.1-13.3.1 libqt5-qtbase-debugsource-5.6.1-17.3.15 libqt5-qtdeclarative-debugsource-5.6.1-13.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libQt5Concurrent5-5.6.1-17.3.15 libQt5Concurrent5-debuginfo-5.6.1-17.3.15 libQt5Core5-5.6.1-17.3.15 libQt5Core5-debuginfo-5.6.1-17.3.15 libQt5DBus5-5.6.1-17.3.15 libQt5DBus5-debuginfo-5.6.1-17.3.15 libQt5Gui5-5.6.1-17.3.15 libQt5Gui5-debuginfo-5.6.1-17.3.15 libQt5Network5-5.6.1-17.3.15 libQt5Network5-debuginfo-5.6.1-17.3.15 libQt5OpenGL5-5.6.1-17.3.15 libQt5OpenGL5-debuginfo-5.6.1-17.3.15 libQt5PrintSupport5-5.6.1-17.3.15 libQt5PrintSupport5-debuginfo-5.6.1-17.3.15 libQt5Sql5-5.6.1-17.3.15 libQt5Sql5-debuginfo-5.6.1-17.3.15 libQt5Sql5-mysql-5.6.1-17.3.15 libQt5Sql5-mysql-debuginfo-5.6.1-17.3.15 libQt5Sql5-postgresql-5.6.1-17.3.15 libQt5Sql5-postgresql-debuginfo-5.6.1-17.3.15 libQt5Sql5-sqlite-5.6.1-17.3.15 libQt5Sql5-sqlite-debuginfo-5.6.1-17.3.15 libQt5Sql5-unixODBC-5.6.1-17.3.15 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.3.15 libQt5Test5-5.6.1-17.3.15 libQt5Test5-debuginfo-5.6.1-17.3.15 libQt5Widgets5-5.6.1-17.3.15 libQt5Widgets5-debuginfo-5.6.1-17.3.15 libQt5Xml5-5.6.1-17.3.15 libQt5Xml5-debuginfo-5.6.1-17.3.15 libQtQuick5-5.6.1-13.3.1 libQtQuick5-debuginfo-5.6.1-13.3.1 libqt5-qtbase-debugsource-5.6.1-17.3.15 libqt5-qtdeclarative-debugsource-5.6.1-13.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libQt5Concurrent5-5.6.1-17.3.15 libQt5Concurrent5-debuginfo-5.6.1-17.3.15 libQt5Core5-5.6.1-17.3.15 libQt5Core5-debuginfo-5.6.1-17.3.15 libQt5DBus5-5.6.1-17.3.15 libQt5DBus5-debuginfo-5.6.1-17.3.15 libQt5Gui5-5.6.1-17.3.15 libQt5Gui5-debuginfo-5.6.1-17.3.15 libQt5Network5-5.6.1-17.3.15 libQt5Network5-debuginfo-5.6.1-17.3.15 libQt5OpenGL5-5.6.1-17.3.15 libQt5OpenGL5-debuginfo-5.6.1-17.3.15 libQt5PrintSupport5-5.6.1-17.3.15 libQt5PrintSupport5-debuginfo-5.6.1-17.3.15 libQt5Sql5-5.6.1-17.3.15 libQt5Sql5-debuginfo-5.6.1-17.3.15 libQt5Sql5-mysql-5.6.1-17.3.15 libQt5Sql5-mysql-debuginfo-5.6.1-17.3.15 libQt5Sql5-postgresql-5.6.1-17.3.15 libQt5Sql5-postgresql-debuginfo-5.6.1-17.3.15 libQt5Sql5-sqlite-5.6.1-17.3.15 libQt5Sql5-sqlite-debuginfo-5.6.1-17.3.15 libQt5Sql5-unixODBC-5.6.1-17.3.15 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.3.15 libQt5Test5-5.6.1-17.3.15 libQt5Test5-debuginfo-5.6.1-17.3.15 libQt5Widgets5-5.6.1-17.3.15 libQt5Widgets5-debuginfo-5.6.1-17.3.15 libQt5Xml5-5.6.1-17.3.15 libQt5Xml5-debuginfo-5.6.1-17.3.15 libQtQuick5-5.6.1-13.3.1 libQtQuick5-debuginfo-5.6.1-13.3.1 libqt5-qtbase-debugsource-5.6.1-17.3.15 libqt5-qtdeclarative-debugsource-5.6.1-13.3.1 References: https://bugzilla.suse.com/1013095 https://bugzilla.suse.com/1034005 https://bugzilla.suse.com/1034402 From sle-security-updates at lists.suse.com Fri Jun 16 10:11:01 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Jun 2017 18:11:01 +0200 (CEST) Subject: SUSE-SU-2017:1581-1: moderate: Security update for Salt Message-ID: <20170616161101.6F00F101C8@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1581-1 Rating: moderate References: #1011800 #1012999 #1017078 #1020831 #1022562 #1025896 #1027240 #1027722 #1030009 #1030073 #1032931 #1035912 #1035914 #1036125 #1038855 #1039370 #1040584 #1040886 #1043111 Cross-References: CVE-2017-5200 CVE-2017-8109 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that solves two vulnerabilities and has 17 fixes is now available. Description: This update for salt provides version 2016.11.4 and brings various fixes and improvements: - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Fix format error. (bsc#1043111) - Fix ownership for whole master cache directory. (bsc#1035914) - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Fix insecure permissions in salt-ssh temporary files. (bsc#1035912, CVE-2017-8109) - Disable custom rosters for Salt SSH via Salt API. (bsc#1011800, CVE-2017-5200) - Orchestrate and batches don't return false failed information anymore. - Speed-up cherrypy by removing sleep call. - Fix os_family grains on SUSE. (bsc#1038855) - Fix setting the language on SUSE systems. (bsc#1038855) - Use SUSE specific salt-api.service. (bsc#1039370) - Fix using hostname for minion ID as '127'. - Fix core grains constants for timezone. (bsc#1032931) - Minor fixes on new pkg.list_downloaded. - Listing all type of advisory patches for Yum module. - Prevents zero length error on Python 2.6. - Fixes zypper test error after backporting. - Raet protocol is no longer supported. (bsc#1020831) - Fix moving SSH data to the new home. (bsc#1027722) - Fix logrotating /var/log/salt/minion. (bsc#1030009) - Fix result of master_tops extension is mutually overwritten. (bsc#1030073) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs. - Allows to set custom timeouts for 'manage.up' and 'manage.status'. - Use salt's ordereddict for comparison. - Fix scripts for salt-proxy. - Add openscap module. - File.get_managed regression fix. - Fix translate variable arguments if they contain hidden keywords. (bsc#1025896) - Added unit test for dockerng.sls_build dryrun. - Added dryrun to dockerng.sls_build. - Update dockerng minimal version requirements. - Fix format error in error parsing. - Keep fix for migrating salt home directory. (bsc#1022562) - Fix salt pkg.latest raises exception if package is not available. (bsc#1012999) - Timezone should always be in UTC. (bsc#1017078) - Fix timezone handling for rpm installtime. (bsc#1017078) - Increasing timeouts for running integrations tests. - Add buildargs option to dockerng.build module. - Fix error when missing ssh-option parameter. - Re-add yum notify plugin. - All kwargs to dockerng.create to provide all features to sls_build as well. - Datetime should be returned always in UTC. - Fix possible crash while deserialising data on infinite recursion in scheduled state. (bsc#1036125) - Documentation refresh to 2016.11.4 - For a detailed description, please refer to: + https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-201705-13150=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-201705-13150=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-42.2 salt-doc-2016.11.4-42.2 salt-minion-2016.11.4-42.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.4-42.2 salt-doc-2016.11.4-42.2 salt-minion-2016.11.4-42.2 References: https://www.suse.com/security/cve/CVE-2017-5200.html https://www.suse.com/security/cve/CVE-2017-8109.html https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035912 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040584 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1043111 From sle-security-updates at lists.suse.com Fri Jun 16 10:13:53 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Jun 2017 18:13:53 +0200 (CEST) Subject: SUSE-SU-2017:1582-1: moderate: Security update for Salt Message-ID: <20170616161353.22AA0101C8@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1582-1 Rating: moderate References: #1011800 #1012999 #1017078 #1020831 #1022562 #1025896 #1027240 #1027722 #1030009 #1030073 #1032931 #1035912 #1035914 #1036125 #1038855 #1039370 #1040584 #1040886 #1043111 Cross-References: CVE-2017-5200 CVE-2017-8109 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Enterprise Storage 4 SUSE Enterprise Storage 3 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has 17 fixes is now available. Description: This update for salt provides version 2016.11.4 and brings various fixes and improvements: - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Fix format error. (bsc#1043111) - Fix ownership for whole master cache directory. (bsc#1035914) - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Fix insecure permissions in salt-ssh temporary files. (bsc#1035912, CVE-2017-8109) - Disable custom rosters for Salt SSH via Salt API. (bsc#1011800, CVE-2017-5200) - Orchestrate and batches don't return false failed information anymore. - Speed-up cherrypy by removing sleep call. - Fix os_family grains on SUSE. (bsc#1038855) - Fix setting the language on SUSE systems. (bsc#1038855) - Use SUSE specific salt-api.service. (bsc#1039370) - Fix using hostname for minion ID as '127'. - Fix core grains constants for timezone. (bsc#1032931) - Minor fixes on new pkg.list_downloaded. - Listing all type of advisory patches for Yum module. - Prevents zero length error on Python 2.6. - Fixes zypper test error after backporting. - Raet protocol is no longer supported. (bsc#1020831) - Fix moving SSH data to the new home. (bsc#1027722) - Fix logrotating /var/log/salt/minion. (bsc#1030009) - Fix result of master_tops extension is mutually overwritten. (bsc#1030073) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs. - Allows to set custom timeouts for 'manage.up' and 'manage.status'. - Use salt's ordereddict for comparison. - Fix scripts for salt-proxy. - Add openscap module. - File.get_managed regression fix. - Fix translate variable arguments if they contain hidden keywords. (bsc#1025896) - Added unit test for dockerng.sls_build dryrun. - Added dryrun to dockerng.sls_build. - Update dockerng minimal version requirements. - Fix format error in error parsing. - Keep fix for migrating salt home directory. (bsc#1022562) - Fix salt pkg.latest raises exception if package is not available. (bsc#1012999) - Timezone should always be in UTC. (bsc#1017078) - Fix timezone handling for rpm installtime. (bsc#1017078) - Increasing timeouts for running integrations tests. - Add buildargs option to dockerng.build module. - Fix error when missing ssh-option parameter. - Re-add yum notify plugin. - All kwargs to dockerng.create to provide all features to sls_build as well. - Datetime should be returned always in UTC. - Fix possible crash while deserialising data on infinite recursion in scheduled state. (bsc#1036125) - Documentation refresh to 2016.11.4 - For a detailed description, please refer to: + https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html + https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-974=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-974=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-974=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2017-974=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-974=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-974=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-974=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-974=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): salt-2016.11.4-45.2 salt-doc-2016.11.4-45.2 salt-minion-2016.11.4-45.2 - SUSE Manager Server 3.0 (x86_64): salt-2016.11.4-45.2 salt-api-2016.11.4-45.2 salt-doc-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 salt-proxy-2016.11.4-45.2 salt-ssh-2016.11.4-45.2 salt-syndic-2016.11.4-45.2 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2016.11.4-45.2 salt-zsh-completion-2016.11.4-45.2 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2016.11.4-45.2 salt-zsh-completion-2016.11.4-45.2 - SUSE Manager Proxy 3.0 (x86_64): salt-2016.11.4-45.2 salt-api-2016.11.4-45.2 salt-doc-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 salt-proxy-2016.11.4-45.2 salt-ssh-2016.11.4-45.2 salt-syndic-2016.11.4-45.2 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): salt-2016.11.4-45.2 salt-minion-2016.11.4-45.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): salt-2016.11.4-45.2 salt-api-2016.11.4-45.2 salt-cloud-2016.11.4-45.2 salt-doc-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 salt-proxy-2016.11.4-45.2 salt-ssh-2016.11.4-45.2 salt-syndic-2016.11.4-45.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2016.11.4-45.2 salt-zsh-completion-2016.11.4-45.2 - SUSE Enterprise Storage 4 (aarch64 x86_64): salt-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 - SUSE Enterprise Storage 3 (aarch64 x86_64): salt-2016.11.4-45.2 salt-master-2016.11.4-45.2 salt-minion-2016.11.4-45.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): salt-2016.11.4-45.2 salt-minion-2016.11.4-45.2 References: https://www.suse.com/security/cve/CVE-2017-5200.html https://www.suse.com/security/cve/CVE-2017-8109.html https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035912 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040584 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1043111 From sle-security-updates at lists.suse.com Fri Jun 16 13:09:50 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Jun 2017 21:09:50 +0200 (CEST) Subject: SUSE-SU-2017:1585-1: moderate: Security update for php53 Message-ID: <20170616190950.6A39B101C8@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1585-1 Rating: moderate References: #1031246 #1035111 #1040883 #1040889 #1040891 Cross-References: CVE-2016-6294 CVE-2017-7272 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used the port number that is specified in the hostname argument, instead of the port number in the second argument of the function (bsc#1031246) - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). - CVE-2017-9227: An issue was discovered in Oniguruma 6.2.0, as used in mbstring in PHP. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. (bsc#1040883) - CVE-2017-9226: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. (bsc#1040889) - CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in mbstring in PHP. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. (bsc#1040891) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13151=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13151=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13151=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-108.1 php53-imap-5.3.17-108.1 php53-posix-5.3.17-108.1 php53-readline-5.3.17-108.1 php53-sockets-5.3.17-108.1 php53-sqlite-5.3.17-108.1 php53-tidy-5.3.17-108.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-108.1 php53-5.3.17-108.1 php53-bcmath-5.3.17-108.1 php53-bz2-5.3.17-108.1 php53-calendar-5.3.17-108.1 php53-ctype-5.3.17-108.1 php53-curl-5.3.17-108.1 php53-dba-5.3.17-108.1 php53-dom-5.3.17-108.1 php53-exif-5.3.17-108.1 php53-fastcgi-5.3.17-108.1 php53-fileinfo-5.3.17-108.1 php53-ftp-5.3.17-108.1 php53-gd-5.3.17-108.1 php53-gettext-5.3.17-108.1 php53-gmp-5.3.17-108.1 php53-iconv-5.3.17-108.1 php53-intl-5.3.17-108.1 php53-json-5.3.17-108.1 php53-ldap-5.3.17-108.1 php53-mbstring-5.3.17-108.1 php53-mcrypt-5.3.17-108.1 php53-mysql-5.3.17-108.1 php53-odbc-5.3.17-108.1 php53-openssl-5.3.17-108.1 php53-pcntl-5.3.17-108.1 php53-pdo-5.3.17-108.1 php53-pear-5.3.17-108.1 php53-pgsql-5.3.17-108.1 php53-pspell-5.3.17-108.1 php53-shmop-5.3.17-108.1 php53-snmp-5.3.17-108.1 php53-soap-5.3.17-108.1 php53-suhosin-5.3.17-108.1 php53-sysvmsg-5.3.17-108.1 php53-sysvsem-5.3.17-108.1 php53-sysvshm-5.3.17-108.1 php53-tokenizer-5.3.17-108.1 php53-wddx-5.3.17-108.1 php53-xmlreader-5.3.17-108.1 php53-xmlrpc-5.3.17-108.1 php53-xmlwriter-5.3.17-108.1 php53-xsl-5.3.17-108.1 php53-zip-5.3.17-108.1 php53-zlib-5.3.17-108.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-108.1 php53-debugsource-5.3.17-108.1 References: https://www.suse.com/security/cve/CVE-2016-6294.html https://www.suse.com/security/cve/CVE-2017-7272.html https://www.suse.com/security/cve/CVE-2017-9224.html https://www.suse.com/security/cve/CVE-2017-9226.html https://www.suse.com/security/cve/CVE-2017-9227.html https://bugzilla.suse.com/1031246 https://bugzilla.suse.com/1035111 https://bugzilla.suse.com/1040883 https://bugzilla.suse.com/1040889 https://bugzilla.suse.com/1040891 From sle-security-updates at lists.suse.com Fri Jun 16 13:10:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 16 Jun 2017 21:10:44 +0200 (CEST) Subject: SUSE-SU-2017:1587-1: moderate: Security update for libxml2 Message-ID: <20170616191044.D3AC6101C8@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1587-1 Rating: moderate References: #1039063 #1039064 #1039066 #1039069 #1039661 Cross-References: CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for libxml2 fixes the following issues: - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-975=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-975=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-975=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-975=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libxml2-2-2.9.1-26.15.1 libxml2-2-debuginfo-2.9.1-26.15.1 libxml2-debugsource-2.9.1-26.15.1 libxml2-tools-2.9.1-26.15.1 libxml2-tools-debuginfo-2.9.1-26.15.1 python-libxml2-2.9.1-26.15.1 python-libxml2-debuginfo-2.9.1-26.15.1 python-libxml2-debugsource-2.9.1-26.15.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libxml2-2-32bit-2.9.1-26.15.1 libxml2-2-debuginfo-32bit-2.9.1-26.15.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): libxml2-doc-2.9.1-26.15.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libxml2-2-2.9.1-26.15.1 libxml2-2-32bit-2.9.1-26.15.1 libxml2-2-debuginfo-2.9.1-26.15.1 libxml2-2-debuginfo-32bit-2.9.1-26.15.1 libxml2-debugsource-2.9.1-26.15.1 libxml2-tools-2.9.1-26.15.1 libxml2-tools-debuginfo-2.9.1-26.15.1 python-libxml2-2.9.1-26.15.1 python-libxml2-debuginfo-2.9.1-26.15.1 python-libxml2-debugsource-2.9.1-26.15.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): libxml2-doc-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libxml2-2-2.9.1-26.15.1 libxml2-2-debuginfo-2.9.1-26.15.1 libxml2-debugsource-2.9.1-26.15.1 libxml2-tools-2.9.1-26.15.1 libxml2-tools-debuginfo-2.9.1-26.15.1 python-libxml2-2.9.1-26.15.1 python-libxml2-debuginfo-2.9.1-26.15.1 python-libxml2-debugsource-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libxml2-2-32bit-2.9.1-26.15.1 libxml2-2-debuginfo-32bit-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): libxml2-doc-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libxml2-2-2.9.1-26.15.1 libxml2-2-debuginfo-2.9.1-26.15.1 libxml2-debugsource-2.9.1-26.15.1 libxml2-tools-2.9.1-26.15.1 libxml2-tools-debuginfo-2.9.1-26.15.1 python-libxml2-2.9.1-26.15.1 python-libxml2-debuginfo-2.9.1-26.15.1 python-libxml2-debugsource-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libxml2-2-32bit-2.9.1-26.15.1 libxml2-2-debuginfo-32bit-2.9.1-26.15.