From sle-security-updates at lists.suse.com Wed Mar 1 13:07:52 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Mar 2017 21:07:52 +0100 (CET) Subject: SUSE-SU-2017:0585-1: moderate: Security update for openssl Message-ID: <20170301200752.11050FF88@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0585-1 Rating: moderate References: #1000677 #1001912 #1004499 #1005878 #1019334 #1021641 #984663 Cross-References: CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 Affected Products: SUSE Studio Onsite 1.3 SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openssl-12999=1 - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openssl-12999=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-openssl-12999=1 - SUSE Manager 2.1: zypper in -t patch sleman21-openssl-12999=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openssl-12999=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-12999=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssl-12999=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-12999=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-12999=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-12999=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.105.1 - SUSE OpenStack Cloud 5 (x86_64): libopenssl-devel-0.9.8j-0.105.1 libopenssl0_9_8-0.9.8j-0.105.1 libopenssl0_9_8-32bit-0.9.8j-0.105.1 libopenssl0_9_8-hmac-0.9.8j-0.105.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1 openssl-0.9.8j-0.105.1 openssl-doc-0.9.8j-0.105.1 - SUSE Manager Proxy 2.1 (x86_64): libopenssl-devel-0.9.8j-0.105.1 libopenssl0_9_8-0.9.8j-0.105.1 libopenssl0_9_8-32bit-0.9.8j-0.105.1 libopenssl0_9_8-hmac-0.9.8j-0.105.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1 openssl-0.9.8j-0.105.1 openssl-doc-0.9.8j-0.105.1 - SUSE Manager 2.1 (s390x x86_64): libopenssl-devel-0.9.8j-0.105.1 libopenssl0_9_8-0.9.8j-0.105.1 libopenssl0_9_8-32bit-0.9.8j-0.105.1 libopenssl0_9_8-hmac-0.9.8j-0.105.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1 openssl-0.9.8j-0.105.1 openssl-doc-0.9.8j-0.105.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.105.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libopenssl-devel-32bit-0.9.8j-0.105.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.105.1 libopenssl0_9_8-hmac-0.9.8j-0.105.1 openssl-0.9.8j-0.105.1 openssl-doc-0.9.8j-0.105.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.105.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libopenssl0_9_8-x86-0.9.8j-0.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.105.1 libopenssl0_9_8-0.9.8j-0.105.1 libopenssl0_9_8-hmac-0.9.8j-0.105.1 openssl-0.9.8j-0.105.1 openssl-doc-0.9.8j-0.105.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.105.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.105.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.105.1 libopenssl0_9_8-0.9.8j-0.105.1 libopenssl0_9_8-hmac-0.9.8j-0.105.1 openssl-0.9.8j-0.105.1 openssl-doc-0.9.8j-0.105.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.105.1 openssl-debugsource-0.9.8j-0.105.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.105.1 openssl-debugsource-0.9.8j-0.105.1 References: https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-7056.html https://www.suse.com/security/cve/CVE-2016-8610.html https://bugzilla.suse.com/1000677 https://bugzilla.suse.com/1001912 https://bugzilla.suse.com/1004499 https://bugzilla.suse.com/1005878 https://bugzilla.suse.com/1019334 https://bugzilla.suse.com/1021641 https://bugzilla.suse.com/984663 From sle-security-updates at lists.suse.com Wed Mar 1 13:09:25 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Mar 2017 21:09:25 +0100 (CET) Subject: SUSE-SU-2017:0586-1: moderate: Security update for ImageMagick Message-ID: <20170301200925.32FE2FF81@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0586-1 Rating: moderate References: #1017308 #1017310 #1017311 #1017312 #1017313 #1017314 #1017318 #1017319 #1017320 #1017321 #1017322 #1017324 #1017326 #1017421 #1020433 #1020435 #1020436 #1020439 #1020441 #1020443 #1020448 Cross-References: CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5511 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308) - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314). - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320). - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326). - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433). - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435). - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436). - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439). - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-12998=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-12998=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-12998=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.65.1 ImageMagick-devel-6.4.3.6-7.65.1 libMagick++-devel-6.4.3.6-7.65.1 libMagick++1-6.4.3.6-7.65.1 libMagickWand1-6.4.3.6-7.65.1 perl-PerlMagick-6.4.3.6-7.65.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.65.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.65.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.65.1 ImageMagick-debugsource-6.4.3.6-7.65.1 References: https://www.suse.com/security/cve/CVE-2016-10046.html https://www.suse.com/security/cve/CVE-2016-10048.html https://www.suse.com/security/cve/CVE-2016-10049.html https://www.suse.com/security/cve/CVE-2016-10050.html https://www.suse.com/security/cve/CVE-2016-10051.html https://www.suse.com/security/cve/CVE-2016-10052.html https://www.suse.com/security/cve/CVE-2016-10059.html https://www.suse.com/security/cve/CVE-2016-10060.html https://www.suse.com/security/cve/CVE-2016-10063.html https://www.suse.com/security/cve/CVE-2016-10064.html https://www.suse.com/security/cve/CVE-2016-10065.html https://www.suse.com/security/cve/CVE-2016-10068.html https://www.suse.com/security/cve/CVE-2016-10070.html https://www.suse.com/security/cve/CVE-2016-10071.html https://www.suse.com/security/cve/CVE-2016-10144.html https://www.suse.com/security/cve/CVE-2016-10145.html https://www.suse.com/security/cve/CVE-2016-10146.html https://www.suse.com/security/cve/CVE-2017-5506.html https://www.suse.com/security/cve/CVE-2017-5507.html https://www.suse.com/security/cve/CVE-2017-5508.html https://www.suse.com/security/cve/CVE-2017-5511.html https://bugzilla.suse.com/1017308 https://bugzilla.suse.com/1017310 https://bugzilla.suse.com/1017311 https://bugzilla.suse.com/1017312 https://bugzilla.suse.com/1017313 https://bugzilla.suse.com/1017314 https://bugzilla.suse.com/1017318 https://bugzilla.suse.com/1017319 https://bugzilla.suse.com/1017320 https://bugzilla.suse.com/1017321 https://bugzilla.suse.com/1017322 https://bugzilla.suse.com/1017324 https://bugzilla.suse.com/1017326 https://bugzilla.suse.com/1017421 https://bugzilla.suse.com/1020433 https://bugzilla.suse.com/1020435 https://bugzilla.suse.com/1020436 https://bugzilla.suse.com/1020439 https://bugzilla.suse.com/1020441 https://bugzilla.suse.com/1020443 https://bugzilla.suse.com/1020448 From sle-security-updates at lists.suse.com Thu Mar 2 13:08:10 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Mar 2017 21:08:10 +0100 (CET) Subject: SUSE-SU-2017:0594-1: moderate: Security update for bind Message-ID: <20170302200810.48E76FFBF@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0594-1 Rating: moderate References: #1024130 Cross-References: CVE-2017-3135 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-310=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-310=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): bind-9.9.9P1-28.29.1 bind-chrootenv-9.9.9P1-28.29.1 bind-debuginfo-9.9.9P1-28.29.1 bind-debugsource-9.9.9P1-28.29.1 bind-libs-32bit-9.9.9P1-28.29.1 bind-libs-9.9.9P1-28.29.1 bind-libs-debuginfo-32bit-9.9.9P1-28.29.1 bind-libs-debuginfo-9.9.9P1-28.29.1 bind-utils-9.9.9P1-28.29.1 bind-utils-debuginfo-9.9.9P1-28.29.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): bind-doc-9.9.9P1-28.29.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.29.1 bind-chrootenv-9.9.9P1-28.29.1 bind-debuginfo-9.9.9P1-28.29.1 bind-debugsource-9.9.9P1-28.29.1 bind-libs-9.9.9P1-28.29.1 bind-libs-debuginfo-9.9.9P1-28.29.1 bind-utils-9.9.9P1-28.29.1 bind-utils-debuginfo-9.9.9P1-28.29.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.29.1 bind-libs-debuginfo-32bit-9.9.9P1-28.29.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.29.1 References: https://www.suse.com/security/cve/CVE-2017-3135.html https://bugzilla.suse.com/1024130 From sle-security-updates at lists.suse.com Thu Mar 2 13:08:37 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Mar 2017 21:08:37 +0100 (CET) Subject: SUSE-SU-2017:0595-1: moderate: Security update for bind Message-ID: <20170302200837.E49CFFFC6@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0595-1 Rating: moderate References: #1024130 Cross-References: CVE-2017-3135 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-13000=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-13000=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-13000=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-13000=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-13000=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-13000=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-13000=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-13000=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-13000=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.39.1 bind-chrootenv-9.9.6P1-0.39.1 bind-doc-9.9.6P1-0.39.1 bind-libs-32bit-9.9.6P1-0.39.1 bind-libs-9.9.6P1-0.39.1 bind-utils-9.9.6P1-0.39.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.39.1 bind-chrootenv-9.9.6P1-0.39.1 bind-doc-9.9.6P1-0.39.1 bind-libs-32bit-9.9.6P1-0.39.1 bind-libs-9.9.6P1-0.39.1 bind-utils-9.9.6P1-0.39.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.39.1 bind-chrootenv-9.9.6P1-0.39.1 bind-doc-9.9.6P1-0.39.1 bind-libs-32bit-9.9.6P1-0.39.1 bind-libs-9.9.6P1-0.39.1 bind-utils-9.9.6P1-0.39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.39.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.39.1 bind-chrootenv-9.9.6P1-0.39.1 bind-doc-9.9.6P1-0.39.1 bind-libs-9.9.6P1-0.39.1 bind-utils-9.9.6P1-0.39.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.39.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.39.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.39.1 bind-chrootenv-9.9.6P1-0.39.1 bind-doc-9.9.6P1-0.39.1 bind-libs-9.9.6P1-0.39.1 bind-utils-9.9.6P1-0.39.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.39.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.39.1 bind-chrootenv-9.9.6P1-0.39.1 bind-doc-9.9.6P1-0.39.1 bind-libs-9.9.6P1-0.39.1 bind-utils-9.9.6P1-0.39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.39.1 bind-debugsource-9.9.6P1-0.39.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.39.1 bind-debugsource-9.9.6P1-0.39.1 References: https://www.suse.com/security/cve/CVE-2017-3135.html https://bugzilla.suse.com/1024130 From sle-security-updates at lists.suse.com Thu Mar 2 13:09:02 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Mar 2017 21:09:02 +0100 (CET) Subject: SUSE-SU-2017:0596-1: moderate: Security update for bind Message-ID: <20170302200902.6C250FFBF@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0596-1 Rating: moderate References: #1024130 Cross-References: CVE-2017-3135 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-312=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-312=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-312=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-312=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-312=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-312=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-312=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-56.1 bind-debugsource-9.9.9P1-56.1 bind-devel-9.9.9P1-56.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-56.1 bind-debugsource-9.9.9P1-56.1 bind-devel-9.9.9P1-56.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bind-9.9.9P1-56.1 bind-chrootenv-9.9.9P1-56.1 bind-debuginfo-9.9.9P1-56.1 bind-debugsource-9.9.9P1-56.1 bind-libs-9.9.9P1-56.1 bind-libs-debuginfo-9.9.9P1-56.1 bind-utils-9.9.9P1-56.1 bind-utils-debuginfo-9.9.9P1-56.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bind-doc-9.9.9P1-56.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): bind-9.9.9P1-56.1 bind-chrootenv-9.9.9P1-56.1 bind-debuginfo-9.9.9P1-56.1 bind-debugsource-9.9.9P1-56.1 bind-libs-9.9.9P1-56.1 bind-libs-debuginfo-9.9.9P1-56.1 bind-utils-9.9.9P1-56.1 bind-utils-debuginfo-9.9.9P1-56.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-56.1 bind-libs-debuginfo-32bit-9.9.9P1-56.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bind-doc-9.9.9P1-56.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bind-9.9.9P1-56.1 bind-chrootenv-9.9.9P1-56.1 bind-debuginfo-9.9.9P1-56.1 bind-debugsource-9.9.9P1-56.1 bind-libs-9.9.9P1-56.1 bind-libs-debuginfo-9.9.9P1-56.1 bind-utils-9.9.9P1-56.1 bind-utils-debuginfo-9.9.9P1-56.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): bind-libs-32bit-9.9.9P1-56.1 bind-libs-debuginfo-32bit-9.9.9P1-56.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bind-doc-9.9.9P1-56.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bind-debuginfo-9.9.9P1-56.1 bind-debugsource-9.9.9P1-56.1 bind-libs-32bit-9.9.9P1-56.1 bind-libs-9.9.9P1-56.1 bind-libs-debuginfo-32bit-9.9.9P1-56.1 bind-libs-debuginfo-9.9.9P1-56.1 bind-utils-9.9.9P1-56.1 bind-utils-debuginfo-9.9.9P1-56.