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): libxml2-doc-2.9.1-26.15.1 References: https://www.suse.com/security/cve/CVE-2017-9047.html https://www.suse.com/security/cve/CVE-2017-9048.html https://www.suse.com/security/cve/CVE-2017-9049.html https://www.suse.com/security/cve/CVE-2017-9050.html https://bugzilla.suse.com/1039063 https://bugzilla.suse.com/1039064 https://bugzilla.suse.com/1039066 https://bugzilla.suse.com/1039069 https://bugzilla.suse.com/1039661 From sle-security-updates at lists.suse.com Mon Jun 19 04:10:25 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 12:10:25 +0200 (CEST) Subject: SUSE-SU-2017:1599-1: moderate: Security update for ImageMagick Message-ID: <20170619101025.963E0101CA@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1599-1 Rating: moderate References: #1033091 #1034870 #1034872 #1034876 #1036976 #1036978 #1036980 #1036981 #1036983 #1036984 #1036985 #1036986 #1036987 #1036988 #1036989 #1036990 #1037527 #1038000 #1040025 #1040303 #1040304 #1040306 #1040332 Cross-References: CVE-2014-9846 CVE-2016-10050 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13152=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13152=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13152=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.77.1 ImageMagick-devel-6.4.3.6-7.77.1 libMagick++-devel-6.4.3.6-7.77.1 libMagick++1-6.4.3.6-7.77.1 libMagickWand1-6.4.3.6-7.77.1 perl-PerlMagick-6.4.3.6-7.77.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.77.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.77.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.77.1 ImageMagick-debugsource-6.4.3.6-7.77.1 References: https://www.suse.com/security/cve/CVE-2014-9846.html https://www.suse.com/security/cve/CVE-2016-10050.html https://www.suse.com/security/cve/CVE-2017-7606.html https://www.suse.com/security/cve/CVE-2017-7941.html https://www.suse.com/security/cve/CVE-2017-7942.html https://www.suse.com/security/cve/CVE-2017-7943.html https://www.suse.com/security/cve/CVE-2017-8344.html https://www.suse.com/security/cve/CVE-2017-8345.html https://www.suse.com/security/cve/CVE-2017-8346.html https://www.suse.com/security/cve/CVE-2017-8348.html https://www.suse.com/security/cve/CVE-2017-8349.html https://www.suse.com/security/cve/CVE-2017-8350.html https://www.suse.com/security/cve/CVE-2017-8351.html https://www.suse.com/security/cve/CVE-2017-8352.html https://www.suse.com/security/cve/CVE-2017-8353.html https://www.suse.com/security/cve/CVE-2017-8354.html https://www.suse.com/security/cve/CVE-2017-8355.html https://www.suse.com/security/cve/CVE-2017-8357.html https://www.suse.com/security/cve/CVE-2017-8765.html https://www.suse.com/security/cve/CVE-2017-8830.html https://www.suse.com/security/cve/CVE-2017-9098.html https://www.suse.com/security/cve/CVE-2017-9141.html https://www.suse.com/security/cve/CVE-2017-9142.html https://www.suse.com/security/cve/CVE-2017-9143.html https://www.suse.com/security/cve/CVE-2017-9144.html https://bugzilla.suse.com/1033091 https://bugzilla.suse.com/1034870 https://bugzilla.suse.com/1034872 https://bugzilla.suse.com/1034876 https://bugzilla.suse.com/1036976 https://bugzilla.suse.com/1036978 https://bugzilla.suse.com/1036980 https://bugzilla.suse.com/1036981 https://bugzilla.suse.com/1036983 https://bugzilla.suse.com/1036984 https://bugzilla.suse.com/1036985 https://bugzilla.suse.com/1036986 https://bugzilla.suse.com/1036987 https://bugzilla.suse.com/1036988 https://bugzilla.suse.com/1036989 https://bugzilla.suse.com/1036990 https://bugzilla.suse.com/1037527 https://bugzilla.suse.com/1038000 https://bugzilla.suse.com/1040025 https://bugzilla.suse.com/1040303 https://bugzilla.suse.com/1040304 https://bugzilla.suse.com/1040306 https://bugzilla.suse.com/1040332 From sle-security-updates at lists.suse.com Mon Jun 19 07:10:17 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 15:10:17 +0200 (CEST) Subject: SUSE-SU-2017:1600-1: moderate: Security update for GraphicsMagick Message-ID: <20170619131017.86BB8101C8@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1600-1 Rating: moderate References: #1033091 #1034876 #1036978 #1036980 #1036981 #1036984 #1036985 #1036986 #1036987 #1036988 #1036990 #1037527 #1038000 #1040025 #1040304 #1040332 #984144 Cross-References: CVE-2014-9847 CVE-2017-7606 CVE-2017-7941 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8355 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9142 CVE-2017-9144 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: This security issue was fixed: - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985). The previous fix for CVE-2014-9847 (bsc#984144) was incorrect and incomplete and has been refreshed. - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13153=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13153=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13153=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.77.1 libGraphicsMagick2-1.2.5-4.77.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.77.1 libGraphicsMagick2-1.2.5-4.77.1 perl-GraphicsMagick-1.2.5-4.77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.77.1 GraphicsMagick-debugsource-1.2.5-4.77.1 References: https://www.suse.com/security/cve/CVE-2014-9847.html https://www.suse.com/security/cve/CVE-2017-7606.html https://www.suse.com/security/cve/CVE-2017-7941.html https://www.suse.com/security/cve/CVE-2017-8344.html https://www.suse.com/security/cve/CVE-2017-8345.html https://www.suse.com/security/cve/CVE-2017-8346.html https://www.suse.com/security/cve/CVE-2017-8349.html https://www.suse.com/security/cve/CVE-2017-8350.html https://www.suse.com/security/cve/CVE-2017-8351.html https://www.suse.com/security/cve/CVE-2017-8352.html https://www.suse.com/security/cve/CVE-2017-8353.html https://www.suse.com/security/cve/CVE-2017-8355.html https://www.suse.com/security/cve/CVE-2017-8765.html https://www.suse.com/security/cve/CVE-2017-8830.html https://www.suse.com/security/cve/CVE-2017-9098.html https://www.suse.com/security/cve/CVE-2017-9142.html https://www.suse.com/security/cve/CVE-2017-9144.html https://bugzilla.suse.com/1033091 https://bugzilla.suse.com/1034876 https://bugzilla.suse.com/1036978 https://bugzilla.suse.com/1036980 https://bugzilla.suse.com/1036981 https://bugzilla.suse.com/1036984 https://bugzilla.suse.com/1036985 https://bugzilla.suse.com/1036986 https://bugzilla.suse.com/1036987 https://bugzilla.suse.com/1036988 https://bugzilla.suse.com/1036990 https://bugzilla.suse.com/1037527 https://bugzilla.suse.com/1038000 https://bugzilla.suse.com/1040025 https://bugzilla.suse.com/1040304 https://bugzilla.suse.com/1040332 https://bugzilla.suse.com/984144 From sle-security-updates at lists.suse.com Mon Jun 19 07:13:16 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 15:13:16 +0200 (CEST) Subject: SUSE-SU-2017:1603-1: moderate: Security update for netpbm Message-ID: <20170619131316.48343101CB@maintenance.suse.de> SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1603-1 Rating: moderate References: #1024287 #1024292 #1024294 Cross-References: CVE-2017-2581 CVE-2017-2586 CVE-2017-2587 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for netpbm fixes the following issues: Security bugs: * CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images. [bsc#1024292] * CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287] * CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-980=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-980=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-980=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-980=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.66.3-7.1 netpbm-debuginfo-10.66.3-7.1 netpbm-debugsource-10.66.3-7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libnetpbm11-10.66.3-7.1 libnetpbm11-debuginfo-10.66.3-7.1 netpbm-10.66.3-7.1 netpbm-debuginfo-10.66.3-7.1 netpbm-debugsource-10.66.3-7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libnetpbm11-10.66.3-7.1 libnetpbm11-debuginfo-10.66.3-7.1 netpbm-10.66.3-7.1 netpbm-debuginfo-10.66.3-7.1 netpbm-debugsource-10.66.3-7.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libnetpbm11-32bit-10.66.3-7.1 libnetpbm11-debuginfo-32bit-10.66.3-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libnetpbm11-10.66.3-7.1 libnetpbm11-32bit-10.66.3-7.1 libnetpbm11-debuginfo-10.66.3-7.1 libnetpbm11-debuginfo-32bit-10.66.3-7.1 netpbm-10.66.3-7.1 netpbm-debuginfo-10.66.3-7.1 netpbm-debugsource-10.66.3-7.1 References: https://www.suse.com/security/cve/CVE-2017-2581.html https://www.suse.com/security/cve/CVE-2017-2586.html https://www.suse.com/security/cve/CVE-2017-2587.html https://bugzilla.suse.com/1024287 https://bugzilla.suse.com/1024292 https://bugzilla.suse.com/1024294 From sle-security-updates at lists.suse.com Mon Jun 19 07:14:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 15:14:54 +0200 (CEST) Subject: SUSE-SU-2017:1606-1: important: Security update for mercurial Message-ID: <20170619131454.AB143101C8@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1606-1 Rating: important References: #1043063 Cross-References: CVE-2017-9462 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: Security issue fixed: - CVE-2017-9462: Fix the arbitrary code exec by remote users via "hg serve --stdio" (bsc#1043063): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-981=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-14.1 mercurial-debuginfo-2.8.2-14.1 mercurial-debugsource-2.8.2-14.1 References: https://www.suse.com/security/cve/CVE-2017-9462.html https://bugzilla.suse.com/1043063 From sle-security-updates at lists.suse.com Mon Jun 19 10:11:10 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 18:11:10 +0200 (CEST) Subject: SUSE-SU-2017:1608-1: moderate: Security update for libgcrypt Message-ID: <20170619161110.7748B101C8@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1608-1 Rating: moderate References: #1042326 #931932 Cross-References: CVE-2017-9526 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libgcrypt fixes the following issues: - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. (bsc#1042326) - Don't require secure memory for the fips selftests, this prevents the "Oops, secure memory pool already initialized" warning. (bsc#931932) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-985=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-985=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-985=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-985=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-985=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt-devel-1.6.1-16.39.1 libgcrypt-devel-debuginfo-1.6.1-16.39.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt20-1.6.1-16.39.1 libgcrypt20-debuginfo-1.6.1-16.39.1 libgcrypt20-hmac-1.6.1-16.39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt20-1.6.1-16.39.1 libgcrypt20-debuginfo-1.6.1-16.39.1 libgcrypt20-hmac-1.6.1-16.39.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libgcrypt20-32bit-1.6.1-16.39.1 libgcrypt20-debuginfo-32bit-1.6.1-16.39.1 libgcrypt20-hmac-32bit-1.6.1-16.39.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt20-1.6.1-16.39.1 libgcrypt20-32bit-1.6.1-16.39.1 libgcrypt20-debuginfo-1.6.1-16.39.1 libgcrypt20-debuginfo-32bit-1.6.1-16.39.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libgcrypt-debugsource-1.6.1-16.39.1 libgcrypt20-1.6.1-16.39.1 libgcrypt20-debuginfo-1.6.1-16.39.1 References: https://www.suse.com/security/cve/CVE-2017-9526.html https://bugzilla.suse.com/1042326 https://bugzilla.suse.com/931932 From sle-security-updates at lists.suse.com Mon Jun 19 13:10:14 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:10:14 +0200 (CEST) Subject: SUSE-SU-2017:1611-1: important: Security update for glibc Message-ID: <20170619191014.77287101C8@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1611-1 Rating: important References: #1038690 #1039357 #987216 Cross-References: CVE-2017-1000366 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - The incorrectly defined constant O_TMPFILE has been fixed. [bsc#1038690] - A defect in glibc's regression test suite has been remedied to avoid false positives. [bsc#987216] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-988=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-988=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): glibc-2.19-22.21.1 glibc-32bit-2.19-22.21.1 glibc-debuginfo-2.19-22.21.1 glibc-debuginfo-32bit-2.19-22.21.1 glibc-debugsource-2.19-22.21.1 glibc-devel-2.19-22.21.1 glibc-devel-32bit-2.19-22.21.1 glibc-devel-debuginfo-2.19-22.21.1 glibc-devel-debuginfo-32bit-2.19-22.21.1 glibc-locale-2.19-22.21.1 glibc-locale-32bit-2.19-22.21.1 glibc-locale-debuginfo-2.19-22.21.1 glibc-locale-debuginfo-32bit-2.19-22.21.1 glibc-profile-2.19-22.21.1 glibc-profile-32bit-2.19-22.21.1 nscd-2.19-22.21.1 nscd-debuginfo-2.19-22.21.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): glibc-html-2.19-22.21.1 glibc-i18ndata-2.19-22.21.1 glibc-info-2.19-22.21.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): glibc-2.19-22.21.1 glibc-debuginfo-2.19-22.21.1 glibc-debugsource-2.19-22.21.1 glibc-devel-2.19-22.21.1 glibc-devel-debuginfo-2.19-22.21.1 glibc-locale-2.19-22.21.1 glibc-locale-debuginfo-2.19-22.21.1 glibc-profile-2.19-22.21.1 nscd-2.19-22.21.1 nscd-debuginfo-2.19-22.21.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): glibc-32bit-2.19-22.21.1 glibc-debuginfo-32bit-2.19-22.21.1 glibc-devel-32bit-2.19-22.21.1 glibc-devel-debuginfo-32bit-2.19-22.21.1 glibc-locale-32bit-2.19-22.21.1 glibc-locale-debuginfo-32bit-2.19-22.21.1 glibc-profile-32bit-2.19-22.21.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): glibc-html-2.19-22.21.1 glibc-i18ndata-2.19-22.21.1 glibc-info-2.19-22.21.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1038690 https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/987216 From sle-security-updates at lists.suse.com Mon Jun 19 13:11:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:11:54 +0200 (CEST) Subject: SUSE-SU-2017:1613-1: critical: Security update for the Linux Kernel Message-ID: <20170619191154.82352101C8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1613-1 Rating: critical References: #1039348 #979021 Cross-References: CVE-2015-3288 CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security fixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous pages, which allowed local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero (bnc#979021). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13156=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13156=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13156=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13156=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.102.1 kernel-default-base-3.0.101-0.47.102.1 kernel-default-devel-3.0.101-0.47.102.1 kernel-source-3.0.101-0.47.102.1 kernel-syms-3.0.101-0.47.102.1 kernel-trace-3.0.101-0.47.102.1 kernel-trace-base-3.0.101-0.47.102.1 kernel-trace-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.102.1 kernel-ec2-base-3.0.101-0.47.102.1 kernel-ec2-devel-3.0.101-0.47.102.1 kernel-xen-3.0.101-0.47.102.1 kernel-xen-base-3.0.101-0.47.102.1 kernel-xen-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.102.1 kernel-bigsmp-base-3.0.101-0.47.102.1 kernel-bigsmp-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.102.1 kernel-pae-base-3.0.101-0.47.102.1 kernel-pae-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.102.1 kernel-trace-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.102.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.102.1 kernel-default-base-3.0.101-0.47.102.1 kernel-default-devel-3.0.101-0.47.102.1 kernel-ec2-3.0.101-0.47.102.1 kernel-ec2-base-3.0.101-0.47.102.1 kernel-ec2-devel-3.0.101-0.47.102.1 kernel-pae-3.0.101-0.47.102.1 kernel-pae-base-3.0.101-0.47.102.1 kernel-pae-devel-3.0.101-0.47.102.1 kernel-source-3.0.101-0.47.102.1 kernel-syms-3.0.101-0.47.102.1 kernel-trace-3.0.101-0.47.102.1 kernel-trace-base-3.0.101-0.47.102.1 kernel-trace-devel-3.0.101-0.47.102.1 kernel-xen-3.0.101-0.47.102.1 kernel-xen-base-3.0.101-0.47.102.1 kernel-xen-devel-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.102.1 kernel-default-debugsource-3.0.101-0.47.102.1 kernel-trace-debuginfo-3.0.101-0.47.102.1 kernel-trace-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.102.1 kernel-ec2-debugsource-3.0.101-0.47.102.1 kernel-xen-debuginfo-3.0.101-0.47.102.1 kernel-xen-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.102.1 kernel-bigsmp-debugsource-3.0.101-0.47.102.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.102.1 kernel-pae-debugsource-3.0.101-0.47.102.1 References: https://www.suse.com/security/cve/CVE-2015-3288.html https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/979021 From sle-security-updates at lists.suse.com Mon Jun 19 13:12:34 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:12:34 +0200 (CEST) Subject: SUSE-SU-2017:1614-1: important: Security update for glibc Message-ID: <20170619191234.EFDAA101C8@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1614-1 Rating: important References: #1038690 #1039357 #986858 Cross-References: CVE-2017-1000366 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - The incorrectly defined constant O_TMPFILE has been fixed. [bsc#1038690] - An incorrectly specified buffer length in nscd netgroup queries has been fixed. [bsc#986858] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-989=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-989=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-989=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): glibc-2.19-40.6.1 glibc-32bit-2.19-40.6.1 glibc-debuginfo-2.19-40.6.1 glibc-debuginfo-32bit-2.19-40.6.1 glibc-debugsource-2.19-40.6.1 glibc-devel-2.19-40.6.1 glibc-devel-32bit-2.19-40.6.1 glibc-devel-debuginfo-2.19-40.6.1 glibc-devel-debuginfo-32bit-2.19-40.6.1 glibc-locale-2.19-40.6.1 glibc-locale-32bit-2.19-40.6.1 glibc-locale-debuginfo-2.19-40.6.1 glibc-locale-debuginfo-32bit-2.19-40.6.1 glibc-profile-2.19-40.6.1 glibc-profile-32bit-2.19-40.6.1 nscd-2.19-40.6.1 nscd-debuginfo-2.19-40.6.1 - SUSE OpenStack Cloud 6 (noarch): glibc-html-2.19-40.6.1 glibc-i18ndata-2.19-40.6.1 glibc-info-2.19-40.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): glibc-2.19-40.6.1 glibc-debuginfo-2.19-40.6.1 glibc-debugsource-2.19-40.6.1 glibc-devel-2.19-40.6.1 glibc-devel-debuginfo-2.19-40.6.1 glibc-locale-2.19-40.6.1 glibc-locale-debuginfo-2.19-40.6.1 glibc-profile-2.19-40.6.1 nscd-2.19-40.6.1 nscd-debuginfo-2.19-40.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): glibc-32bit-2.19-40.6.1 glibc-debuginfo-32bit-2.19-40.6.1 glibc-devel-32bit-2.19-40.6.1 glibc-devel-debuginfo-32bit-2.19-40.6.1 glibc-locale-32bit-2.19-40.6.1 glibc-locale-debuginfo-32bit-2.19-40.6.1 glibc-profile-32bit-2.19-40.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): glibc-html-2.19-40.6.1 glibc-i18ndata-2.19-40.6.1 glibc-info-2.19-40.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glibc-2.19-40.6.1 glibc-debuginfo-2.19-40.6.1 glibc-debugsource-2.19-40.6.1 glibc-devel-2.19-40.6.1 glibc-devel-debuginfo-2.19-40.6.1 glibc-locale-2.19-40.6.1 glibc-locale-debuginfo-2.19-40.6.1 glibc-profile-2.19-40.6.1 nscd-2.19-40.6.1 nscd-debuginfo-2.19-40.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): glibc-32bit-2.19-40.6.1 glibc-debuginfo-32bit-2.19-40.6.1 glibc-devel-32bit-2.19-40.6.1 glibc-devel-debuginfo-32bit-2.19-40.6.1 glibc-locale-32bit-2.19-40.6.1 glibc-locale-debuginfo-32bit-2.19-40.6.1 glibc-profile-32bit-2.19-40.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glibc-html-2.19-40.6.1 glibc-i18ndata-2.19-40.6.1 glibc-info-2.19-40.6.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1038690 https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/986858 From sle-security-updates at lists.suse.com Mon Jun 19 13:13:18 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:13:18 +0200 (CEST) Subject: SUSE-SU-2017:1615-1: critical: Security update for the Linux Kernel Message-ID: <20170619191318.E7A8B101C8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1615-1 Rating: critical References: #1039348 #1042292 Cross-References: CVE-2017-1000364 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: netfilter: A use-after-free was fixed that could cause a kernel panic on a system shutdown. (bsc#1042292) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-996=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-996=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-996=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-996=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.45.1 kernel-default-base-3.12.74-60.64.45.1 kernel-default-base-debuginfo-3.12.74-60.64.45.1 kernel-default-debuginfo-3.12.74-60.64.45.1 kernel-default-debugsource-3.12.74-60.64.45.1 kernel-default-devel-3.12.74-60.64.45.1 kernel-syms-3.12.74-60.64.45.1 kernel-xen-3.12.74-60.64.45.1 kernel-xen-base-3.12.74-60.64.45.1 kernel-xen-base-debuginfo-3.12.74-60.64.45.1 kernel-xen-debuginfo-3.12.74-60.64.45.1 kernel-xen-debugsource-3.12.74-60.64.45.1 kernel-xen-devel-3.12.74-60.64.45.1 kgraft-patch-3_12_74-60_64_45-default-1-4.1 kgraft-patch-3_12_74-60_64_45-xen-1-4.1 - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.45.1 kernel-macros-3.12.74-60.64.45.1 kernel-source-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.45.1 kernel-default-base-3.12.74-60.64.45.1 kernel-default-base-debuginfo-3.12.74-60.64.45.1 kernel-default-debuginfo-3.12.74-60.64.45.1 kernel-default-debugsource-3.12.74-60.64.45.1 kernel-default-devel-3.12.74-60.64.45.1 kernel-syms-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.45.1 kernel-macros-3.12.74-60.64.45.1 kernel-source-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.45.1 kernel-xen-base-3.12.74-60.64.45.1 kernel-xen-base-debuginfo-3.12.74-60.64.45.1 kernel-xen-debuginfo-3.12.74-60.64.45.1 kernel-xen-debugsource-3.12.74-60.64.45.1 kernel-xen-devel-3.12.74-60.64.45.1 kgraft-patch-3_12_74-60_64_45-default-1-4.1 kgraft-patch-3_12_74-60_64_45-xen-1-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.45.1 kernel-default-base-3.12.74-60.64.45.1 kernel-default-base-debuginfo-3.12.74-60.64.45.1 kernel-default-debuginfo-3.12.74-60.64.45.1 kernel-default-debugsource-3.12.74-60.64.45.1 kernel-default-devel-3.12.74-60.64.45.1 kernel-syms-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.45.1 kernel-macros-3.12.74-60.64.45.1 kernel-source-3.12.74-60.64.45.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.45.1 kernel-xen-base-3.12.74-60.64.45.1 kernel-xen-base-debuginfo-3.12.74-60.64.45.1 kernel-xen-debuginfo-3.12.74-60.64.45.1 kernel-xen-debugsource-3.12.74-60.64.45.1 kernel-xen-devel-3.12.74-60.64.45.1 kgraft-patch-3_12_74-60_64_45-default-1-4.1 kgraft-patch-3_12_74-60_64_45-xen-1-4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.45.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.45.1 kernel-ec2-debuginfo-3.12.74-60.64.45.1 kernel-ec2-debugsource-3.12.74-60.64.45.1 kernel-ec2-devel-3.12.74-60.64.45.1 kernel-ec2-extra-3.12.74-60.64.45.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.45.1 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1042292 From sle-security-updates at lists.suse.com Mon Jun 19 13:14:45 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:14:45 +0200 (CEST) Subject: SUSE-SU-2017:1617-1: critical: Security update for the Linux Kernel Message-ID: <20170619191445.A4117101C8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1617-1 Rating: critical References: #1037384 #1039348 Cross-References: CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - There was a load failure in the sha-mb encryption implementation (bsc#1037384). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-994=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-994=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-994=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-994=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-994=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-994=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-994=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-994=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 kernel-default-extra-4.4.59-92.20.2 kernel-default-extra-debuginfo-4.4.59-92.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.59-92.20.2 kernel-obs-build-debugsource-4.4.59-92.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.59-92.20.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.59-92.20.2 kernel-default-base-4.4.59-92.20.2 kernel-default-base-debuginfo-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 kernel-default-devel-4.4.59-92.20.2 kernel-syms-4.4.59-92.20.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.59-92.20.2 kernel-macros-4.4.59-92.20.2 kernel-source-4.4.59-92.20.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.59-92.20.2 kernel-default-base-4.4.59-92.20.2 kernel-default-base-debuginfo-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 kernel-default-devel-4.4.59-92.20.2 kernel-syms-4.4.59-92.20.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.59-92.20.2 kernel-macros-4.4.59-92.20.2 kernel-source-4.4.59-92.20.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_20-default-1-2.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.59-92.20.2 cluster-md-kmp-default-debuginfo-4.4.59-92.20.2 cluster-network-kmp-default-4.4.59-92.20.2 cluster-network-kmp-default-debuginfo-4.4.59-92.20.2 dlm-kmp-default-4.4.59-92.20.2 dlm-kmp-default-debuginfo-4.4.59-92.20.2 gfs2-kmp-default-4.4.59-92.20.2 gfs2-kmp-default-debuginfo-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 ocfs2-kmp-default-4.4.59-92.20.2 ocfs2-kmp-default-debuginfo-4.4.59-92.20.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 kernel-default-devel-4.4.59-92.20.2 kernel-default-extra-4.4.59-92.20.2 kernel-default-extra-debuginfo-4.4.59-92.20.2 kernel-syms-4.4.59-92.20.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.59-92.20.2 kernel-macros-4.4.59-92.20.2 kernel-source-4.4.59-92.20.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.59-92.20.2 kernel-default-debuginfo-4.4.59-92.20.2 kernel-default-debugsource-4.4.59-92.20.2 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1037384 https://bugzilla.suse.com/1039348 From sle-security-updates at lists.suse.com Mon Jun 19 13:15:28 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:15:28 +0200 (CEST) Subject: SUSE-SU-2017:1618-1: critical: Security update for the Linux Kernel Message-ID: <20170619191528.75056101CB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1618-1 Rating: critical References: #1039348 #1042292 Cross-References: CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: netfilter: A use-after-free was fixed that could cause a kernel panic on a system shutdown. (bsc#1042292) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-995=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-995=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-995=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.77.1 kernel-macros-3.12.61-52.77.1 kernel-source-3.12.61-52.77.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.77.1 kernel-default-base-3.12.61-52.77.1 kernel-default-base-debuginfo-3.12.61-52.77.1 kernel-default-debuginfo-3.12.61-52.77.1 kernel-default-debugsource-3.12.61-52.77.1 kernel-default-devel-3.12.61-52.77.1 kernel-syms-3.12.61-52.77.1 kernel-xen-3.12.61-52.77.1 kernel-xen-base-3.12.61-52.77.1 kernel-xen-base-debuginfo-3.12.61-52.77.1 kernel-xen-debuginfo-3.12.61-52.77.1 kernel-xen-debugsource-3.12.61-52.77.1 kernel-xen-devel-3.12.61-52.77.1 kgraft-patch-3_12_61-52_77-default-1-4.1 kgraft-patch-3_12_61-52_77-xen-1-4.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.77.1 kernel-default-base-3.12.61-52.77.1 kernel-default-base-debuginfo-3.12.61-52.77.1 kernel-default-debuginfo-3.12.61-52.77.1 kernel-default-debugsource-3.12.61-52.77.1 kernel-default-devel-3.12.61-52.77.1 kernel-syms-3.12.61-52.77.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.77.1 kernel-xen-base-3.12.61-52.77.1 kernel-xen-base-debuginfo-3.12.61-52.77.1 kernel-xen-debuginfo-3.12.61-52.77.1 kernel-xen-debugsource-3.12.61-52.77.1 kernel-xen-devel-3.12.61-52.77.1 kgraft-patch-3_12_61-52_77-default-1-4.1 kgraft-patch-3_12_61-52_77-xen-1-4.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.77.1 kernel-macros-3.12.61-52.77.1 kernel-source-3.12.61-52.77.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.77.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.77.1 kernel-ec2-debuginfo-3.12.61-52.77.1 kernel-ec2-debugsource-3.12.61-52.77.1 kernel-ec2-devel-3.12.61-52.77.1 kernel-ec2-extra-3.12.61-52.77.1 kernel-ec2-extra-debuginfo-3.12.61-52.77.1 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1042292 From sle-security-updates at lists.suse.com Mon Jun 19 13:16:10 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 19 Jun 2017 21:16:10 +0200 (CEST) Subject: SUSE-SU-2017:1619-1: important: Security update for glibc Message-ID: <20170619191610.A967D101CB@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1619-1 Rating: important References: #1039357 #1040043 Cross-References: CVE-2017-1000366 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-990=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-990=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-990=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-990=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-990=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-static-2.22-61.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): glibc-info-2.22-61.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): glibc-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-2.22-61.3 glibc-devel-debuginfo-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 glibc-profile-2.22-61.3 nscd-2.22-61.3 nscd-debuginfo-2.22-61.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): glibc-html-2.22-61.3 glibc-i18ndata-2.22-61.3 glibc-info-2.22-61.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): glibc-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-2.22-61.3 glibc-devel-debuginfo-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 glibc-profile-2.22-61.3 nscd-2.22-61.3 nscd-debuginfo-2.22-61.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): glibc-html-2.22-61.3 glibc-i18ndata-2.22-61.3 glibc-info-2.22-61.3 - SUSE Linux Enterprise Server 12-SP2 (x86_64): glibc-32bit-2.22-61.3 glibc-debuginfo-32bit-2.22-61.3 glibc-devel-32bit-2.22-61.3 glibc-devel-debuginfo-32bit-2.22-61.3 glibc-locale-32bit-2.22-61.3 glibc-locale-debuginfo-32bit-2.22-61.3 glibc-profile-32bit-2.22-61.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): glibc-i18ndata-2.22-61.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): glibc-2.22-61.3 glibc-32bit-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debuginfo-32bit-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-devel-2.22-61.3 glibc-devel-32bit-2.22-61.3 glibc-devel-debuginfo-2.22-61.3 glibc-devel-debuginfo-32bit-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-32bit-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 glibc-locale-debuginfo-32bit-2.22-61.3 nscd-2.22-61.3 nscd-debuginfo-2.22-61.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glibc-2.22-61.3 glibc-debuginfo-2.22-61.3 glibc-debugsource-2.22-61.3 glibc-locale-2.22-61.3 glibc-locale-debuginfo-2.22-61.3 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1039357 https://bugzilla.suse.com/1040043 From sle-security-updates at lists.suse.com Mon Jun 19 19:09:24 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Jun 2017 03:09:24 +0200 (CEST) Subject: SUSE-SU-2017:1621-1: important: Security update for glibc Message-ID: <20170620010924.65993101CB@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1621-1 Rating: important References: #1039357 Cross-References: CVE-2017-1000366 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-13158=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-13158=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-glibc-13158=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-13158=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-13158=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-13158=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.109.1 glibc-devel-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.109.1 glibc-i18ndata-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 glibc-locale-2.11.3-17.109.1 glibc-profile-2.11.3-17.109.1 nscd-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.109.1 glibc-devel-32bit-2.11.3-17.109.1 glibc-locale-32bit-2.11.3-17.109.1 glibc-profile-32bit-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.109.1 glibc-profile-x86-2.11.3-17.109.1 glibc-x86-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.109.1 glibc-devel-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.109.1 glibc-i18ndata-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 glibc-locale-2.11.3-17.109.1 glibc-profile-2.11.3-17.109.1 nscd-2.11.3-17.109.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.109.1 glibc-devel-32bit-2.11.3-17.109.1 glibc-locale-32bit-2.11.3-17.109.1 glibc-profile-32bit-2.11.3-17.109.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.109.1 glibc-devel-2.11.3-17.109.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.109.1 glibc-i18ndata-2.11.3-17.109.1 glibc-info-2.11.3-17.109.1 glibc-locale-2.11.3-17.109.1 glibc-profile-2.11.3-17.109.1 nscd-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.109.1 glibc-debugsource-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.109.1 glibc-debugsource-2.11.3-17.109.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.109.1 References: https://www.suse.com/security/cve/CVE-2017-1000366.html https://bugzilla.suse.com/1039357 From sle-security-updates at lists.suse.com Tue Jun 20 04:11:35 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Jun 2017 12:11:35 +0200 (CEST) Subject: SUSE-SU-2017:1622-1: important: Security update for openvpn Message-ID: <20170620101135.7AC85101C9@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1622-1 Rating: important References: #1038709 #1038711 #1038713 #995374 Cross-References: CVE-2016-6329 CVE-2017-7478 CVE-2017-7479 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for openvpn fixes the following issues: - CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374) - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709) - CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711) - Hardening measures found by internal audit (bsc#1038713) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-998=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-998=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-998=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openvpn-2.3.8-16.14.1 openvpn-auth-pam-plugin-2.3.8-16.14.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): openvpn-2.3.8-16.14.1 openvpn-auth-pam-plugin-2.3.8-16.14.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openvpn-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 References: https://www.suse.com/security/cve/CVE-2016-6329.html https://www.suse.com/security/cve/CVE-2017-7478.html https://www.suse.com/security/cve/CVE-2017-7479.html https://bugzilla.suse.com/1038709 https://bugzilla.suse.com/1038711 https://bugzilla.suse.com/1038713 https://bugzilla.suse.com/995374 From sle-security-updates at lists.suse.com Tue Jun 20 10:10:00 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Jun 2017 18:10:00 +0200 (CEST) Subject: SUSE-SU-2017:1626-1: important: Security update for sudo Message-ID: <20170620161000.448B4101C8@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1626-1 Rating: important References: #1034560 #1042146 Cross-References: CVE-2017-1000368 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146) Also the following non security bug was fixed: - Link the "system_group" plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1002=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1002=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1002=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1002=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1002=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 sudo-devel-1.8.10p3-10.10.