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bind-debuginfo-9.9.9P1-56.1 bind-debugsource-9.9.9P1-56.1 bind-libs-32bit-9.9.9P1-56.1 bind-libs-9.9.9P1-56.1 bind-libs-debuginfo-32bit-9.9.9P1-56.1 bind-libs-debuginfo-9.9.9P1-56.1 bind-utils-9.9.9P1-56.1 bind-utils-debuginfo-9.9.9P1-56.1 References: https://www.suse.com/security/cve/CVE-2017-3135.html https://bugzilla.suse.com/1024130 From sle-security-updates at lists.suse.com Fri Mar 3 13:07:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Mar 2017 21:07:44 +0100 (CET) Subject: SUSE-SU-2017:0599-1: moderate: Security update for lynx Message-ID: <20170303200744.D8AB3FFD4@maintenance.suse.de> SUSE Security Update: Security update for lynx ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0599-1 Rating: moderate References: #1008642 Cross-References: CVE-2016-9179 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for lynx fixes the following issues: - CVE-2016-9179: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. (bsc#1008642) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-lynx-13003=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-lynx-13003=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): lynx-2.8.6-145.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): lynx-debuginfo-2.8.6-145.1 References: https://www.suse.com/security/cve/CVE-2016-9179.html https://bugzilla.suse.com/1008642 From sle-security-updates at lists.suse.com Fri Mar 3 13:08:29 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Mar 2017 21:08:29 +0100 (CET) Subject: SUSE-SU-2017:0601-1: moderate: Security update for compat-openssl097g Message-ID: <20170303200829.BDB96FFD4@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0601-1 Rating: moderate References: #1000677 #1001912 #1004499 #1005878 #1021641 #995075 #998190 Cross-References: CVE-2016-2108 CVE-2016-8610 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update for compat-openssl097g fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - resume reading from /dev/urandom when interrupted by a signal (bsc#995075) - fix crash in print_notice (bsc#998190) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-compat-openssl097g-13004=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-compat-openssl097g-13004=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (ppc64 x86_64): compat-openssl097g-0.9.7g-146.22.50.1 compat-openssl097g-32bit-0.9.7g-146.22.50.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): compat-openssl097g-debuginfo-0.9.7g-146.22.50.1 compat-openssl097g-debugsource-0.9.7g-146.22.50.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): compat-openssl097g-debuginfo-32bit-0.9.7g-146.22.50.1 References: https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-8610.html https://bugzilla.suse.com/1000677 https://bugzilla.suse.com/1001912 https://bugzilla.suse.com/1004499 https://bugzilla.suse.com/1005878 https://bugzilla.suse.com/1021641 https://bugzilla.suse.com/995075 https://bugzilla.suse.com/998190 From sle-security-updates at lists.suse.com Fri Mar 3 13:10:26 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Mar 2017 21:10:26 +0100 (CET) Subject: SUSE-SU-2017:0603-1: moderate: Security update for openssh Message-ID: <20170303201026.11F10FFD4@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0603-1 Rating: moderate References: #1005480 #1005893 #1006221 #1016366 #1016369 Cross-References: CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) Non security issues fixed: - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-13002=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-13002=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-35.1 openssh-askpass-gnome-6.6p1-35.4 openssh-fips-6.6p1-35.1 openssh-helpers-6.6p1-35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-35.4 openssh-debuginfo-6.6p1-35.1 openssh-debugsource-6.6p1-35.1 References: https://www.suse.com/security/cve/CVE-2016-10009.html https://www.suse.com/security/cve/CVE-2016-10011.html https://www.suse.com/security/cve/CVE-2016-8858.html https://bugzilla.suse.com/1005480 https://bugzilla.suse.com/1005893 https://bugzilla.suse.com/1006221 https://bugzilla.suse.com/1016366 https://bugzilla.suse.com/1016369 From sle-security-updates at lists.suse.com Fri Mar 3 13:13:32 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Mar 2017 21:13:32 +0100 (CET) Subject: SUSE-SU-2017:0605-1: moderate: Security update for compat-openssl098 Message-ID: <20170303201332.4897AFFD4@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0605-1 Rating: moderate References: #1000677 #1001912 #1004499 #1005878 #1019334 #1021641 #984663 Cross-References: CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for compat-openssl098 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2017-319=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-319=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2017-319=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-319=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-319=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): compat-openssl098-debugsource-0.9.8j-105.1 libopenssl0_9_8-0.9.8j-105.1 libopenssl0_9_8-debuginfo-0.9.8j-105.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-105.1 libopenssl0_9_8-0.9.8j-105.1 libopenssl0_9_8-debuginfo-0.9.8j-105.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-105.1 libopenssl0_9_8-0.9.8j-105.1 libopenssl0_9_8-32bit-0.9.8j-105.1 libopenssl0_9_8-debuginfo-0.9.8j-105.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-105.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): compat-openssl098-debugsource-0.9.8j-105.1 libopenssl0_9_8-0.9.8j-105.1 libopenssl0_9_8-32bit-0.9.8j-105.1 libopenssl0_9_8-debuginfo-0.9.8j-105.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-105.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-105.1 libopenssl0_9_8-0.9.8j-105.1 libopenssl0_9_8-32bit-0.9.8j-105.1 libopenssl0_9_8-debuginfo-0.9.8j-105.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-105.1 References: https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-7056.html https://www.suse.com/security/cve/CVE-2016-8610.html https://bugzilla.suse.com/1000677 https://bugzilla.suse.com/1001912 https://bugzilla.suse.com/1004499 https://bugzilla.suse.com/1005878 https://bugzilla.suse.com/1019334 https://bugzilla.suse.com/1021641 https://bugzilla.suse.com/984663 From sle-security-updates at lists.suse.com Mon Mar 6 04:08:34 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Mar 2017 12:08:34 +0100 (CET) Subject: SUSE-SU-2017:0606-1: moderate: Security update for openssh Message-ID: <20170306110834.4A005FFD4@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0606-1 Rating: moderate References: #1005480 #1005893 #1016366 #1016369 Cross-References: CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) Non security issues fixed: - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openssh-13005=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-openssh-13005=1 - SUSE Manager 2.1: zypper in -t patch sleman21-openssh-13005=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssh-13005=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssh-13005=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-13005=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): openssh-6.2p2-0.40.1 openssh-askpass-6.2p2-0.40.1 openssh-askpass-gnome-6.2p2-0.40.3 - SUSE Manager Proxy 2.1 (x86_64): openssh-6.2p2-0.40.1 openssh-askpass-6.2p2-0.40.1 openssh-askpass-gnome-6.2p2-0.40.3 - SUSE Manager 2.1 (s390x x86_64): openssh-6.2p2-0.40.1 openssh-askpass-6.2p2-0.40.1 openssh-askpass-gnome-6.2p2-0.40.3 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): openssh-6.2p2-0.40.1 openssh-askpass-6.2p2-0.40.1 openssh-askpass-gnome-6.2p2-0.40.3 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openssh-6.2p2-0.40.1 openssh-askpass-6.2p2-0.40.1 openssh-askpass-gnome-6.2p2-0.40.