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): sudo-1.8.10p3-10.10.2 sudo-debuginfo-1.8.10p3-10.10.2 sudo-debugsource-1.8.10p3-10.10.2 References: https://www.suse.com/security/cve/CVE-2017-1000368.html https://bugzilla.suse.com/1034560 https://bugzilla.suse.com/1042146 From sle-security-updates at lists.suse.com Tue Jun 20 10:10:43 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 20 Jun 2017 18:10:43 +0200 (CEST) Subject: SUSE-SU-2017:1627-1: important: Security update for sudo Message-ID: <20170620161043.78FCB101C9@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1627-1 Rating: important References: #1034560 #1042146 Cross-References: CVE-2017-1000368 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following issues: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146) Also the following non security bug was fixed: - Link the "system_group" plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1001=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1001=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1001=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1001=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-2.16.1 sudo-debuginfo-1.8.10p3-2.16.1 sudo-debugsource-1.8.10p3-2.16.1 References: https://www.suse.com/security/cve/CVE-2017-1000368.html https://bugzilla.suse.com/1034560 https://bugzilla.suse.com/1042146 From sle-security-updates at lists.suse.com Tue Jun 20 16:09:16 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Jun 2017 00:09:16 +0200 (CEST) Subject: SUSE-SU-2017:1628-1: critical: Security update for the Linux Kernel Message-ID: <20170620220916.189C3101CB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1628-1 Rating: critical References: #1018074 #1035920 #1039348 #1042921 #1043234 Cross-References: CVE-2017-1000364 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be "jumped over" by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - fnic now returns 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fnic is now using rport->dd_data to check if rport is online instead of rport_lookup (bsc#1035920). - The rport check location in fnic_queuecommand_lck was corrected (bsc#1035920). - xfs: remove patches that caused regression (bsc#1043234). - mm: enlarge stack guard gap (bnc#1039348, CVE-2017-1000364, bnc#1042921). - PCI: Allow access to VPD attributes with size 0 (bsc#1018074). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-13160=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-13160=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13160=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-13160=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-104.7 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-104.2 kernel-default-base-3.0.101-104.2 kernel-default-devel-3.0.101-104.2 kernel-source-3.0.101-104.2 kernel-syms-3.0.101-104.2 kernel-trace-3.0.101-104.2 kernel-trace-base-3.0.101-104.2 kernel-trace-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-104.2 kernel-ec2-base-3.0.101-104.2 kernel-ec2-devel-3.0.101-104.2 kernel-xen-3.0.101-104.2 kernel-xen-base-3.0.101-104.2 kernel-xen-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-104.2 kernel-bigmem-base-3.0.101-104.2 kernel-bigmem-devel-3.0.101-104.2 kernel-ppc64-3.0.101-104.2 kernel-ppc64-base-3.0.101-104.2 kernel-ppc64-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-104.2 kernel-pae-base-3.0.101-104.2 kernel-pae-devel-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-104.2 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-104.2 kernel-default-debugsource-3.0.101-104.2 kernel-trace-debuginfo-3.0.101-104.2 kernel-trace-debugsource-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-104.2 kernel-trace-devel-debuginfo-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-104.2 kernel-ec2-debugsource-3.0.101-104.2 kernel-xen-debuginfo-3.0.101-104.2 kernel-xen-debugsource-3.0.101-104.2 kernel-xen-devel-debuginfo-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-104.2 kernel-bigmem-debugsource-3.0.101-104.2 kernel-ppc64-debuginfo-3.0.101-104.2 kernel-ppc64-debugsource-3.0.101-104.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-104.2 kernel-pae-debugsource-3.0.101-104.2 kernel-pae-devel-debuginfo-3.0.101-104.2 References: https://www.suse.com/security/cve/CVE-2017-1000364.html https://bugzilla.suse.com/1018074 https://bugzilla.suse.com/1035920 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1042921 https://bugzilla.suse.com/1043234 From sle-security-updates at lists.suse.com Wed Jun 21 04:10:05 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Jun 2017 12:10:05 +0200 (CEST) Subject: SUSE-SU-2017:1632-1: important: Security update for tomcat6 Message-ID: <20170621101005.32FFF101C9@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1632-1 Rating: important References: #1007853 #1007854 #1007855 #1007857 #1007858 #1011805 #1011812 #1015119 #1033448 #1036642 #988489 Cross-References: CVE-2016-0762 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for tomcat6 fixes the following issues: Tomcat was updated to version 6.0.53: The full changelog is: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Security issues fixed: - CVE-2017-5647: A bug in the handling of pipelined requests could lead to information disclosure (bsc#1036642) - CVE-2016-8745: Regression in the error handling methods could lead to information disclosure (bsc#1015119) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-6796: Manager Bypass (bsc#1007858) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5388: an arbitrary HTTP_PROXY environment variable might allow remote attackers to redirect outbound HTTP traffic (bsc#988489) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tomcat6-13162=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-tomcat6-13162=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tomcat6-13162=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): tomcat6-6.0.53-0.56.1 tomcat6-admin-webapps-6.0.53-0.56.1 tomcat6-docs-webapp-6.0.53-0.56.1 tomcat6-javadoc-6.0.53-0.56.1 tomcat6-jsp-2_1-api-6.0.53-0.56.1 tomcat6-lib-6.0.53-0.56.1 tomcat6-servlet-2_5-api-6.0.53-0.56.1 tomcat6-webapps-6.0.53-0.56.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): tomcat6-6.0.53-0.56.1 tomcat6-admin-webapps-6.0.53-0.56.1 tomcat6-docs-webapp-6.0.53-0.56.1 tomcat6-javadoc-6.0.53-0.56.1 tomcat6-jsp-2_1-api-6.0.53-0.56.1 tomcat6-lib-6.0.53-0.56.1 tomcat6-servlet-2_5-api-6.0.53-0.56.1 tomcat6-webapps-6.0.53-0.56.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): tomcat6-6.0.53-0.56.1 tomcat6-admin-webapps-6.0.53-0.56.1 tomcat6-docs-webapp-6.0.53-0.56.1 tomcat6-javadoc-6.0.53-0.56.1 tomcat6-jsp-2_1-api-6.0.53-0.56.1 tomcat6-lib-6.0.53-0.56.1 tomcat6-servlet-2_5-api-6.0.53-0.56.1 tomcat6-webapps-6.0.53-0.56.1 References: https://www.suse.com/security/cve/CVE-2016-0762.html https://www.suse.com/security/cve/CVE-2016-5018.html https://www.suse.com/security/cve/CVE-2016-5388.html https://www.suse.com/security/cve/CVE-2016-6794.html https://www.suse.com/security/cve/CVE-2016-6796.html https://www.suse.com/security/cve/CVE-2016-6797.html https://www.suse.com/security/cve/CVE-2016-6816.html https://www.suse.com/security/cve/CVE-2016-8735.html https://www.suse.com/security/cve/CVE-2016-8745.html https://www.suse.com/security/cve/CVE-2017-5647.html https://bugzilla.suse.com/1007853 https://bugzilla.suse.com/1007854 https://bugzilla.suse.com/1007855 https://bugzilla.suse.com/1007857 https://bugzilla.suse.com/1007858 https://bugzilla.suse.com/1011805 https://bugzilla.suse.com/1011812 https://bugzilla.suse.com/1015119 https://bugzilla.suse.com/1033448 https://bugzilla.suse.com/1036642 https://bugzilla.suse.com/988489 From sle-security-updates at lists.suse.com Wed Jun 21 10:11:05 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:11:05 +0200 (CEST) Subject: SUSE-SU-2017:1635-1: important: Security update for openvpn Message-ID: <20170621161105.3F01D101CA@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1635-1 Rating: important References: #1044947 Cross-References: CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openvpn fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a (quite inefficient) DoS attack on the server. [bsc#1044947, CVE-2017-7521] - The ASN1 parsing code contained a bug that could have resulted in some buffers being free()d twice, and this issue could have potentially been triggered remotely by a VPN peer. [bsc#1044947, CVE-2017-7521] - If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker between client and proxy could cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory was likely to contain the proxy password. If the proxy password had not been reused, this was unlikely to compromise the security of the OpenVPN tunnel itself. Clients who did not use the --http-proxy option with ntlm2 authentication were not affected. [bsc#1044947, CVE-2017-7520] - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1011=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1011=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1011=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1011=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1011=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1011=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1011=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1011=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openvpn-2.3.8-16.17.1 openvpn-auth-pam-plugin-2.3.8-16.17.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openvpn-2.3.8-16.17.1 openvpn-debuginfo-2.3.8-16.17.1 openvpn-debugsource-2.3.8-16.17.1 References: https://www.suse.com/security/cve/CVE-2017-7508.html https://www.suse.com/security/cve/CVE-2017-7520.html https://www.suse.com/security/cve/CVE-2017-7521.html https://bugzilla.suse.com/1044947 From sle-security-updates at lists.suse.com Wed Jun 21 10:17:16 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 21 Jun 2017 18:17:16 +0200 (CEST) Subject: SUSE-SU-2017:1642-1: important: Security update for openvpn Message-ID: <20170621161716.80A2C101C9@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1642-1 Rating: important References: #1044947 Cross-References: CVE-2017-7508 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvpn fixes the following issues: - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openvpn-13166=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openvpn-13166=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openvpn-13166=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openvpn-13166=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openvpn-13166=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openvpn-2.0.9-143.46.1 openvpn-auth-pam-plugin-2.0.9-143.46.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): openvpn-2.0.9-143.46.1 openvpn-auth-pam-plugin-2.0.9-143.46.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openvpn-2.0.9-143.46.1 openvpn-auth-pam-plugin-2.0.9-143.46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openvpn-debuginfo-2.0.9-143.46.1 openvpn-debugsource-2.0.9-143.46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openvpn-debuginfo-2.0.9-143.46.1 openvpn-debugsource-2.0.9-143.46.1 References: https://www.suse.com/security/cve/CVE-2017-7508.html https://bugzilla.suse.com/1044947 From sle-security-updates at lists.suse.com Fri Jun 23 07:09:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Jun 2017 15:09:54 +0200 (CEST) Subject: SUSE-SU-2017:1660-1: important: Security update for tomcat Message-ID: <20170623130954.B78D1101CC@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1660-1 Rating: important References: #1007853 #1007854 #1007855 #1007857 #1007858 #1011805 #1011812 #1015119 #1033447 #1033448 #986359 #988489 Cross-References: CVE-2016-0762 CVE-2016-3092 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 CVE-2017-5648 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: Tomcat was updated to version 7.0.78, fixing various bugs and security issues. For full details see https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2016-0762: A realm timing attack in tomcat was fixed which could disclose existence of users (bsc#1007854) - CVE-2016-3092: Usage of vulnerable FileUpload package could have resulted in denial of service (bsc#986359) - CVE-2016-5018: A security manager bypass via a Tomcat utility method that was accessible to web applications was fixed. (bsc#1007855) - CVE-2016-5388: Setting HTTP_PROXY environment variable via Proxy header (bsc#988489) - CVE-2016-6794: A tomcat system property disclosure was fixed. (bsc#1007857) - CVE-2016-6796: A tomcat security manager bypass via manipulation of the configuration parameters for the JSP Servlet. (bsc#1007858) - CVE-2016-6797: A tomcat unrestricted access to global resources via ResourceLinkFactory was fixed. (bsc#1007853) - CVE-2016-6816: A HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests was fixed. (bsc#1011812) - CVE-2016-8735: A Remote code execution vulnerability in JmxRemoteLifecycleListener was fixed (bsc#1011805) - CVE-2016-8745: A Tomcat Information Disclosure in the error handling of send file code for the NIO HTTP connector was fixed. (bsc#1015119) - CVE-2017-5647: A tomcat information disclosure in pipelined request processing was fixed. (bsc#1033448) - CVE-2017-5648: A tomcat information disclosure due to using incorrect facade objects was fixed (bsc#1033447) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1027=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1027=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): tomcat-7.0.78-7.13.4 tomcat-admin-webapps-7.0.78-7.13.4 tomcat-docs-webapp-7.0.78-7.13.4 tomcat-el-2_2-api-7.0.78-7.13.4 tomcat-javadoc-7.0.78-7.13.4 tomcat-jsp-2_2-api-7.0.78-7.13.4 tomcat-lib-7.0.78-7.13.4 tomcat-servlet-3_0-api-7.0.78-7.13.4 tomcat-webapps-7.0.78-7.13.4 - SUSE Linux Enterprise Server 12-LTSS (noarch): tomcat-7.0.78-7.13.4 tomcat-admin-webapps-7.0.78-7.13.4 tomcat-docs-webapp-7.0.78-7.13.4 tomcat-el-2_2-api-7.0.78-7.13.4 tomcat-javadoc-7.0.78-7.13.4 tomcat-jsp-2_2-api-7.0.78-7.13.4 tomcat-lib-7.0.78-7.13.4 tomcat-servlet-3_0-api-7.0.78-7.13.4 tomcat-webapps-7.0.78-7.13.4 References: https://www.suse.com/security/cve/CVE-2016-0762.html https://www.suse.com/security/cve/CVE-2016-3092.html https://www.suse.com/security/cve/CVE-2016-5018.html https://www.suse.com/security/cve/CVE-2016-5388.html https://www.suse.com/security/cve/CVE-2016-6794.html https://www.suse.com/security/cve/CVE-2016-6796.html https://www.suse.com/security/cve/CVE-2016-6797.html https://www.suse.com/security/cve/CVE-2016-6816.html https://www.suse.com/security/cve/CVE-2016-8735.html https://www.suse.com/security/cve/CVE-2016-8745.html https://www.suse.com/security/cve/CVE-2017-5647.html https://www.suse.com/security/cve/CVE-2017-5648.html https://bugzilla.suse.com/1007853 https://bugzilla.suse.com/1007854 https://bugzilla.suse.com/1007855 https://bugzilla.suse.com/1007857 https://bugzilla.suse.com/1007858 https://bugzilla.suse.com/1011805 https://bugzilla.suse.com/1011812 https://bugzilla.suse.com/1015119 https://bugzilla.suse.com/1033447 https://bugzilla.suse.com/1033448 https://bugzilla.suse.com/986359 https://bugzilla.suse.com/988489 From sle-security-updates at lists.suse.com Fri Jun 23 07:11:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Jun 2017 15:11:40 +0200 (CEST) Subject: SUSE-SU-2017:1661-1: moderate: Security update for openssh-openssl1 Message-ID: <20170623131140.186CC101CC@maintenance.suse.de> SUSE Security Update: Security update for openssh-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1661-1 Rating: moderate References: #1005480 #1005893 #1006221 #1016366 #1016369 Cross-References: CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for openssh-openssl1 fixes the following issues: - Properly verify CIDR masks in configuration (bsc#1005893) - CVE-2016-10009: limit directories for loading PKCS11 modules (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssh-openssl1-13169=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openssh-openssl1-6.6p1-18.1 openssh-openssl1-helpers-6.6p1-18.1 References: https://www.suse.com/security/cve/CVE-2016-10009.html https://www.suse.com/security/cve/CVE-2016-10011.html https://www.suse.com/security/cve/CVE-2016-8858.html https://bugzilla.suse.com/1005480 https://bugzilla.suse.com/1005893 https://bugzilla.suse.com/1006221 https://bugzilla.suse.com/1016366 https://bugzilla.suse.com/1016369 From sle-security-updates at lists.suse.com Fri Jun 23 10:10:48 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Jun 2017 18:10:48 +0200 (CEST) Subject: SUSE-SU-2017:1662-1: moderate: Security update for php5 Message-ID: <20170623161048.7BE1A101C9@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1662-1 Rating: moderate References: #1035111 #1040883 #1040889 #1040891 Cross-References: CVE-2016-6294 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for php5 fixes the following security issues: - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). - CVE-2017-9227: A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. (bsc#1040883) - CVE-2017-9226: A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. (bsc#1040889) - CVE-2017-9224: A stack out-of-bounds read occurs in match_at() during regular expression searching. (bsc#1040891) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1030=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1030=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-108.1 php5-debugsource-5.5.14-108.1 php5-devel-5.5.14-108.