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssh-askpass-gnome-debuginfo-6.2p2-0.40.3 openssh-debuginfo-6.2p2-0.40.1 openssh-debugsource-6.2p2-0.40.1 References: https://www.suse.com/security/cve/CVE-2016-10009.html https://www.suse.com/security/cve/CVE-2016-10011.html https://www.suse.com/security/cve/CVE-2016-8858.html https://bugzilla.suse.com/1005480 https://bugzilla.suse.com/1005893 https://bugzilla.suse.com/1016366 https://bugzilla.suse.com/1016369 From sle-security-updates at lists.suse.com Mon Mar 6 07:07:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Mar 2017 15:07:44 +0100 (CET) Subject: SUSE-SU-2017:0607-1: moderate: Security update for openssh Message-ID: <20170306140744.BB812FFD4@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0607-1 Rating: moderate References: #1005480 #1005893 #1006221 #1016366 #1016369 Cross-References: CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - Fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-325=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): openssh-6.6p1-54.7.1 openssh-askpass-gnome-6.6p1-54.7.1 openssh-askpass-gnome-debuginfo-6.6p1-54.7.1 openssh-debuginfo-6.6p1-54.7.1 openssh-debugsource-6.6p1-54.7.1 openssh-fips-6.6p1-54.7.1 openssh-helpers-6.6p1-54.7.1 openssh-helpers-debuginfo-6.6p1-54.7.1 References: https://www.suse.com/security/cve/CVE-2016-10009.html https://www.suse.com/security/cve/CVE-2016-10011.html https://www.suse.com/security/cve/CVE-2016-8858.html https://bugzilla.suse.com/1005480 https://bugzilla.suse.com/1005893 https://bugzilla.suse.com/1006221 https://bugzilla.suse.com/1016366 https://bugzilla.suse.com/1016369 From sle-security-updates at lists.suse.com Mon Mar 6 10:09:48 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Mar 2017 18:09:48 +0100 (CET) Subject: SUSE-SU-2017:0610-1: moderate: Security update for libquicktime Message-ID: <20170306170948.2E8EAFFD7@maintenance.suse.de> SUSE Security Update: Security update for libquicktime ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0610-1 Rating: moderate References: #1022805 Cross-References: CVE-2016-2399 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libquicktime fixes the following issues: - A crafted MP4 file could have caused libquicktime to crash or lead to undefined behaviour (bsc#1022805, CVE-2016-2399) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-326=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-326=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-326=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-326=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-326=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-326=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-326=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libquicktime-debugsource-1.2.4-10.1 libquicktime-devel-1.2.4-10.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libquicktime-debugsource-1.2.4-10.1 libquicktime-devel-1.2.4-10.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libquicktime-debugsource-1.2.4-10.1 libquicktime0-1.2.4-10.1 libquicktime0-debuginfo-1.2.4-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libquicktime-debugsource-1.2.4-10.1 libquicktime0-1.2.4-10.1 libquicktime0-debuginfo-1.2.4-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libquicktime-debugsource-1.2.4-10.1 libquicktime0-1.2.4-10.1 libquicktime0-debuginfo-1.2.4-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libquicktime-debugsource-1.2.4-10.1 libquicktime0-1.2.4-10.1 libquicktime0-debuginfo-1.2.4-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libquicktime-debugsource-1.2.4-10.1 libquicktime0-1.2.4-10.1 libquicktime0-debuginfo-1.2.4-10.1 References: https://www.suse.com/security/cve/CVE-2016-2399.html https://bugzilla.suse.com/1022805 From sle-security-updates at lists.suse.com Tue Mar 7 10:08:28 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Mar 2017 18:08:28 +0100 (CET) Subject: SUSE-SU-2017:0622-1: moderate: Security update for tigervnc Message-ID: <20170307170828.749E9FFE1@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0622-1 Rating: moderate References: #1019274 #1023012 Cross-References: CVE-2016-10207 CVE-2016-9941 CVE-2016-9942 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tigervnc provides the following fixes: - Prevent malicious server from crashing a server via a buffer overflow, a similar flaw as the LibVNCServer issues CVE-2016-9941 and CVE-2016-9942. (bsc#1019274) - CVE-2016-10207: Prevent potential crash due to insufficient clean-up after failure to establish TLS connection. (bsc#1023012) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-335=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-335=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-335=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libXvnc1-1.6.0-16.4 libXvnc1-debuginfo-1.6.0-16.4 tigervnc-1.6.0-16.4 tigervnc-debuginfo-1.6.0-16.4 tigervnc-debugsource-1.6.0-16.4 xorg-x11-Xvnc-1.6.0-16.4 xorg-x11-Xvnc-debuginfo-1.6.0-16.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libXvnc1-1.6.0-16.4 libXvnc1-debuginfo-1.6.0-16.4 tigervnc-1.6.0-16.4 tigervnc-debuginfo-1.6.0-16.4 tigervnc-debugsource-1.6.0-16.4 xorg-x11-Xvnc-1.6.0-16.4 xorg-x11-Xvnc-debuginfo-1.6.0-16.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libXvnc1-1.6.0-16.4 libXvnc1-debuginfo-1.6.0-16.4 tigervnc-1.6.0-16.4 tigervnc-debuginfo-1.6.0-16.4 tigervnc-debugsource-1.6.0-16.4 xorg-x11-Xvnc-1.6.0-16.4 xorg-x11-Xvnc-debuginfo-1.6.0-16.4 References: https://www.suse.com/security/cve/CVE-2016-10207.html https://www.suse.com/security/cve/CVE-2016-9941.html https://www.suse.com/security/cve/CVE-2016-9942.html https://bugzilla.suse.com/1019274 https://bugzilla.suse.com/1023012 From sle-security-updates at lists.suse.com Tue Mar 7 10:09:48 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Mar 2017 18:09:48 +0100 (CET) Subject: SUSE-SU-2017:0624-1: moderate: Security update for libquicktime Message-ID: <20170307170948.E57871001B@maintenance.suse.de> SUSE Security Update: Security update for libquicktime ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0624-1 Rating: moderate References: #1022805 Cross-References: CVE-2016-2399 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libquicktime fixes the following issues: - A crafted MP4 file could have caused libquicktime to crash or lead to undefined behaviour (bsc#1022805, CVE-2016-2399) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libquicktime-13008=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libquicktime-13008=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libquicktime-1.0.3-5.2 libquicktime-devel-1.0.3-5.