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-108.1 apache2-mod_php5-debuginfo-5.5.14-108.1 php5-5.5.14-108.1 php5-bcmath-5.5.14-108.1 php5-bcmath-debuginfo-5.5.14-108.1 php5-bz2-5.5.14-108.1 php5-bz2-debuginfo-5.5.14-108.1 php5-calendar-5.5.14-108.1 php5-calendar-debuginfo-5.5.14-108.1 php5-ctype-5.5.14-108.1 php5-ctype-debuginfo-5.5.14-108.1 php5-curl-5.5.14-108.1 php5-curl-debuginfo-5.5.14-108.1 php5-dba-5.5.14-108.1 php5-dba-debuginfo-5.5.14-108.1 php5-debuginfo-5.5.14-108.1 php5-debugsource-5.5.14-108.1 php5-dom-5.5.14-108.1 php5-dom-debuginfo-5.5.14-108.1 php5-enchant-5.5.14-108.1 php5-enchant-debuginfo-5.5.14-108.1 php5-exif-5.5.14-108.1 php5-exif-debuginfo-5.5.14-108.1 php5-fastcgi-5.5.14-108.1 php5-fastcgi-debuginfo-5.5.14-108.1 php5-fileinfo-5.5.14-108.1 php5-fileinfo-debuginfo-5.5.14-108.1 php5-fpm-5.5.14-108.1 php5-fpm-debuginfo-5.5.14-108.1 php5-ftp-5.5.14-108.1 php5-ftp-debuginfo-5.5.14-108.1 php5-gd-5.5.14-108.1 php5-gd-debuginfo-5.5.14-108.1 php5-gettext-5.5.14-108.1 php5-gettext-debuginfo-5.5.14-108.1 php5-gmp-5.5.14-108.1 php5-gmp-debuginfo-5.5.14-108.1 php5-iconv-5.5.14-108.1 php5-iconv-debuginfo-5.5.14-108.1 php5-imap-5.5.14-108.1 php5-imap-debuginfo-5.5.14-108.1 php5-intl-5.5.14-108.1 php5-intl-debuginfo-5.5.14-108.1 php5-json-5.5.14-108.1 php5-json-debuginfo-5.5.14-108.1 php5-ldap-5.5.14-108.1 php5-ldap-debuginfo-5.5.14-108.1 php5-mbstring-5.5.14-108.1 php5-mbstring-debuginfo-5.5.14-108.1 php5-mcrypt-5.5.14-108.1 php5-mcrypt-debuginfo-5.5.14-108.1 php5-mysql-5.5.14-108.1 php5-mysql-debuginfo-5.5.14-108.1 php5-odbc-5.5.14-108.1 php5-odbc-debuginfo-5.5.14-108.1 php5-opcache-5.5.14-108.1 php5-opcache-debuginfo-5.5.14-108.1 php5-openssl-5.5.14-108.1 php5-openssl-debuginfo-5.5.14-108.1 php5-pcntl-5.5.14-108.1 php5-pcntl-debuginfo-5.5.14-108.1 php5-pdo-5.5.14-108.1 php5-pdo-debuginfo-5.5.14-108.1 php5-pgsql-5.5.14-108.1 php5-pgsql-debuginfo-5.5.14-108.1 php5-phar-5.5.14-108.1 php5-phar-debuginfo-5.5.14-108.1 php5-posix-5.5.14-108.1 php5-posix-debuginfo-5.5.14-108.1 php5-pspell-5.5.14-108.1 php5-pspell-debuginfo-5.5.14-108.1 php5-shmop-5.5.14-108.1 php5-shmop-debuginfo-5.5.14-108.1 php5-snmp-5.5.14-108.1 php5-snmp-debuginfo-5.5.14-108.1 php5-soap-5.5.14-108.1 php5-soap-debuginfo-5.5.14-108.1 php5-sockets-5.5.14-108.1 php5-sockets-debuginfo-5.5.14-108.1 php5-sqlite-5.5.14-108.1 php5-sqlite-debuginfo-5.5.14-108.1 php5-suhosin-5.5.14-108.1 php5-suhosin-debuginfo-5.5.14-108.1 php5-sysvmsg-5.5.14-108.1 php5-sysvmsg-debuginfo-5.5.14-108.1 php5-sysvsem-5.5.14-108.1 php5-sysvsem-debuginfo-5.5.14-108.1 php5-sysvshm-5.5.14-108.1 php5-sysvshm-debuginfo-5.5.14-108.1 php5-tokenizer-5.5.14-108.1 php5-tokenizer-debuginfo-5.5.14-108.1 php5-wddx-5.5.14-108.1 php5-wddx-debuginfo-5.5.14-108.1 php5-xmlreader-5.5.14-108.1 php5-xmlreader-debuginfo-5.5.14-108.1 php5-xmlrpc-5.5.14-108.1 php5-xmlrpc-debuginfo-5.5.14-108.1 php5-xmlwriter-5.5.14-108.1 php5-xmlwriter-debuginfo-5.5.14-108.1 php5-xsl-5.5.14-108.1 php5-xsl-debuginfo-5.5.14-108.1 php5-zip-5.5.14-108.1 php5-zip-debuginfo-5.5.14-108.1 php5-zlib-5.5.14-108.1 php5-zlib-debuginfo-5.5.14-108.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-108.1 References: https://www.suse.com/security/cve/CVE-2016-6294.html https://www.suse.com/security/cve/CVE-2017-9224.html https://www.suse.com/security/cve/CVE-2017-9226.html https://www.suse.com/security/cve/CVE-2017-9227.html https://bugzilla.suse.com/1035111 https://bugzilla.suse.com/1040883 https://bugzilla.suse.com/1040889 https://bugzilla.suse.com/1040891 From sle-security-updates at lists.suse.com Fri Jun 23 10:11:35 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Jun 2017 18:11:35 +0200 (CEST) Subject: SUSE-SU-2017:1663-1: moderate: Security update for wireshark Message-ID: <20170623161135.37ECE101CA@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1663-1 Rating: moderate References: #1042298 #1042299 #1042300 #1042301 #1042302 #1042303 #1042304 #1042305 #1042306 #1042307 #1042308 #1042309 Cross-References: CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: The network debugging tool wireshark was updated to version 2.2.7 to fix the following issues: - CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304) - CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303) - CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302) - CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301) - CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300) - CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305) - CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299) - CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298) - CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309) - CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308) - CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307) - CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1031=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1031=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1031=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1031=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.7-47.1 wireshark-debugsource-2.2.7-47.1 wireshark-devel-2.2.7-47.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libwireshark8-2.2.7-47.1 libwireshark8-debuginfo-2.2.7-47.1 libwiretap6-2.2.7-47.1 libwiretap6-debuginfo-2.2.7-47.1 libwscodecs1-2.2.7-47.1 libwscodecs1-debuginfo-2.2.7-47.1 libwsutil7-2.2.7-47.1 libwsutil7-debuginfo-2.2.7-47.1 wireshark-2.2.7-47.1 wireshark-debuginfo-2.2.7-47.1 wireshark-debugsource-2.2.7-47.1 wireshark-gtk-2.2.7-47.1 wireshark-gtk-debuginfo-2.2.7-47.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libwireshark8-2.2.7-47.1 libwireshark8-debuginfo-2.2.7-47.1 libwiretap6-2.2.7-47.1 libwiretap6-debuginfo-2.2.7-47.1 libwscodecs1-2.2.7-47.1 libwscodecs1-debuginfo-2.2.7-47.1 libwsutil7-2.2.7-47.1 libwsutil7-debuginfo-2.2.7-47.1 wireshark-2.2.7-47.1 wireshark-debuginfo-2.2.7-47.1 wireshark-debugsource-2.2.7-47.1 wireshark-gtk-2.2.7-47.1 wireshark-gtk-debuginfo-2.2.7-47.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libwireshark8-2.2.7-47.1 libwireshark8-debuginfo-2.2.7-47.1 libwiretap6-2.2.7-47.1 libwiretap6-debuginfo-2.2.7-47.1 libwscodecs1-2.2.7-47.1 libwscodecs1-debuginfo-2.2.7-47.1 libwsutil7-2.2.7-47.1 libwsutil7-debuginfo-2.2.7-47.1 wireshark-2.2.7-47.1 wireshark-debuginfo-2.2.7-47.1 wireshark-debugsource-2.2.7-47.1 wireshark-gtk-2.2.7-47.1 wireshark-gtk-debuginfo-2.2.7-47.1 References: https://www.suse.com/security/cve/CVE-2017-9343.html https://www.suse.com/security/cve/CVE-2017-9344.html https://www.suse.com/security/cve/CVE-2017-9345.html https://www.suse.com/security/cve/CVE-2017-9346.html https://www.suse.com/security/cve/CVE-2017-9347.html https://www.suse.com/security/cve/CVE-2017-9348.html https://www.suse.com/security/cve/CVE-2017-9349.html https://www.suse.com/security/cve/CVE-2017-9350.html https://www.suse.com/security/cve/CVE-2017-9351.html https://www.suse.com/security/cve/CVE-2017-9352.html https://www.suse.com/security/cve/CVE-2017-9353.html https://www.suse.com/security/cve/CVE-2017-9354.html https://bugzilla.suse.com/1042298 https://bugzilla.suse.com/1042299 https://bugzilla.suse.com/1042300 https://bugzilla.suse.com/1042301 https://bugzilla.suse.com/1042302 https://bugzilla.suse.com/1042303 https://bugzilla.suse.com/1042304 https://bugzilla.suse.com/1042305 https://bugzilla.suse.com/1042306 https://bugzilla.suse.com/1042307 https://bugzilla.suse.com/1042308 https://bugzilla.suse.com/1042309 From sle-security-updates at lists.suse.com Fri Jun 23 10:13:12 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 23 Jun 2017 18:13:12 +0200 (CEST) Subject: SUSE-SU-2017:1664-1: moderate: Security update for wireshark Message-ID: <20170623161312.C191F101C9@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1664-1 Rating: moderate References: #1042298 #1042299 #1042300 #1042301 #1042302 #1042303 #1042304 #1042305 #1042306 #1042307 #1042308 #1042309 Cross-References: CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: The network analysis tool wireshark was updated to version 2.0.13 to fix the following issues: * CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304) * CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303) * CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302) * CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301) * CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300) * CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305) * CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299) * CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298) * CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309) * CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308) * CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307) * CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13170=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13170=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13170=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-2.0.13-39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): wireshark-2.0.13-39.1 wireshark-gtk-2.0.13-39.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-2.0.13-39.1 wireshark-gtk-2.0.13-39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-2.0.13-39.1 wireshark-debugsource-2.0.13-39.1 References: https://www.suse.com/security/cve/CVE-2017-9343.html https://www.suse.com/security/cve/CVE-2017-9344.html https://www.suse.com/security/cve/CVE-2017-9345.html https://www.suse.com/security/cve/CVE-2017-9346.html https://www.suse.com/security/cve/CVE-2017-9347.html https://www.suse.com/security/cve/CVE-2017-9348.html https://www.suse.com/security/cve/CVE-2017-9349.html https://www.suse.com/security/cve/CVE-2017-9350.html https://www.suse.com/security/cve/CVE-2017-9351.html https://www.suse.com/security/cve/CVE-2017-9352.html https://www.suse.com/security/cve/CVE-2017-9353.html https://www.suse.com/security/cve/CVE-2017-9354.html https://bugzilla.suse.com/1042298 https://bugzilla.suse.com/1042299 https://bugzilla.suse.com/1042300 https://bugzilla.suse.com/1042301 https://bugzilla.suse.com/1042302 https://bugzilla.suse.com/1042303 https://bugzilla.suse.com/1042304 https://bugzilla.suse.com/1042305 https://bugzilla.suse.com/1042306 https://bugzilla.suse.com/1042307 https://bugzilla.suse.com/1042308 https://bugzilla.suse.com/1042309 From sle-security-updates at lists.suse.com Mon Jun 26 04:10:27 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Jun 2017 12:10:27 +0200 (CEST) Subject: SUSE-SU-2017:1669-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE Message-ID: <20170626101027.82C8DFFD5@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1669-1 Rating: important References: #1035082 #1043960 Cross-References: CVE-2016-10196 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 50 vulnerabilities is now available. Description: The MozillaFirefox was updated to the new ESR 52.2 release, which fixes the following issues (bsc#1043960): * MFSA 2017-16/CVE-2017-7758 Out-of-bounds read in Opus encoder * MFSA 2017-16/CVE-2017-7749 Use-after-free during docshell reloading * MFSA 2017-16/CVE-2017-7751 Use-after-free with content viewer listeners * MFSA 2017-16/CVE-2017-5472 Use-after-free using destroyed node when regenerating trees * MFSA 2017-16/CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 * MFSA 2017-16/CVE-2017-7752 Use-after-free with IME input * MFSA 2017-16/CVE-2017-7750 Use-after-free with track elements * MFSA 2017-16/CVE-2017-7768 32 byte arbitrary file read through Mozilla Maintenance Service * MFSA 2017-16/CVE-2017-7778 Vulnerabilities in the Graphite 2 library * MFSA 2017-16/CVE-2017-7754 Out-of-bounds read in WebGL with ImageInfo object * MFSA 2017-16/CVE-2017-7755 Privilege escalation through Firefox Installer with same directory DLL files * MFSA 2017-16/CVE-2017-7756 Use-after-free and use-after-scope logging XHR header errors * MFSA 2017-16/CVE-2017-7757 Use-after-free in IndexedDB * MFSA 2017-16/CVE-2017-7761 File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application * MFSA 2017-16/CVE-2017-7763 Mac fonts render some unicode characters as spaces * MFSA 2017-16/CVE-2017-7765 Mark of the Web bypass when saving executable files * MFSA 2017-16/CVE-2017-7764 (bmo#1364283, bmo#http://www.unicode.org/reports/tr31/tr31-26 .html#Aspirational_Use_Scripts) Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082) * MFSA 2017-12/CVE-2016-10196 Vulnerabilities in Libevent library * MFSA 2017-12/CVE-2017-5443 Out-of-bounds write during BinHex decoding * MFSA 2017-12/CVE-2017-5429 Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 * MFSA 2017-12/CVE-2017-5464 Memory corruption with accessibility and DOM manipulation * MFSA 2017-12/CVE-2017-5465 Out-of-bounds read in ConvolvePixel * MFSA 2017-12/CVE-2017-5466 Origin confusion when reloading isolated data:text/html URL * MFSA 2017-12/CVE-2017-5467 Memory corruption when drawing Skia content * MFSA 2017-12/CVE-2017-5460 Use-after-free in frame selection * MFSA 2017-12/CVE-2017-5461 Out-of-bounds write in Base64 encoding in NSS * MFSA 2017-12/CVE-2017-5448 Out-of-bounds write in ClearKeyDecryptor * MFSA 2017-12/CVE-2017-5449 Crash during bidirectional unicode manipulation with animation * MFSA 2017-12/CVE-2017-5446 Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data * MFSA 2017-12/CVE-2017-5447 Out-of-bounds read during glyph processing * MFSA 2017-12/CVE-2017-5444 Buffer overflow while parsing application/http-index-format content * MFSA 2017-12/CVE-2017-5445 Uninitialized values used while parsing application/http- index-format content * MFSA 2017-12/CVE-2017-5442 Use-after-free during style changes * MFSA 2017-12/CVE-2017-5469 Potential Buffer overflow in flex-generated code * MFSA 2017-12/CVE-2017-5440 Use-after-free in txExecutionState destructor during XSLT processing * MFSA 2017-12/CVE-2017-5441 Use-after-free with selection during scroll events * MFSA 2017-12/CVE-2017-5439 Use-after-free in nsTArray Length() during XSLT processing * MFSA 2017-12/CVE-2017-5438 Use-after-free in nsAutoPtr during XSLT processing * MFSA 2017-12/CVE-2017-5436 Out-of-bounds write with malicious font in Graphite 2 * MFSA 2017-12/CVE-2017-5435 Use-after-free during transaction processing in the editor * MFSA 2017-12/CVE-2017-5434 Use-after-free during focus handling * MFSA 2017-12/CVE-2017-5433 Use-after-free in SMIL animation functions * MFSA 2017-12/CVE-2017-5432 Use-after-free in text input selection * MFSA 2017-12/CVE-2017-5430 Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 * MFSA 2017-12/CVE-2017-5459 Buffer overflow in WebGL * MFSA 2017-12/CVE-2017-5462 DRBG flaw in NSS * MFSA 2017-12/CVE-2017-5455 Sandbox escape through internal feed reader APIs * MFSA 2017-12/CVE-2017-5454 Sandbox escape allowing file system read access through file picker * MFSA 2017-12/CVE-2017-5456 Sandbox escape allowing local file system access * MFSA 2017-12/CVE-2017-5451 Addressbar spoofing with onblur event Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1035=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1035=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1035=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1035=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1035=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1035=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1035=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1035=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1035=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-devel-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-52.2.0esr-108.3 MozillaFirefox-branding-SLE-52-31.1 MozillaFirefox-debuginfo-52.2.0esr-108.3 MozillaFirefox-debugsource-52.2.0esr-108.3 MozillaFirefox-translations-52.2.0esr-108.3 References: https://www.suse.com/security/cve/CVE-2016-10196.html https://www.suse.com/security/cve/CVE-2017-5429.html https://www.suse.com/security/cve/CVE-2017-5430.html https://www.suse.com/security/cve/CVE-2017-5432.html https://www.suse.com/security/cve/CVE-2017-5433.html https://www.suse.com/security/cve/CVE-2017-5434.html https://www.suse.com/security/cve/CVE-2017-5435.html https://www.suse.com/security/cve/CVE-2017-5436.html https://www.suse.com/security/cve/CVE-2017-5438.html https://www.suse.com/security/cve/CVE-2017-5439.html https://www.suse.com/security/cve/CVE-2017-5440.html https://www.suse.com/security/cve/CVE-2017-5441.html https://www.suse.com/security/cve/CVE-2017-5442.html https://www.suse.com/security/cve/CVE-2017-5443.html https://www.suse.com/security/cve/CVE-2017-5444.html https://www.suse.com/security/cve/CVE-2017-5445.html https://www.suse.com/security/cve/CVE-2017-5446.html https://www.suse.com/security/cve/CVE-2017-5447.html https://www.suse.com/security/cve/CVE-2017-5448.html https://www.suse.com/security/cve/CVE-2017-5449.html https://www.suse.com/security/cve/CVE-2017-5451.html https://www.suse.com/security/cve/CVE-2017-5454.html https://www.suse.com/security/cve/CVE-2017-5455.html https://www.suse.com/security/cve/CVE-2017-5456.html https://www.suse.com/security/cve/CVE-2017-5459.html https://www.suse.com/security/cve/CVE-2017-5460.html https://www.suse.com/security/cve/CVE-2017-5461.html https://www.suse.com/security/cve/CVE-2017-5462.html https://www.suse.com/security/cve/CVE-2017-5464.html https://www.suse.com/security/cve/CVE-2017-5465.html https://www.suse.com/security/cve/CVE-2017-5466.html https://www.suse.com/security/cve/CVE-2017-5467.html https://www.suse.com/security/cve/CVE-2017-5469.html https://www.suse.com/security/cve/CVE-2017-5470.html https://www.suse.com/security/cve/CVE-2017-5472.html https://www.suse.com/security/cve/CVE-2017-7749.html https://www.suse.com/security/cve/CVE-2017-7750.html https://www.suse.com/security/cve/CVE-2017-7751.html https://www.suse.com/security/cve/CVE-2017-7752.html https://www.suse.com/security/cve/CVE-2017-7754.html https://www.suse.com/security/cve/CVE-2017-7755.html https://www.suse.com/security/cve/CVE-2017-7756.html https://www.suse.com/security/cve/CVE-2017-7757.html https://www.suse.com/security/cve/CVE-2017-7758.html https://www.suse.com/security/cve/CVE-2017-7761.html https://www.suse.com/security/cve/CVE-2017-7763.html https://www.suse.com/security/cve/CVE-2017-7764.html https://www.suse.com/security/cve/CVE-2017-7765.html https://www.suse.com/security/cve/CVE-2017-7768.html https://www.suse.com/security/cve/CVE-2017-7778.html https://bugzilla.suse.com/1035082 https://bugzilla.suse.com/1043960 From sle-security-updates at lists.suse.com Mon Jun 26 04:11:15 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Jun 2017 12:11:15 +0200 (CEST) Subject: SUSE-SU-2017:1670-1: moderate: Security update for libxml2 Message-ID: <20170626101115.59973FFD5@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1670-1 Rating: moderate References: #1024989 #1044337 Cross-References: CVE-2017-0663 CVE-2017-5969 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1036=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1036=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1036=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1036=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1036=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-42.1 libxml2-devel-2.9.4-42.