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libquicktime-debuginfo-1.0.3-5.2 libquicktime-debugsource-1.0.3-5.2 References: https://www.suse.com/security/cve/CVE-2016-2399.html https://bugzilla.suse.com/1022805 From sle-security-updates at lists.suse.com Tue Mar 7 10:10:15 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Mar 2017 18:10:15 +0100 (CET) Subject: SUSE-SU-2017:0625-1: important: Security update for qemu Message-ID: <20170307171015.A1CBD1000F@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0625-1 Rating: important References: #1014702 #1015169 #1016779 #1017081 #1017084 #1020491 #1020589 #1020928 #1021129 #1021195 #1021481 #1022541 #1023004 #1023053 #1023073 #1023907 #1024972 #1026583 #977027 Cross-References: CVE-2016-10028 CVE-2016-10029 CVE-2016-10155 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5667 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has four fixes is now available. Description: This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1023907). - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to a host memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1023073). - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081). - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084). - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021195). - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021481). - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589). - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491). - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583) - XHCI fixes (bsc#977027) - Fixed rare race during s390x guest reboot - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-336=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-336=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-336=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): qemu-2.6.2-41.9.1 qemu-arm-2.6.2-41.9.1 qemu-arm-debuginfo-2.6.2-41.9.1 qemu-block-curl-2.6.2-41.9.1 qemu-block-curl-debuginfo-2.6.2-41.9.1 qemu-block-rbd-2.6.2-41.9.1 qemu-block-rbd-debuginfo-2.6.2-41.9.1 qemu-block-ssh-2.6.2-41.9.1 qemu-block-ssh-debuginfo-2.6.2-41.9.1 qemu-debugsource-2.6.2-41.9.1 qemu-guest-agent-2.6.2-41.9.1 qemu-guest-agent-debuginfo-2.6.2-41.9.1 qemu-lang-2.6.2-41.9.1 qemu-tools-2.6.2-41.9.1 qemu-tools-debuginfo-2.6.2-41.9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-ipxe-1.0.0-41.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): qemu-2.6.2-41.9.1 qemu-block-curl-2.6.2-41.9.1 qemu-block-curl-debuginfo-2.6.2-41.9.1 qemu-block-ssh-2.6.2-41.9.1 qemu-block-ssh-debuginfo-2.6.2-41.9.1 qemu-debugsource-2.6.2-41.9.1 qemu-guest-agent-2.6.2-41.9.1 qemu-guest-agent-debuginfo-2.6.2-41.9.1 qemu-lang-2.6.2-41.9.1 qemu-tools-2.6.2-41.9.1 qemu-tools-debuginfo-2.6.2-41.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): qemu-block-rbd-2.6.2-41.9.1 qemu-block-rbd-debuginfo-2.6.2-41.9.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.9.1 qemu-ppc-debuginfo-2.6.2-41.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): qemu-arm-2.6.2-41.9.1 qemu-arm-debuginfo-2.6.2-41.9.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): qemu-kvm-2.6.2-41.9.1 qemu-x86-2.6.2-41.9.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ipxe-1.0.0-41.9.1 qemu-seabios-1.9.1-41.9.1 qemu-sgabios-8-41.9.1 qemu-vgabios-1.9.1-41.9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): qemu-2.6.2-41.9.1 qemu-block-curl-2.6.2-41.9.1 qemu-block-curl-debuginfo-2.6.2-41.9.1 qemu-debugsource-2.6.2-41.9.1 qemu-kvm-2.6.2-41.9.1 qemu-tools-2.6.2-41.9.1 qemu-tools-debuginfo-2.6.2-41.9.1 qemu-x86-2.6.2-41.9.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): qemu-ipxe-1.0.0-41.9.1 qemu-seabios-1.9.1-41.9.1 qemu-sgabios-8-41.9.1 qemu-vgabios-1.9.1-41.9.1 References: https://www.suse.com/security/cve/CVE-2016-10028.html https://www.suse.com/security/cve/CVE-2016-10029.html https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5525.html https://www.suse.com/security/cve/CVE-2017-5526.html https://www.suse.com/security/cve/CVE-2017-5552.html https://www.suse.com/security/cve/CVE-2017-5578.html https://www.suse.com/security/cve/CVE-2017-5667.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5857.html https://www.suse.com/security/cve/CVE-2017-5898.html https://bugzilla.suse.com/1014702 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/1017081 https://bugzilla.suse.com/1017084 https://bugzilla.suse.com/1020491 https://bugzilla.suse.com/1020589 https://bugzilla.suse.com/1020928 https://bugzilla.suse.com/1021129 https://bugzilla.suse.com/1021195 https://bugzilla.suse.com/1021481 https://bugzilla.suse.com/1022541 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1023053 https://bugzilla.suse.com/1023073 https://bugzilla.suse.com/1023907 https://bugzilla.suse.com/1024972 https://bugzilla.suse.com/1026583 https://bugzilla.suse.com/977027 From sle-security-updates at lists.suse.com Thu Mar 9 01:08:22 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Mar 2017 09:08:22 +0100 (CET) Subject: SUSE-SU-2017:0607-2: moderate: Security update for openssh Message-ID: <20170309080822.9D2EBFFC5@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0607-2 Rating: moderate References: #1005480 #1005893 #1006221 #1016366 #1016369 Cross-References: CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - Fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-325=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-325=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-325=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): openssh-6.6p1-54.7.1 openssh-askpass-gnome-6.6p1-54.7.1 openssh-askpass-gnome-debuginfo-6.6p1-54.7.1 openssh-debuginfo-6.6p1-54.7.1 openssh-debugsource-6.6p1-54.7.1 openssh-fips-6.6p1-54.7.1 openssh-helpers-6.6p1-54.7.1 openssh-helpers-debuginfo-6.6p1-54.7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): openssh-6.6p1-54.7.1 openssh-askpass-gnome-6.6p1-54.7.1 openssh-askpass-gnome-debuginfo-6.6p1-54.7.1 openssh-debuginfo-6.6p1-54.7.1 openssh-debugsource-6.6p1-54.7.1 openssh-fips-6.6p1-54.7.1 openssh-helpers-6.6p1-54.7.1 openssh-helpers-debuginfo-6.6p1-54.7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): openssh-6.6p1-54.7.1 openssh-askpass-gnome-6.6p1-54.7.1 openssh-askpass-gnome-debuginfo-6.6p1-54.7.1 openssh-debuginfo-6.6p1-54.7.1 openssh-debugsource-6.6p1-54.7.1 openssh-helpers-6.6p1-54.7.1 openssh-helpers-debuginfo-6.6p1-54.7.1 References: https://www.suse.com/security/cve/CVE-2016-10009.html https://www.suse.com/security/cve/CVE-2016-10011.html https://www.suse.com/security/cve/CVE-2016-8858.html https://bugzilla.suse.com/1005480 https://bugzilla.suse.com/1005893 https://bugzilla.suse.com/1006221 https://bugzilla.suse.com/1016366 https://bugzilla.suse.com/1016369 From sle-security-updates at lists.suse.com Thu Mar 9 01:09:31 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Mar 2017 09:09:31 +0100 (CET) Subject: SUSE-SU-2017:0639-1: moderate: Security update for unzip Message-ID: <20170309080931.72615FFC5@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0639-1 Rating: moderate References: #1013992 #1013993 #950110 #950111 Cross-References: CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for unzip fixes the following issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-unzip-13006=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): unzip-6.00-11.17.1 References: https://www.suse.com/security/cve/CVE-2014-9913.html https://www.suse.com/security/cve/CVE-2015-7696.html https://www.suse.com/security/cve/CVE-2015-7697.html https://www.suse.com/security/cve/CVE-2016-9844.html https://bugzilla.suse.com/1013992 https://bugzilla.suse.com/1013993 https://bugzilla.suse.com/950110 https://bugzilla.suse.com/950111 From sle-security-updates at lists.suse.com Thu Mar 9 04:08:57 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Mar 2017 12:08:57 +0100 (CET) Subject: SUSE-SU-2017:0607-3: moderate: Security update for openssh Message-ID: <20170309110857.921B810010@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0607-3 Rating: moderate References: #1005480 #1005893 #1006221 #1016366 #1016369 Cross-References: CVE-2016-10009 CVE-2016-10011 CVE-2016-8858 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for openssh fixes the following issues: - CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480) - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366) - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) - Fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-325=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.7.1 openssh-askpass-gnome-6.6p1-54.7.1 openssh-askpass-gnome-debuginfo-6.6p1-54.7.1 openssh-debuginfo-6.6p1-54.7.1 openssh-debugsource-6.6p1-54.7.1 openssh-fips-6.6p1-54.7.1 openssh-helpers-6.6p1-54.7.1 openssh-helpers-debuginfo-6.6p1-54.7.1 References: https://www.suse.com/security/cve/CVE-2016-10009.html https://www.suse.com/security/cve/CVE-2016-10011.html https://www.suse.com/security/cve/CVE-2016-8858.html https://bugzilla.suse.com/1005480 https://bugzilla.suse.com/1005893 https://bugzilla.suse.com/1006221 https://bugzilla.suse.com/1016366 https://bugzilla.suse.com/1016369 From sle-security-updates at lists.suse.com Thu Mar 9 07:08:24 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Mar 2017 15:08:24 +0100 (CET) Subject: SUSE-SU-2017:0641-1: moderate: Security update for dracut Message-ID: <20170309140824.1F5641001E@maintenance.suse.de> SUSE Security Update: Security update for dracut ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0641-1 Rating: moderate References: #1005410 #1006118 #1007925 #1008340 #1017695 #986734 #986838 Cross-References: CVE-2016-8637 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for dracut fixes the following issues: Security issues fixed: - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340) Non security issues fixed: - Allow booting from degraded MD arrays with systemd. (bsc#1017695) - Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925, bsc#986734, bsc#986838) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-353=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-353=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dracut-037-91.1 dracut-debuginfo-037-91.1 dracut-debugsource-037-91.1 dracut-fips-037-91.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dracut-037-91.1 dracut-debuginfo-037-91.1 dracut-debugsource-037-91.1 References: https://www.suse.com/security/cve/CVE-2016-8637.html https://bugzilla.suse.com/1005410 https://bugzilla.suse.com/1006118 https://bugzilla.suse.com/1007925 https://bugzilla.suse.com/1008340 https://bugzilla.suse.com/1017695 https://bugzilla.suse.com/986734 https://bugzilla.suse.com/986838 From sle-security-updates at lists.suse.com Thu Mar 9 07:11:43 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Mar 2017 15:11:43 +0100 (CET) Subject: SUSE-SU-2017:0644-1: moderate: Security update for xorg-x11-libX11 Message-ID: <20170309141144.002841001E@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0644-1 Rating: moderate References: #1019642 Cross-References: CVE-2013-1997 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-libX11 fixes the following issues: - a regression introduced by the security fix for CVE-2013-1997 (bnc#824294). Keyboard mappings for special characters on Non-English keyboards might have been broken. (bnc#1019642) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libX11-13017=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libX11-13017=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libX11-13017=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-devel-7.4-5.11.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-devel-32bit-7.4-5.11.68.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-7.4-5.11.68.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libX11-32bit-7.4-5.11.68.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libX11-x86-7.4-5.11.68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libX11-debuginfo-7.4-5.11.68.1 xorg-x11-libX11-debugsource-7.4-5.11.68.1 References: https://www.suse.com/security/cve/CVE-2013-1997.html https://bugzilla.suse.com/1019642 From sle-security-updates at lists.suse.com Thu Mar 9 16:07:35 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Mar 2017 00:07:35 +0100 (CET) Subject: SUSE-SU-2017:0647-1: important: Security update for xen Message-ID: <20170309230735.9C2021001B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0647-1 Rating: important References: #1000195 #1002496 #1013657 #1013668 #1014490 #1014507 #1015169 #1016340 #1022627 #1022871 #1023004 #1024183 #1024186 #1024307 #1024834 #1025188 #907805 #987002 Cross-References: CVE-2014-8106 CVE-2016-10155 CVE-2016-9101 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5579 CVE-2017-5856 CVE-2017-5898 CVE-2017-5973 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has four fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025188) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1024186) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1022627) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014490) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) These non-security issues were fixed: - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3 - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd - bsc#987002: Prevent crash of domU' after they were migrated from SP3 HV to SP4 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-13019=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-13019=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-13019=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_14-51.