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxml2-2-2.9.4-42.1 libxml2-2-debuginfo-2.9.4-42.1 libxml2-debugsource-2.9.4-42.1 libxml2-tools-2.9.4-42.1 libxml2-tools-debuginfo-2.9.4-42.1 python-libxml2-2.9.4-42.1 python-libxml2-debuginfo-2.9.4-42.1 python-libxml2-debugsource-2.9.4-42.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libxml2-doc-2.9.4-42.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libxml2-2-2.9.4-42.1 libxml2-2-debuginfo-2.9.4-42.1 libxml2-debugsource-2.9.4-42.1 libxml2-tools-2.9.4-42.1 libxml2-tools-debuginfo-2.9.4-42.1 python-libxml2-2.9.4-42.1 python-libxml2-debuginfo-2.9.4-42.1 python-libxml2-debugsource-2.9.4-42.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libxml2-2-32bit-2.9.4-42.1 libxml2-2-debuginfo-32bit-2.9.4-42.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): libxml2-doc-2.9.4-42.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libxml2-2-2.9.4-42.1 libxml2-2-32bit-2.9.4-42.1 libxml2-2-debuginfo-2.9.4-42.1 libxml2-2-debuginfo-32bit-2.9.4-42.1 libxml2-debugsource-2.9.4-42.1 libxml2-tools-2.9.4-42.1 libxml2-tools-debuginfo-2.9.4-42.1 python-libxml2-2.9.4-42.1 python-libxml2-debuginfo-2.9.4-42.1 python-libxml2-debugsource-2.9.4-42.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libxml2-2-2.9.4-42.1 libxml2-2-debuginfo-2.9.4-42.1 libxml2-debugsource-2.9.4-42.1 References: https://www.suse.com/security/cve/CVE-2017-0663.html https://www.suse.com/security/cve/CVE-2017-5969.html https://bugzilla.suse.com/1024989 https://bugzilla.suse.com/1044337 From sle-security-updates at lists.suse.com Mon Jun 26 04:11:53 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Jun 2017 12:11:53 +0200 (CEST) Subject: SUSE-SU-2017:1671-1: moderate: Security update for cairo Message-ID: <20170626101153.5A296FFD6@maintenance.suse.de> SUSE Security Update: Security update for cairo ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1671-1 Rating: moderate References: #1007255 #1036789 Cross-References: CVE-2016-9082 CVE-2017-7475 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for cairo fixes the following issues: - CVE-2017-7475: Fixed a segfault in get_bitmap_surface due to malformed font (bsc#1036789). - CVE-2016-9082: fix a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1034=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1034=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1034=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1034=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): cairo-debugsource-1.15.2-24.1 cairo-devel-1.15.2-24.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): cairo-debugsource-1.15.2-24.1 libcairo-gobject2-1.15.2-24.1 libcairo-gobject2-debuginfo-1.15.2-24.1 libcairo-script-interpreter2-1.15.2-24.1 libcairo-script-interpreter2-debuginfo-1.15.2-24.1 libcairo2-1.15.2-24.1 libcairo2-debuginfo-1.15.2-24.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): cairo-debugsource-1.15.2-24.1 libcairo-gobject2-1.15.2-24.1 libcairo-gobject2-debuginfo-1.15.2-24.1 libcairo-script-interpreter2-1.15.2-24.1 libcairo-script-interpreter2-debuginfo-1.15.2-24.1 libcairo2-1.15.2-24.1 libcairo2-debuginfo-1.15.2-24.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libcairo-gobject2-32bit-1.15.2-24.1 libcairo-gobject2-debuginfo-32bit-1.15.2-24.1 libcairo2-32bit-1.15.2-24.1 libcairo2-debuginfo-32bit-1.15.2-24.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): cairo-debugsource-1.15.2-24.1 libcairo-gobject2-1.15.2-24.1 libcairo-gobject2-32bit-1.15.2-24.1 libcairo-gobject2-debuginfo-1.15.2-24.1 libcairo-gobject2-debuginfo-32bit-1.15.2-24.1 libcairo-script-interpreter2-1.15.2-24.1 libcairo-script-interpreter2-debuginfo-1.15.2-24.1 libcairo2-1.15.2-24.1 libcairo2-32bit-1.15.2-24.1 libcairo2-debuginfo-1.15.2-24.1 libcairo2-debuginfo-32bit-1.15.2-24.1 References: https://www.suse.com/security/cve/CVE-2016-9082.html https://www.suse.com/security/cve/CVE-2017-7475.html https://bugzilla.suse.com/1007255 https://bugzilla.suse.com/1036789 From sle-security-updates at lists.suse.com Mon Jun 26 07:12:34 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Jun 2017 15:12:34 +0200 (CEST) Subject: SUSE-SU-2017:1672-1: moderate: Security update for poppler Message-ID: <20170626131234.6E7C2FFD8@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1672-1 Rating: moderate References: #1040170 #1042803 Cross-References: CVE-2017-9083 CVE-2017-9406 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for poppler fixes the following issues: - CVE-2017-9406: Fixed a memory leak that occurred while parsing invalid XRef attributes (bsc#1042803). - CVE-2017-9083: Fixed a memory leak that occurred when the parser tried to recover from a broken input file. (bsc#1040170) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1038=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1038=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1038=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpoppler44-0.24.4-14.3.1 libpoppler44-debuginfo-0.24.4-14.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpoppler44-0.24.4-14.3.1 libpoppler44-debuginfo-0.24.4-14.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpoppler44-0.24.4-14.3.1 libpoppler44-debuginfo-0.24.4-14.3.1 References: https://www.suse.com/security/cve/CVE-2017-9083.html https://www.suse.com/security/cve/CVE-2017-9406.html https://bugzilla.suse.com/1040170 https://bugzilla.suse.com/1042803 From sle-security-updates at lists.suse.com Mon Jun 26 07:13:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Jun 2017 15:13:56 +0200 (CEST) Subject: SUSE-SU-2017:1675-1: moderate: Security update for xorg-x11-server Message-ID: <20170626131356.4FAA4FFD5@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1675-1 Rating: moderate References: #1019649 #1021803 #1025029 #1025035 #1025084 #1025985 #1032509 #1039042 Cross-References: CVE-2017-2624 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update for xorg-x11-server provides the following fixes: - Remove unused function with use-after-free issue. (bsc#1025035) - Use arc4random to generate cookies. (bsc#1025084) - Prevent timing attack against MIT cookie. (bsc#1025029, CVE-2017-2624) - XDrawArc performance improvement. (bsc#1019649) - Re-enable indirect GLX by default. (bsc#1039042) - Add IndirectGLX ServerFlags option which allows users to enable or disable indirect GLX. (bsc#1032509) - Fix dashing in GLAMOR. (bsc#1021803) - Fix X server crash on drawing dashed lines. (bsc#1025985) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1037=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1037=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1037=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1037=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.18.3-71.1 xorg-x11-server-debugsource-7.6_1.18.3-71.1 xorg-x11-server-sdk-7.6_1.18.3-71.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): xorg-x11-server-7.6_1.18.3-71.1 xorg-x11-server-debuginfo-7.6_1.18.3-71.1 xorg-x11-server-debugsource-7.6_1.18.3-71.1 xorg-x11-server-extra-7.6_1.18.3-71.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-71.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): xorg-x11-server-7.6_1.18.3-71.1 xorg-x11-server-debuginfo-7.6_1.18.3-71.1 xorg-x11-server-debugsource-7.6_1.18.3-71.1 xorg-x11-server-extra-7.6_1.18.3-71.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-71.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xorg-x11-server-7.6_1.18.3-71.1 xorg-x11-server-debuginfo-7.6_1.18.3-71.1 xorg-x11-server-debugsource-7.6_1.18.3-71.1 xorg-x11-server-extra-7.6_1.18.3-71.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-71.1 References: https://www.suse.com/security/cve/CVE-2017-2624.html https://bugzilla.suse.com/1019649 https://bugzilla.suse.com/1021803 https://bugzilla.suse.com/1025029 https://bugzilla.suse.com/1025035 https://bugzilla.suse.com/1025084 https://bugzilla.suse.com/1025985 https://bugzilla.suse.com/1032509 https://bugzilla.suse.com/1039042 From sle-security-updates at lists.suse.com Mon Jun 26 10:11:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Jun 2017 18:11:56 +0200 (CEST) Subject: SUSE-SU-2017:1690-1: moderate: Security update for postgresql94 Message-ID: <20170626161156.5B4ADFFD5@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1690-1 Rating: moderate References: #1037603 #1037624 #1038293 Cross-References: CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for postgresql94 to 9.4.12 fixes the following issues: Upstream changelogs: - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed: * CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. * CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) * CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12: * Build corruption with CREATE INDEX CONCURRENTLY * Fixes for visibility and write-ahead-log stability Changes in version 9.4.10: * Fix WAL-logging of truncation of relation free space maps and visibility maps * Fix incorrect creation of GIN index WAL records on big-endian machines * Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction * Fix EvalPlanQual rechecks involving CTE scans * Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1039=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1039=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1039=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1039=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): postgresql94-devel-9.4.12-20.1 postgresql94-devel-debuginfo-9.4.12-20.1 postgresql94-libs-debugsource-9.4.12-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): postgresql94-9.4.12-20.1 postgresql94-contrib-9.4.12-20.1 postgresql94-contrib-debuginfo-9.4.12-20.1 postgresql94-debuginfo-9.4.12-20.1 postgresql94-debugsource-9.4.12-20.1 postgresql94-server-9.4.12-20.1 postgresql94-server-debuginfo-9.4.12-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): postgresql94-docs-9.4.12-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): postgresql94-9.4.12-20.1 postgresql94-contrib-9.4.12-20.1 postgresql94-contrib-debuginfo-9.4.12-20.1 postgresql94-debuginfo-9.4.12-20.1 postgresql94-debugsource-9.4.12-20.1 postgresql94-server-9.4.12-20.1 postgresql94-server-debuginfo-9.4.12-20.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): postgresql94-docs-9.4.12-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): postgresql94-9.4.12-20.1 postgresql94-debuginfo-9.4.12-20.1 postgresql94-debugsource-9.4.12-20.1 References: https://www.suse.com/security/cve/CVE-2017-7484.html https://www.suse.com/security/cve/CVE-2017-7485.html https://www.suse.com/security/cve/CVE-2017-7486.html https://bugzilla.suse.com/1037603 https://bugzilla.suse.com/1037624 https://bugzilla.suse.com/1038293 From sle-security-updates at lists.suse.com Mon Jun 26 10:15:35 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 26 Jun 2017 18:15:35 +0200 (CEST) Subject: SUSE-SU-2017:1696-1: important: Security update for kernel-source Message-ID: <20170626161535.D6682FFD8@maintenance.suse.de> SUSE Security Update: Security update for kernel-source ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1696-1 Rating: important References: #1045340 #1045406 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Linux kernel update for SUSE Linux Enterprise 11 SP4 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-13172=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-13172=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-13172=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-13172=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-107.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-107.1 kernel-default-base-3.0.101-107.1 kernel-default-devel-3.0.101-107.1 kernel-source-3.0.101-107.1 kernel-syms-3.0.101-107.1 kernel-trace-3.0.101-107.1 kernel-trace-base-3.0.101-107.1 kernel-trace-devel-3.0.101-107.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-107.1 kernel-ec2-base-3.0.101-107.1 kernel-ec2-devel-3.0.101-107.1 kernel-xen-3.0.101-107.1 kernel-xen-base-3.0.101-107.1 kernel-xen-devel-3.0.101-107.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-107.1 kernel-bigmem-base-3.0.101-107.1 kernel-bigmem-devel-3.0.101-107.1 kernel-ppc64-3.0.101-107.1 kernel-ppc64-base-3.0.101-107.1 kernel-ppc64-devel-3.0.101-107.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-107.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-107.1 kernel-pae-base-3.0.101-107.1 kernel-pae-devel-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-107.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-107.1 kernel-default-debugsource-3.0.101-107.1 kernel-trace-debuginfo-3.0.101-107.1 kernel-trace-debugsource-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-107.1 kernel-trace-devel-debuginfo-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-107.1 kernel-ec2-debugsource-3.0.101-107.1 kernel-xen-debuginfo-3.0.101-107.1 kernel-xen-debugsource-3.0.101-107.1 kernel-xen-devel-debuginfo-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-107.1 kernel-bigmem-debugsource-3.0.101-107.1 kernel-ppc64-debuginfo-3.0.101-107.1 kernel-ppc64-debugsource-3.0.101-107.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-107.1 kernel-pae-debugsource-3.0.101-107.1 kernel-pae-devel-debuginfo-3.0.101-107.1 References: https://bugzilla.suse.com/1045340 https://bugzilla.suse.com/1045406 From sle-security-updates at lists.suse.com Mon Jun 26 16:10:24 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Jun 2017 00:10:24 +0200 (CEST) Subject: SUSE-SU-2017:1699-1: moderate: Security update for cobbler Message-ID: <20170626221024.65BE4FFD6@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1699-1 Rating: moderate References: #1030582 Cross-References: CVE-2016-9605 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cobbler fixes the following issues: - CVE-2016-9605: A directory traversal problem in the fix script endpoint was fixed that could be used to leak file content. (bsc#1030582) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-1048=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1048=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (noarch): koan-2.6.6-48.1 - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-48.1 References: https://www.suse.com/security/cve/CVE-2016-9605.html https://bugzilla.suse.com/1030582 From sle-security-updates at lists.suse.com Mon Jun 26 16:11:16 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Jun 2017 00:11:16 +0200 (CEST) Subject: SUSE-SU-2017:1701-1: important: Security update for jakarta-taglibs-standard Message-ID: <20170626221116.03302FFD6@maintenance.suse.de> SUSE Security Update: Security update for jakarta-taglibs-standard ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1701-1 Rating: important References: #920813 Cross-References: CVE-2015-0254 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-jakarta-taglibs-standard-13173=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): jakarta-taglibs-standard-1.1.1-234.31.1 jakarta-taglibs-standard-javadoc-1.1.1-234.31.1 References: https://www.suse.com/security/cve/CVE-2015-0254.html https://bugzilla.suse.com/920813 From sle-security-updates at lists.suse.com Tue Jun 27 07:10:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Jun 2017 15:10:44 +0200 (CEST) Subject: SUSE-SU-2017:1704-1: important: Security update for the Linux kernel Message-ID: <20170627131044.B7F91FFD8@maintenance.suse.de> SUSE Security Update: Security update for the Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1704-1 Rating: important References: #1045340 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Linux kernel update for SUSE Linux Enterprise 12 SP1 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1050=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1050=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1050=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1050=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.48.1 kernel-macros-3.12.74-60.64.48.1 kernel-source-3.12.74-60.64.48.1 - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.48.1 kernel-default-base-3.12.74-60.64.48.1 kernel-default-base-debuginfo-3.12.74-60.64.48.1 kernel-default-debuginfo-3.12.74-60.64.48.1 kernel-default-debugsource-3.12.74-60.64.48.1 kernel-default-devel-3.12.74-60.64.48.1 kernel-syms-3.12.74-60.64.48.1 kernel-xen-3.12.74-60.64.48.1 kernel-xen-base-3.12.74-60.64.48.1 kernel-xen-base-debuginfo-3.12.74-60.64.48.1 kernel-xen-debuginfo-3.12.74-60.64.48.1 kernel-xen-debugsource-3.12.74-60.64.48.1 kernel-xen-devel-3.12.74-60.64.48.1 kgraft-patch-3_12_74-60_64_48-default-1-2.1 kgraft-patch-3_12_74-60_64_48-xen-1-2.