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_14_3.0.101_94-51.1 xen-libs-4.4.4_14-51.1 xen-tools-domU-4.4.4_14-51.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_14-51.1 xen-doc-html-4.4.4_14-51.1 xen-libs-32bit-4.4.4_14-51.1 xen-tools-4.4.4_14-51.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_14_3.0.101_94-51.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_14-51.1 xen-debugsource-4.4.4_14-51.1 References: https://www.suse.com/security/cve/CVE-2014-8106.html https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5579.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://www.suse.com/security/cve/CVE-2017-5973.html https://bugzilla.suse.com/1000195 https://bugzilla.suse.com/1002496 https://bugzilla.suse.com/1013657 https://bugzilla.suse.com/1013668 https://bugzilla.suse.com/1014490 https://bugzilla.suse.com/1014507 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016340 https://bugzilla.suse.com/1022627 https://bugzilla.suse.com/1022871 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1024183 https://bugzilla.suse.com/1024186 https://bugzilla.suse.com/1024307 https://bugzilla.suse.com/1024834 https://bugzilla.suse.com/1025188 https://bugzilla.suse.com/907805 https://bugzilla.suse.com/987002 From sle-security-updates at lists.suse.com Fri Mar 10 10:10:30 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Mar 2017 18:10:30 +0100 (CET) Subject: SUSE-SU-2017:0656-1: moderate: Security update for tcpdump Message-ID: <20170310171030.6F2B510011@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0656-1 Rating: moderate References: #1020940 Cross-References: CVE-2016-7922 CVE-2016-7923 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7931 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: This update for tcpdump fixes the following issues: Security issues fixed (bsc#1020940): - CVE-2016-7922: Corrected buffer overflow in AH parser print-ah.c:ah_print(). - CVE-2016-7923: Corrected buffer overflow in ARP parser print-arp.c:arp_print(). - CVE-2016-7925: Corrected buffer overflow in compressed SLIP parser print-sl.c:sl_if_print(). - CVE-2016-7926: Corrected buffer overflow in the Ethernet parser print-ether.c:ethertype_print(). - CVE-2016-7927: Corrected buffer overflow in the IEEE 802.11 parser print-802_11.c:ieee802_11_radio_print(). - CVE-2016-7928: Corrected buffer overflow in the IPComp parser print-ipcomp.c:ipcomp_print(). - CVE-2016-7931: Corrected buffer overflow in the MPLS parser print-mpls.c:mpls_print(). - CVE-2016-7936: Corrected buffer overflow in the UDP parser print-udp.c:udp_print(). - CVE-2016-7934,CVE-2016-7935,CVE-2016-7937: Corrected segmentation faults in function udp_print(). - CVE-2016-7939: Corrected buffer overflows in GRE parser print-gre.c:(multiple functions). - CVE-2016-7940: Corrected buffer overflows in STP parser print-stp.c:(multiple functions). - CVE-2016-7973: Corrected buffer overflow in AppleTalk parser print-atalk.c. - CVE-2016-7974: Corrected buffer overflow in IP parser print-ip.c:(multiple functions). - CVE-2016-7975: Corrected buffer overflow in TCP parser print-tcp.c:tcp_print(). - CVE-2016-7983,CVE-2016-7984: Corrected buffer overflow in TFTP parser print-tftp.c:tftp_print(). - CVE-2016-7992: Corrected buffer overflow in Classical IP over ATM parser print-cip.c. - CVE-2016-7993: Corrected buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, etc.). - CVE-2016-8574: Corrected buffer overflow in FRF.15 parser print-fr.c:frf15_print(). - CVE-2017-5202: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). - CVE-2017-5203: Corrected buffer overflow in BOOTP parser print-bootp.c:bootp_print(). - CVE-2017-5204: Corrected buffer overflow in IPv6 parser print-ip6.c:ip6_print(). - CVE-2017-5483: Corrected buffer overflow in SNMP parser print-snmp.c:asn1_parse(). - CVE-2017-5484: Corrected buffer overflow in ATM parser print-atm.c:sig_print(). - CVE-2017-5485: Corrected buffer overflow in ISO CLNS parser addrtoname.c:lookup_nsap(). - CVE-2017-5486: Corrected buffer overflow in ISO CLNS parser print-isoclns.c:clnp_print(). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tcpdump-13021=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tcpdump-13021=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcpdump-3.9.8-1.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tcpdump-debuginfo-3.9.8-1.29.1 tcpdump-debugsource-3.9.8-1.29.1 References: https://www.suse.com/security/cve/CVE-2016-7922.html https://www.suse.com/security/cve/CVE-2016-7923.html https://www.suse.com/security/cve/CVE-2016-7925.html https://www.suse.com/security/cve/CVE-2016-7926.html https://www.suse.com/security/cve/CVE-2016-7927.html https://www.suse.com/security/cve/CVE-2016-7928.html https://www.suse.com/security/cve/CVE-2016-7931.html https://www.suse.com/security/cve/CVE-2016-7934.html https://www.suse.com/security/cve/CVE-2016-7935.html https://www.suse.com/security/cve/CVE-2016-7936.html https://www.suse.com/security/cve/CVE-2016-7937.html https://www.suse.com/security/cve/CVE-2016-7939.html https://www.suse.com/security/cve/CVE-2016-7940.html https://www.suse.com/security/cve/CVE-2016-7973.html https://www.suse.com/security/cve/CVE-2016-7974.html https://www.suse.com/security/cve/CVE-2016-7975.html https://www.suse.com/security/cve/CVE-2016-7983.html https://www.suse.com/security/cve/CVE-2016-7984.html https://www.suse.com/security/cve/CVE-2016-7992.html https://www.suse.com/security/cve/CVE-2016-7993.html https://www.suse.com/security/cve/CVE-2016-8574.html https://www.suse.com/security/cve/CVE-2017-5202.html https://www.suse.com/security/cve/CVE-2017-5203.html https://www.suse.com/security/cve/CVE-2017-5204.html https://www.suse.com/security/cve/CVE-2017-5483.html https://www.suse.com/security/cve/CVE-2017-5484.html https://www.suse.com/security/cve/CVE-2017-5485.html https://www.suse.com/security/cve/CVE-2017-5486.html https://bugzilla.suse.com/1020940 From sle-security-updates at lists.suse.com Fri Mar 10 13:08:55 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Mar 2017 21:08:55 +0100 (CET) Subject: SUSE-SU-2017:0661-1: important: Security update for qemu Message-ID: <20170310200855.8A42CFFDB@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0661-1 Rating: important References: #1013285 #1014109 #1014111 #1014702 #1015048 #1015169 #1016779 #1021129 #1022541 #1023004 #1023053 #1023907 #1024972 Cross-References: CVE-2016-10155 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5667 CVE-2017-5856 CVE-2017-5898 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) - CVE-2016-10155: The i6300esb watchdog emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to leak memory on the host resulting in DoS (bnc#1021129) These non-security issues were fixed: - Fixed various inaccuracies in cirrus vga device emulation - Fixed virtio interface failure (bsc#1015048) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-366=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-366=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): qemu-ipxe-1.0.0-48.31.1 qemu-seabios-1.7.4-48.31.1 qemu-sgabios-8-48.31.1 qemu-vgabios-1.7.4-48.31.