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.48.1 kernel-default-base-3.12.74-60.64.48.1 kernel-default-base-debuginfo-3.12.74-60.64.48.1 kernel-default-debuginfo-3.12.74-60.64.48.1 kernel-default-debugsource-3.12.74-60.64.48.1 kernel-default-devel-3.12.74-60.64.48.1 kernel-syms-3.12.74-60.64.48.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.48.1 kernel-macros-3.12.74-60.64.48.1 kernel-source-3.12.74-60.64.48.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.48.1 kernel-xen-base-3.12.74-60.64.48.1 kernel-xen-base-debuginfo-3.12.74-60.64.48.1 kernel-xen-debuginfo-3.12.74-60.64.48.1 kernel-xen-debugsource-3.12.74-60.64.48.1 kernel-xen-devel-3.12.74-60.64.48.1 kgraft-patch-3_12_74-60_64_48-default-1-2.1 kgraft-patch-3_12_74-60_64_48-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.48.1 kernel-default-base-3.12.74-60.64.48.1 kernel-default-base-debuginfo-3.12.74-60.64.48.1 kernel-default-debuginfo-3.12.74-60.64.48.1 kernel-default-debugsource-3.12.74-60.64.48.1 kernel-default-devel-3.12.74-60.64.48.1 kernel-syms-3.12.74-60.64.48.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.48.1 kernel-macros-3.12.74-60.64.48.1 kernel-source-3.12.74-60.64.48.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.48.1 kernel-xen-base-3.12.74-60.64.48.1 kernel-xen-base-debuginfo-3.12.74-60.64.48.1 kernel-xen-debuginfo-3.12.74-60.64.48.1 kernel-xen-debugsource-3.12.74-60.64.48.1 kernel-xen-devel-3.12.74-60.64.48.1 kgraft-patch-3_12_74-60_64_48-default-1-2.1 kgraft-patch-3_12_74-60_64_48-xen-1-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.48.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.48.1 kernel-ec2-debuginfo-3.12.74-60.64.48.1 kernel-ec2-debugsource-3.12.74-60.64.48.1 kernel-ec2-devel-3.12.74-60.64.48.1 kernel-ec2-extra-3.12.74-60.64.48.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.48.1 References: https://bugzilla.suse.com/1045340 From sle-security-updates at lists.suse.com Tue Jun 27 13:09:28 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Jun 2017 21:09:28 +0200 (CEST) Subject: SUSE-SU-2017:1705-1: moderate: Security update for freeradius-server Message-ID: <20170627190928.305FCFFD9@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1705-1 Rating: moderate References: #1027243 #1041445 Cross-References: CVE-2017-9148 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for freeradius-server fixes the following issues: Security issue fixed: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (bsc#1041445) Non security issue fixed: - Fix case insensitive matching in compiled regular expressions (bsc#1027243) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1056=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1056=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1056=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.3-17.4.1 freeradius-server-debugsource-3.0.3-17.4.1 freeradius-server-devel-3.0.3-17.4.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): freeradius-server-3.0.3-17.4.1 freeradius-server-debuginfo-3.0.3-17.4.1 freeradius-server-debugsource-3.0.3-17.4.1 freeradius-server-doc-3.0.3-17.4.1 freeradius-server-krb5-3.0.3-17.4.1 freeradius-server-krb5-debuginfo-3.0.3-17.4.1 freeradius-server-ldap-3.0.3-17.4.1 freeradius-server-ldap-debuginfo-3.0.3-17.4.1 freeradius-server-libs-3.0.3-17.4.1 freeradius-server-libs-debuginfo-3.0.3-17.4.1 freeradius-server-mysql-3.0.3-17.4.1 freeradius-server-mysql-debuginfo-3.0.3-17.4.1 freeradius-server-perl-3.0.3-17.4.1 freeradius-server-perl-debuginfo-3.0.3-17.4.1 freeradius-server-postgresql-3.0.3-17.4.1 freeradius-server-postgresql-debuginfo-3.0.3-17.4.1 freeradius-server-python-3.0.3-17.4.1 freeradius-server-python-debuginfo-3.0.3-17.4.1 freeradius-server-sqlite-3.0.3-17.4.1 freeradius-server-sqlite-debuginfo-3.0.3-17.4.1 freeradius-server-utils-3.0.3-17.4.1 freeradius-server-utils-debuginfo-3.0.3-17.4.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): freeradius-server-3.0.3-17.4.1 freeradius-server-debuginfo-3.0.3-17.4.1 freeradius-server-debugsource-3.0.3-17.4.1 freeradius-server-doc-3.0.3-17.4.1 freeradius-server-krb5-3.0.3-17.4.1 freeradius-server-krb5-debuginfo-3.0.3-17.4.1 freeradius-server-ldap-3.0.3-17.4.1 freeradius-server-ldap-debuginfo-3.0.3-17.4.1 freeradius-server-libs-3.0.3-17.4.1 freeradius-server-libs-debuginfo-3.0.3-17.4.1 freeradius-server-mysql-3.0.3-17.4.1 freeradius-server-mysql-debuginfo-3.0.3-17.4.1 freeradius-server-perl-3.0.3-17.4.1 freeradius-server-perl-debuginfo-3.0.3-17.4.1 freeradius-server-postgresql-3.0.3-17.4.1 freeradius-server-postgresql-debuginfo-3.0.3-17.4.1 freeradius-server-python-3.0.3-17.4.1 freeradius-server-python-debuginfo-3.0.3-17.4.1 freeradius-server-sqlite-3.0.3-17.4.1 freeradius-server-sqlite-debuginfo-3.0.3-17.4.1 freeradius-server-utils-3.0.3-17.4.1 freeradius-server-utils-debuginfo-3.0.3-17.4.1 References: https://www.suse.com/security/cve/CVE-2017-9148.html https://bugzilla.suse.com/1027243 https://bugzilla.suse.com/1041445 From sle-security-updates at lists.suse.com Tue Jun 27 13:09:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 27 Jun 2017 21:09:58 +0200 (CEST) Subject: SUSE-SU-2017:1706-1: important: Security update for the Linux Kernel Message-ID: <20170627190958.E6CAAFFD9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1706-1 Rating: important References: #1045340 #1045406 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-13178=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-13178=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-13178=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-13178=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.105.1 kernel-default-base-3.0.101-0.47.105.1 kernel-default-devel-3.0.101-0.47.105.1 kernel-source-3.0.101-0.47.105.1 kernel-syms-3.0.101-0.47.105.1 kernel-trace-3.0.101-0.47.105.1 kernel-trace-base-3.0.101-0.47.105.1 kernel-trace-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.105.1 kernel-ec2-base-3.0.101-0.47.105.1 kernel-ec2-devel-3.0.101-0.47.105.1 kernel-xen-3.0.101-0.47.105.1 kernel-xen-base-3.0.101-0.47.105.1 kernel-xen-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.105.1 kernel-bigsmp-base-3.0.101-0.47.105.1 kernel-bigsmp-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.105.1 kernel-pae-base-3.0.101-0.47.105.1 kernel-pae-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.105.1 kernel-trace-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.105.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.105.1 kernel-default-base-3.0.101-0.47.105.1 kernel-default-devel-3.0.101-0.47.105.1 kernel-ec2-3.0.101-0.47.105.1 kernel-ec2-base-3.0.101-0.47.105.1 kernel-ec2-devel-3.0.101-0.47.105.1 kernel-pae-3.0.101-0.47.105.1 kernel-pae-base-3.0.101-0.47.105.1 kernel-pae-devel-3.0.101-0.47.105.1 kernel-source-3.0.101-0.47.105.1 kernel-syms-3.0.101-0.47.105.1 kernel-trace-3.0.101-0.47.105.1 kernel-trace-base-3.0.101-0.47.105.1 kernel-trace-devel-3.0.101-0.47.105.1 kernel-xen-3.0.101-0.47.105.1 kernel-xen-base-3.0.101-0.47.105.1 kernel-xen-devel-3.0.101-0.47.105.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.105.1 kernel-default-debugsource-3.0.101-0.47.105.1 kernel-trace-debuginfo-3.0.101-0.47.105.1 kernel-trace-debugsource-3.0.101-0.47.105.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.105.1 kernel-ec2-debugsource-3.0.101-0.47.105.1 kernel-xen-debuginfo-3.0.101-0.47.105.1 kernel-xen-debugsource-3.0.101-0.47.105.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.105.1 kernel-bigsmp-debugsource-3.0.101-0.47.105.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.105.1 kernel-pae-debugsource-3.0.101-0.47.105.1 References: https://bugzilla.suse.com/1045340 https://bugzilla.suse.com/1045406 From sle-security-updates at lists.suse.com Wed Jun 28 04:10:00 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Jun 2017 12:10:00 +0200 (CEST) Subject: SUSE-SU-2017:1707-1: important: Security update for the Linux kernel Message-ID: <20170628101000.7F06FFFD9@maintenance.suse.de> SUSE Security Update: Security update for the Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1707-1 Rating: important References: #1045340 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Linux kernel update for SUSE Linux Enterprise 12 SP2 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1058=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1058=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1058=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1058=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1058=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1058=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1058=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1058=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 kernel-default-extra-4.4.59-92.24.2 kernel-default-extra-debuginfo-4.4.59-92.24.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.59-92.24.2 kernel-obs-build-debugsource-4.4.59-92.24.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.59-92.24.5 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.59-92.24.2 kernel-default-base-4.4.59-92.24.2 kernel-default-base-debuginfo-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 kernel-default-devel-4.4.59-92.24.2 kernel-syms-4.4.59-92.24.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.59-92.24.2 kernel-macros-4.4.59-92.24.2 kernel-source-4.4.59-92.24.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.59-92.24.2 kernel-default-base-4.4.59-92.24.2 kernel-default-base-debuginfo-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 kernel-default-devel-4.4.59-92.24.2 kernel-syms-4.4.59-92.24.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.59-92.24.2 kernel-macros-4.4.59-92.24.2 kernel-source-4.4.59-92.24.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_24-default-1-2.3 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.59-92.24.2 cluster-md-kmp-default-debuginfo-4.4.59-92.24.2 cluster-network-kmp-default-4.4.59-92.24.2 cluster-network-kmp-default-debuginfo-4.4.59-92.24.2 dlm-kmp-default-4.4.59-92.24.2 dlm-kmp-default-debuginfo-4.4.59-92.24.2 gfs2-kmp-default-4.4.59-92.24.2 gfs2-kmp-default-debuginfo-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 ocfs2-kmp-default-4.4.59-92.24.2 ocfs2-kmp-default-debuginfo-4.4.59-92.24.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.59-92.24.2 kernel-macros-4.4.59-92.24.2 kernel-source-4.4.59-92.24.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 kernel-default-devel-4.4.59-92.24.2 kernel-default-extra-4.4.59-92.24.2 kernel-default-extra-debuginfo-4.4.59-92.24.2 kernel-syms-4.4.59-92.24.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.59-92.24.2 kernel-default-debuginfo-4.4.59-92.24.2 kernel-default-debugsource-4.4.59-92.24.2 References: https://bugzilla.suse.com/1045340 From sle-security-updates at lists.suse.com Wed Jun 28 10:11:14 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 28 Jun 2017 18:11:14 +0200 (CEST) Subject: SUSE-SU-2017:1709-1: important: Security update for php53 Message-ID: <20170628161114.99A17FFD7@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1709-1 Rating: important References: #1031246 #1044976 Cross-References: CVE-2017-7272 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. [bsc#1044976] The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13179=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13179=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13179=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-111.2 php53-imap-5.3.17-111.2 php53-posix-5.3.17-111.2 php53-readline-5.3.17-111.2 php53-sockets-5.3.17-111.2 php53-sqlite-5.3.17-111.2 php53-tidy-5.3.17-111.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-111.2 php53-5.3.17-111.2 php53-bcmath-5.3.17-111.2 php53-bz2-5.3.17-111.2 php53-calendar-5.3.17-111.2 php53-ctype-5.3.17-111.2 php53-curl-5.3.17-111.2 php53-dba-5.3.17-111.2 php53-dom-5.3.17-111.2 php53-exif-5.3.17-111.2 php53-fastcgi-5.3.17-111.2 php53-fileinfo-5.3.17-111.2 php53-ftp-5.3.17-111.2 php53-gd-5.3.17-111.2 php53-gettext-5.3.17-111.2 php53-gmp-5.3.17-111.2 php53-iconv-5.3.17-111.2 php53-intl-5.3.17-111.2 php53-json-5.3.17-111.2 php53-ldap-5.3.17-111.2 php53-mbstring-5.3.17-111.2 php53-mcrypt-5.3.17-111.2 php53-mysql-5.3.17-111.2 php53-odbc-5.3.17-111.2 php53-openssl-5.3.17-111.2 php53-pcntl-5.3.17-111.2 php53-pdo-5.3.17-111.2 php53-pear-5.3.17-111.2 php53-pgsql-5.3.17-111.2 php53-pspell-5.3.17-111.2 php53-shmop-5.3.17-111.2 php53-snmp-5.3.17-111.2 php53-soap-5.3.17-111.2 php53-suhosin-5.3.17-111.2 php53-sysvmsg-5.3.17-111.2 php53-sysvsem-5.3.17-111.2 php53-sysvshm-5.3.17-111.2 php53-tokenizer-5.3.17-111.2 php53-wddx-5.3.17-111.2 php53-xmlreader-5.3.17-111.2 php53-xmlrpc-5.3.17-111.2 php53-xmlwriter-5.3.17-111.2 php53-xsl-5.3.17-111.2 php53-zip-5.3.17-111.2 php53-zlib-5.3.17-111.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-111.2 php53-debugsource-5.3.17-111.2 References: https://www.suse.com/security/cve/CVE-2017-7272.html https://bugzilla.suse.com/1031246 https://bugzilla.suse.com/1044976 From sle-security-updates at lists.suse.com Wed Jun 28 19:09:15 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Jun 2017 03:09:15 +0200 (CEST) Subject: SUSE-SU-2017:1712-1: moderate: Security update for vim Message-ID: <20170629010915.E3CA5FFD9@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1712-1 Rating: moderate References: #1018870 #1024724 #1027053 #1027057 Cross-References: CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for vim fixes the following issues: Security issues fixed: - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed: - Speed up YAML syntax highlighting (bsc#1018870) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1063=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1063=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1063=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1063=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gvim-7.4.326-16.1 gvim-debuginfo-7.4.326-16.1 vim-7.4.326-16.1 vim-debuginfo-7.4.326-16.1 vim-debugsource-7.4.326-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): vim-data-7.4.326-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gvim-7.4.326-16.1 gvim-debuginfo-7.4.326-16.1 vim-7.4.326-16.1 vim-debuginfo-7.4.326-16.1 vim-debugsource-7.4.326-16.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): vim-data-7.4.326-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gvim-7.4.326-16.1 gvim-debuginfo-7.4.326-16.1 vim-7.4.326-16.1 vim-debuginfo-7.4.326-16.1 vim-debugsource-7.4.326-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): vim-data-7.4.326-16.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): vim-7.4.326-16.1 vim-debuginfo-7.4.326-16.1 vim-debugsource-7.4.326-16.1 References: https://www.suse.com/security/cve/CVE-2017-5953.html https://www.suse.com/security/cve/CVE-2017-6349.html https://www.suse.com/security/cve/CVE-2017-6350.html https://bugzilla.suse.com/1018870 https://bugzilla.suse.com/1024724 https://bugzilla.suse.com/1027053 https://bugzilla.suse.com/1027057 From sle-security-updates at lists.suse.com Wed Jun 28 19:10:48 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Jun 2017 03:10:48 +0200 (CEST) Subject: SUSE-SU-2017:1714-1: moderate: Security update for apache2 Message-ID: <20170629011048.7954DFFD9@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1714-1 Rating: moderate References: #1035829 #1041830 #1045060 #1045062 #1045065 Cross-References: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for apache2 provides the following fixes: Security issues fixed: - CVE-2017-3167: In Apache use of httpd ap_get_basic_auth_pw() outside of the authentication phase could lead to authentication requirements bypass (bsc#1045065) - CVE-2017-3169: In mod_ssl may have a dereference NULL pointer issue which could lead to denial of service (bsc#1045062) - CVE-2017-7679: In mod_mime can buffer over-read by 1 byte, potentially leading to a crash or information disclosure (bsc#1045060) Non-Security issues fixed: - Remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade. (bsc#1041830) - In gensslcert, use hostname when fqdn is too long. (bsc#1035829) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1062=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1062=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1062=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-28.1 apache2-debugsource-2.4.23-28.1 apache2-devel-2.4.23-28.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): apache2-2.4.23-28.1 apache2-debuginfo-2.4.23-28.1 apache2-debugsource-2.4.23-28.1 apache2-example-pages-2.4.23-28.1 apache2-prefork-2.4.23-28.1 apache2-prefork-debuginfo-2.4.23-28.1 apache2-utils-2.4.23-28.1 apache2-utils-debuginfo-2.4.23-28.1 apache2-worker-2.4.23-28.1 apache2-worker-debuginfo-2.4.23-28.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): apache2-doc-2.4.23-28.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): apache2-2.4.23-28.1 apache2-debuginfo-2.4.23-28.1 apache2-debugsource-2.4.23-28.1 apache2-example-pages-2.4.23-28.1 apache2-prefork-2.4.23-28.1 apache2-prefork-debuginfo-2.4.23-28.1 apache2-utils-2.4.23-28.1 apache2-utils-debuginfo-2.4.23-28.1 apache2-worker-2.4.23-28.1 apache2-worker-debuginfo-2.4.23-28.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): apache2-doc-2.4.23-28.1 References: https://www.suse.com/security/cve/CVE-2017-3167.html https://www.suse.com/security/cve/CVE-2017-3169.html https://www.suse.com/security/cve/CVE-2017-7679.html https://bugzilla.suse.com/1035829 https://bugzilla.suse.com/1041830 https://bugzilla.suse.com/1045060 https://bugzilla.suse.com/1045062 https://bugzilla.suse.com/1045065 From sle-security-updates at lists.suse.com Thu Jun 29 07:14:46 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Jun 2017 15:14:46 +0200 (CEST) Subject: SUSE-SU-2017:1715-1: important: Security update for xen Message-ID: <20170629131446.E3FDAFFD9@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1715-1 Rating: important References: #1034845 #1037243 #1042160 #1042863 #1042882 #1042893 #1042915 #1042931 #1042938 Cross-References: CVE-2017-8309 CVE-2017-8905 CVE-2017-9330 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 6 fixes is now available. Description: This update for xen fixes the following security issues: - blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863) - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13181=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13181=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-13181=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.102-44.1 xen-libs-4.2.5_21-44.1 xen-tools-domU-4.2.5_21-44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-44.1 xen-doc-html-4.2.5_21-44.1 xen-doc-pdf-4.2.5_21-44.1 xen-libs-32bit-4.2.5_21-44.1 xen-tools-4.2.5_21-44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.102-44.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.102-44.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.102-44.1 xen-libs-4.2.5_21-44.1 xen-tools-domU-4.2.5_21-44.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-44.1 xen-debugsource-4.2.5_21-44.1 References: https://www.suse.com/security/cve/CVE-2017-8309.html https://www.suse.com/security/cve/CVE-2017-8905.html https://www.suse.com/security/cve/CVE-2017-9330.html https://bugzilla.suse.com/1034845 https://bugzilla.suse.com/1037243 https://bugzilla.suse.com/1042160 https://bugzilla.suse.com/1042863 https://bugzilla.suse.com/1042882 https://bugzilla.suse.com/1042893 https://bugzilla.suse.com/1042915 https://bugzilla.suse.com/1042931 https://bugzilla.suse.com/1042938 From sle-security-updates at lists.suse.com Thu Jun 29 10:10:45 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Jun 2017 18:10:45 +0200 (CEST) Subject: SUSE-SU-2017:1716-1: important: Security update for clamav Message-ID: <20170629161045.69B81FFD6@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1716-1 Rating: important References: #1040662 #1045490 Cross-References: CVE-2012-6706 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in libclamunrar (bsc#1045490) Non security issues fixed: - Provide and obsolete clamav-nodb to trigger its removal in openSUSE Leap. (bsc#1040662) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1069=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1069=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1069=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1069=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1069=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1069=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1069=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): clamav-0.99.2-32.1 clamav-debuginfo-0.99.2-32.1 clamav-debugsource-0.99.2-32.1 References: https://www.suse.com/security/cve/CVE-2012-6706.html https://bugzilla.suse.com/1040662 https://bugzilla.suse.com/1045490 From sle-security-updates at lists.suse.com Thu Jun 29 10:11:29 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Jun 2017 18:11:29 +0200 (CEST) Subject: SUSE-SU-2017:1717-1: moderate: Security update for php7 Message-ID: <20170629161129.96E53FFD6@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1717-1 Rating: moderate References: #1032155 #1035111 #1040883 #1040889 #1040891 Cross-References: CVE-2016-6294 CVE-2017-6441 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for php7 fixes the following security issues: - CVE-2017-9224: stack out-of-bounds read occurs in match_at() could lead to Denial of service (bsc#1040891) - CVE-2017-9226: heap out-of-bounds write orread occurs in next_state_val() could lead to Denial of service(bsc#1040889) - CVE-2017-9227: stack out-of-bounds read in mbc_enc_len() could lead to Denial of service (bsc#1040883) - CVE-2017-6441: The _zval_get_long_func_ex in Zend/zend_operators.c in PHP allowed attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script (bsc#1032155). - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1068=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1068=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-49.1 php7-debugsource-7.0.7-49.1 php7-devel-7.0.7-49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-49.1 apache2-mod_php7-debuginfo-7.0.7-49.1 php7-7.0.7-49.1 php7-bcmath-7.0.7-49.1 php7-bcmath-debuginfo-7.0.7-49.1 php7-bz2-7.0.7-49.1 php7-bz2-debuginfo-7.0.7-49.1 php7-calendar-7.0.7-49.1 php7-calendar-debuginfo-7.0.7-49.1 php7-ctype-7.0.7-49.1 php7-ctype-debuginfo-7.0.7-49.1 php7-curl-7.0.7-49.1 php7-curl-debuginfo-7.0.7-49.1 php7-dba-7.0.7-49.1 php7-dba-debuginfo-7.0.7-49.1 php7-debuginfo-7.0.7-49.1 php7-debugsource-7.0.7-49.1 php7-dom-7.0.7-49.1 php7-dom-debuginfo-7.0.7-49.1 php7-enchant-7.0.7-49.1 php7-enchant-debuginfo-7.0.7-49.1 php7-exif-7.0.7-49.1 php7-exif-debuginfo-7.0.7-49.1 php7-fastcgi-7.0.7-49.1 php7-fastcgi-debuginfo-7.0.7-49.1 php7-fileinfo-7.0.7-49.1 php7-fileinfo-debuginfo-7.0.7-49.1 php7-fpm-7.0.7-49.1 php7-fpm-debuginfo-7.0.7-49.1 php7-ftp-7.0.7-49.1 php7-ftp-debuginfo-7.0.7-49.1 php7-gd-7.0.7-49.1 php7-gd-debuginfo-7.0.7-49.1 php7-gettext-7.0.7-49.1 php7-gettext-debuginfo-7.0.7-49.1 php7-gmp-7.0.7-49.1 php7-gmp-debuginfo-7.0.7-49.1 php7-iconv-7.0.7-49.1 php7-iconv-debuginfo-7.0.7-49.1 php7-imap-7.0.7-49.1 php7-imap-debuginfo-7.0.7-49.1 php7-intl-7.0.7-49.1 php7-intl-debuginfo-7.0.7-49.1 php7-json-7.0.7-49.1 php7-json-debuginfo-7.0.7-49.1 php7-ldap-7.0.7-49.1 php7-ldap-debuginfo-7.0.7-49.1 php7-mbstring-7.0.7-49.1 php7-mbstring-debuginfo-7.0.7-49.1 php7-mcrypt-7.0.7-49.1 php7-mcrypt-debuginfo-7.0.7-49.1 php7-mysql-7.0.7-49.1 php7-mysql-debuginfo-7.0.7-49.1 php7-odbc-7.0.7-49.1 php7-odbc-debuginfo-7.0.7-49.1 php7-opcache-7.0.7-49.1 php7-opcache-debuginfo-7.0.7-49.1 php7-openssl-7.0.7-49.1 php7-openssl-debuginfo-7.0.7-49.1 php7-pcntl-7.0.7-49.1 php7-pcntl-debuginfo-7.0.7-49.1 php7-pdo-7.0.7-49.1 php7-pdo-debuginfo-7.0.7-49.1 php7-pgsql-7.0.7-49.1 php7-pgsql-debuginfo-7.0.7-49.1 php7-phar-7.0.7-49.1 php7-phar-debuginfo-7.0.7-49.1 php7-posix-7.0.7-49.1 php7-posix-debuginfo-7.0.7-49.1 php7-pspell-7.0.7-49.1 php7-pspell-debuginfo-7.0.7-49.1 php7-shmop-7.0.7-49.1 php7-shmop-debuginfo-7.0.7-49.1 php7-snmp-7.0.7-49.1 php7-snmp-debuginfo-7.0.7-49.1 php7-soap-7.0.7-49.1 php7-soap-debuginfo-7.0.7-49.1 php7-sockets-7.0.7-49.1 php7-sockets-debuginfo-7.0.7-49.1 php7-sqlite-7.0.7-49.1 php7-sqlite-debuginfo-7.0.7-49.1 php7-sysvmsg-7.0.7-49.1 php7-sysvmsg-debuginfo-7.0.7-49.1 php7-sysvsem-7.0.7-49.1 php7-sysvsem-debuginfo-7.0.7-49.1 php7-sysvshm-7.0.7-49.1 php7-sysvshm-debuginfo-7.0.7-49.1 php7-tokenizer-7.0.7-49.1 php7-tokenizer-debuginfo-7.0.7-49.1 php7-wddx-7.0.7-49.1 php7-wddx-debuginfo-7.0.7-49.1 php7-xmlreader-7.0.7-49.1 php7-xmlreader-debuginfo-7.0.7-49.1 php7-xmlrpc-7.0.7-49.1 php7-xmlrpc-debuginfo-7.0.7-49.1 php7-xmlwriter-7.0.7-49.1 php7-xmlwriter-debuginfo-7.0.7-49.1 php7-xsl-7.0.7-49.1 php7-xsl-debuginfo-7.0.7-49.1 php7-zip-7.0.7-49.1 php7-zip-debuginfo-7.0.7-49.1 php7-zlib-7.0.7-49.1 php7-zlib-debuginfo-7.0.7-49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-49.1 php7-pear-Archive_Tar-7.0.7-49.1 References: https://www.suse.com/security/cve/CVE-2016-6294.html https://www.suse.com/security/cve/CVE-2017-6441.html https://www.suse.com/security/cve/CVE-2017-9224.html https://www.suse.com/security/cve/CVE-2017-9226.html https://www.suse.com/security/cve/CVE-2017-9227.html https://bugzilla.suse.com/1032155 https://bugzilla.suse.com/1035111 https://bugzilla.suse.com/1040883 https://bugzilla.suse.com/1040889 https://bugzilla.suse.com/1040891 From sle-security-updates at lists.suse.com Thu Jun 29 10:12:39 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 29 Jun 2017 18:12:39 +0200 (CEST) Subject: SUSE-SU-2017:1718-1: important: Security update for openvpn-openssl1 Message-ID: <20170629161239.5538AFFD6@maintenance.suse.de> SUSE Security Update: Security update for openvpn-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1718-1 Rating: important References: #1038709 #1038711 #1038713 #1044947 #959511 #988522 Cross-References: CVE-2017-7478 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for openvpn-openssl1 fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a (quite inefficient) DoS attack on the server. [bsc#1044947, CVE-2017-7521] - The ASN1 parsing code contained a bug that could have resulted in some buffers being free()d twice, and this issue could have potentially been triggered remotely by a VPN peer. [bsc#1044947, CVE-2017-7521] - If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker between client and proxy could cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory was likely to contain the proxy password. If the proxy password had not been reused, this was unlikely to compromise the security of the OpenVPN tunnel itself. Clients who did not use the --http-proxy option with ntlm2 authentication were not affected. [bsc#1044947, CVE-2017-7520] - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] - The installed sample configuration file was updated to comply to FIPS requirements. [bsc#988522] - Remedy large latencies on the openVPN server during authentication process. [bsc#959511] - Fix potential denial-of-service attacks found during independent audits. [bsc#1038713, bsc#1038709, CVE-2017-7478, bsc#1038711, CVE-2017-7479] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openvpn-openssl1-13182=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openvpn-openssl1-2.3.2-0.9.1 openvpn-openssl1-down-root-plugin-2.3.2-0.9.1 References: https://www.suse.com/security/cve/CVE-2017-7478.html https://www.suse.com/security/cve/CVE-2017-7479.html https://www.suse.com/security/cve/CVE-2017-7508.html https://www.suse.com/security/cve/CVE-2017-7520.html https://www.suse.com/security/cve/CVE-2017-7521.html https://bugzilla.suse.com/1038709 https://bugzilla.suse.com/1038711 https://bugzilla.suse.com/1038713 https://bugzilla.suse.com/1044947 https://bugzilla.suse.com/959511 https://bugzilla.suse.com/988522 From sle-security-updates at lists.suse.com Thu Jun 29 16:21:04 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 30 Jun 2017 00:21:04 +0200 (CEST) Subject: SUSE-SU-2017:1735-1: important: Security update for the Linux kernel Message-ID: <20170629222104.7D40CFFD9@maintenance.suse.de> SUSE Security Update: Security update for the Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1735-1 Rating: important References: #1045340 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Linux kernel update for SUSE Linux Enterprise 12 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1077=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1077=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1077=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.80.1 kernel-macros-3.12.61-52.80.1 kernel-source-3.12.61-52.80.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.80.1 kernel-default-base-3.12.61-52.80.1 kernel-default-base-debuginfo-3.12.61-52.80.1 kernel-default-debuginfo-3.12.61-52.80.1 kernel-default-debugsource-3.12.61-52.80.1 kernel-default-devel-3.12.61-52.80.1 kernel-syms-3.12.61-52.80.1 kernel-xen-3.12.61-52.80.1 kernel-xen-base-3.12.61-52.80.1 kernel-xen-base-debuginfo-3.12.61-52.80.1 kernel-xen-debuginfo-3.12.61-52.80.1 kernel-xen-debugsource-3.12.61-52.80.1 kernel-xen-devel-3.12.61-52.80.1 kgraft-patch-3_12_61-52_80-default-1-2.1 kgraft-patch-3_12_61-52_80-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.80.1 kernel-default-base-3.12.61-52.80.1 kernel-default-base-debuginfo-3.12.61-52.80.1 kernel-default-debuginfo-3.12.61-52.80.1 kernel-default-debugsource-3.12.61-52.80.1 kernel-default-devel-3.12.61-52.80.1 kernel-syms-3.12.61-52.80.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.80.1 kernel-macros-3.12.61-52.80.1 kernel-source-3.12.61-52.80.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.80.1 kernel-xen-base-3.12.61-52.80.1 kernel-xen-base-debuginfo-3.12.61-52.80.1 kernel-xen-debuginfo-3.12.61-52.80.1 kernel-xen-debugsource-3.12.61-52.80.1 kernel-xen-devel-3.12.61-52.80.1 kgraft-patch-3_12_61-52_80-default-1-2.1 kgraft-patch-3_12_61-52_80-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.80.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.80.1 kernel-ec2-debuginfo-3.12.61-52.80.1 kernel-ec2-debugsource-3.12.61-52.80.1 kernel-ec2-devel-3.12.61-52.80.1 kernel-ec2-extra-3.12.61-52.80.1 kernel-ec2-extra-debuginfo-3.12.61-52.80.1 References: https://bugzilla.suse.com/1045340 From sle-security-updates at lists.suse.com Thu Jun 29 19:09:32 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 30 Jun 2017 03:09:32 +0200 (CEST) Subject: SUSE-SU-2017:1736-1: important: Security update for bind Message-ID: <20170630010932.A877EFFD9@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1736-1 Rating: important References: #1046554 #1046555 Cross-References: CVE-2017-3142 CVE-2017-3143 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1080=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1080=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1080=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1080=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1080=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1080=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1080=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): bind-doc-9.9.9P1-62.1 - SUSE OpenStack Cloud 6 (x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 bind-libs-32bit-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): bind-libs-32bit-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-62.1 bind-chrootenv-9.9.9P1-62.1 bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-devel-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): bind-doc-9.9.9P1-62.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bind-debuginfo-9.9.9P1-62.1 bind-debugsource-9.9.9P1-62.1 bind-libs-32bit-9.9.9P1-62.1 bind-libs-9.9.9P1-62.1 bind-libs-debuginfo-32bit-9.9.9P1-62.1 bind-libs-debuginfo-9.9.9P1-62.1 bind-utils-9.9.9P1-62.1 bind-utils-debuginfo-9.9.9P1-62.1 References: https://www.suse.com/security/cve/CVE-2017-3142.html https://www.suse.com/security/cve/CVE-2017-3143.html https://bugzilla.suse.com/1046554 https://bugzilla.suse.com/1046555 From sle-security-updates at lists.suse.com Thu Jun 29 19:10:12 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 30 Jun 2017 03:10:12 +0200 (CEST) Subject: SUSE-SU-2017:1737-1: important: Security update for bind Message-ID: <20170630011012.A5C89FFD6@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1737-1 Rating: important References: #1046554 #1046555 Cross-References: CVE-2017-3142 CVE-2017-3143 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13185=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13185=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-13185=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-13185=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13185=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-13185=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.50.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.50.1 bind-chrootenv-9.9.6P1-0.50.1 bind-doc-9.9.6P1-0.50.1 bind-libs-9.9.6P1-0.50.1 bind-utils-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.50.1 bind-chrootenv-9.9.6P1-0.50.1 bind-devel-9.9.6P1-0.50.1 bind-doc-9.9.6P1-0.50.1 bind-libs-9.9.6P1-0.50.1 bind-utils-9.9.6P1-0.50.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.50.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.50.1 bind-chrootenv-9.9.6P1-0.50.1 bind-devel-9.9.6P1-0.50.1 bind-doc-9.9.6P1-0.50.1 bind-libs-9.9.6P1-0.50.1 bind-utils-9.9.6P1-0.50.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.50.1 bind-debugsource-9.9.6P1-0.50.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.50.1 bind-debugsource-9.9.6P1-0.50.1 References: https://www.suse.com/security/cve/CVE-2017-3142.html https://www.suse.com/security/cve/CVE-2017-3143.html https://bugzilla.suse.com/1046554 https://bugzilla.suse.com/1046555 From sle-security-updates at lists.suse.com Thu Jun 29 19:10:50 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 30 Jun 2017 03:10:50 +0200 (CEST) Subject: SUSE-SU-2017:1738-1: important: Security update for bind Message-ID: <20170630011050.3A328FFD6@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1738-1 Rating: important References: #1046554 #1046555 Cross-References: CVE-2017-3142 CVE-2017-3143 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1078=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1078=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): bind-doc-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): bind-9.9.9P1-28.37.1 bind-chrootenv-9.9.9P1-28.37.1 bind-debuginfo-9.9.9P1-28.37.1 bind-debugsource-9.9.9P1-28.37.1 bind-devel-9.9.9P1-28.37.1 bind-libs-32bit-9.9.9P1-28.37.1 bind-libs-9.9.9P1-28.37.1 bind-libs-debuginfo-32bit-9.9.9P1-28.37.1 bind-libs-debuginfo-9.9.9P1-28.37.1 bind-utils-9.9.9P1-28.37.1 bind-utils-debuginfo-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.37.1 bind-chrootenv-9.9.9P1-28.37.1 bind-debuginfo-9.9.9P1-28.37.1 bind-debugsource-9.9.9P1-28.37.1 bind-devel-9.9.9P1-28.37.1 bind-libs-9.9.9P1-28.37.1 bind-libs-debuginfo-9.9.9P1-28.37.1 bind-utils-9.9.9P1-28.37.1 bind-utils-debuginfo-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.37.1 bind-libs-debuginfo-32bit-9.9.9P1-28.37.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.37.1 References: https://www.suse.com/security/cve/CVE-2017-3142.html https://www.suse.com/security/cve/CVE-2017-3143.html https://bugzilla.suse.com/1046554 https://bugzilla.suse.com/1046555