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): qemu-2.0.2-48.31.1 qemu-block-curl-2.0.2-48.31.1 qemu-block-curl-debuginfo-2.0.2-48.31.1 qemu-block-rbd-2.0.2-48.31.1 qemu-block-rbd-debuginfo-2.0.2-48.31.1 qemu-debugsource-2.0.2-48.31.1 qemu-guest-agent-2.0.2-48.31.1 qemu-guest-agent-debuginfo-2.0.2-48.31.1 qemu-kvm-2.0.2-48.31.1 qemu-lang-2.0.2-48.31.1 qemu-tools-2.0.2-48.31.1 qemu-tools-debuginfo-2.0.2-48.31.1 qemu-x86-2.0.2-48.31.1 qemu-x86-debuginfo-2.0.2-48.31.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): qemu-2.0.2-48.31.1 qemu-block-curl-2.0.2-48.31.1 qemu-block-curl-debuginfo-2.0.2-48.31.1 qemu-debugsource-2.0.2-48.31.1 qemu-guest-agent-2.0.2-48.31.1 qemu-guest-agent-debuginfo-2.0.2-48.31.1 qemu-lang-2.0.2-48.31.1 qemu-tools-2.0.2-48.31.1 qemu-tools-debuginfo-2.0.2-48.31.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): qemu-kvm-2.0.2-48.31.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le): qemu-ppc-2.0.2-48.31.1 qemu-ppc-debuginfo-2.0.2-48.31.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): qemu-block-rbd-2.0.2-48.31.1 qemu-block-rbd-debuginfo-2.0.2-48.31.1 qemu-x86-2.0.2-48.31.1 qemu-x86-debuginfo-2.0.2-48.31.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): qemu-ipxe-1.0.0-48.31.1 qemu-seabios-1.7.4-48.31.1 qemu-sgabios-8-48.31.1 qemu-vgabios-1.7.4-48.31.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): qemu-s390-2.0.2-48.31.1 qemu-s390-debuginfo-2.0.2-48.31.1 References: https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5667.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014702 https://bugzilla.suse.com/1015048 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/1021129 https://bugzilla.suse.com/1022541 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1023053 https://bugzilla.suse.com/1023907 https://bugzilla.suse.com/1024972 From sle-security-updates at lists.suse.com Wed Mar 15 08:08:03 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Mar 2017 15:08:03 +0100 (CET) Subject: SUSE-SU-2017:0694-1: moderate: Security update for gegl Message-ID: <20170315140803.C8DE51001B@maintenance.suse.de> SUSE Security Update: Security update for gegl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0694-1 Rating: moderate References: #789835 Cross-References: CVE-2012-4433 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gegl fixes the following issues: Security issue fixed: - Fix CVE-2012-4433: Fix buffer overflow in and add plausibility checks to ppm-load op (bsc#789835). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-378=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-378=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-378=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gegl-0_2-lang-0.2.0-14.3 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gegl-0_2-0.2.0-14.3 gegl-0_2-debuginfo-0.2.0-14.3 gegl-debuginfo-0.2.0-14.3 gegl-debugsource-0.2.0-14.3 libgegl-0_2-0-0.2.0-14.3 libgegl-0_2-0-debuginfo-0.2.0-14.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gegl-debuginfo-0.2.0-14.3 gegl-debugsource-0.2.0-14.3 gegl-devel-0.2.0-14.3 libgegl-0_2-0-0.2.0-14.3 libgegl-0_2-0-debuginfo-0.2.0-14.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gegl-0_2-0.2.0-14.3 gegl-0_2-debuginfo-0.2.0-14.3 gegl-debuginfo-0.2.0-14.3 gegl-debugsource-0.2.0-14.3 libgegl-0_2-0-0.2.0-14.3 libgegl-0_2-0-debuginfo-0.2.0-14.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gegl-0_2-lang-0.2.0-14.3 References: https://www.suse.com/security/cve/CVE-2012-4433.html https://bugzilla.suse.com/789835 From sle-security-updates at lists.suse.com Wed Mar 15 08:08:37 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Mar 2017 15:08:37 +0100 (CET) Subject: SUSE-SU-2017:0695-1: Recommended update for dbus-1 Message-ID: <20170315140837.6B6CCFFC6@maintenance.suse.de> SUSE Security Update: Recommended update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0695-1 Rating: low References: #1025950 #1025951 #974092 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for dbus-1 fixes the following issues: Security issues fixed: - Symlink attack in nonce-tcp transport. (bsc#1025950) - Symlink attack in unit tests. (bsc#1025951) Bugfixes: - Remove sysvinit script, not used under systemd. (bsc#974092) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-376=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-376=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-376=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-376=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-376=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-376=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-376=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-376=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): dbus-1-debuginfo-1.8.22-24.8.1 dbus-1-debugsource-1.8.22-24.8.1 dbus-1-devel-1.8.22-24.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): dbus-1-devel-doc-1.8.22-24.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): dbus-1-debuginfo-1.8.22-24.8.1 dbus-1-debugsource-1.8.22-24.8.1 dbus-1-devel-1.8.22-24.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): dbus-1-devel-doc-1.8.22-24.8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dbus-1-1.8.22-24.8.1 dbus-1-debuginfo-1.8.22-24.8.1 dbus-1-debugsource-1.8.22-24.8.1 dbus-1-x11-1.8.22-24.8.1 dbus-1-x11-debuginfo-1.8.22-24.8.1 dbus-1-x11-debugsource-1.8.22-24.8.1 libdbus-1-3-1.8.22-24.8.1 libdbus-1-3-debuginfo-1.8.22-24.8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dbus-1-1.8.22-24.8.1 dbus-1-debuginfo-1.8.22-24.8.1 dbus-1-debugsource-1.8.22-24.8.1 dbus-1-x11-1.8.22-24.8.1 dbus-1-x11-debuginfo-1.8.22-24.8.1 dbus-1-x11-debugsource-1.8.22-24.8.1 libdbus-1-3-1.8.22-24.8.1 libdbus-1-3-debuginfo-1.8.22-24.8.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): dbus-1-debuginfo-32bit-1.8.22-24.8.1 libdbus-1-3-32bit-1.8.22-24.8.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dbus-1-1.8.22-24.8.1 dbus-1-debuginfo-1.8.22-24.8.1 dbus-1-debugsource-1.8.22-24.8.1 dbus-1-x11-1.8.22-24.8.1 dbus-1-x11-debuginfo-1.8.22-24.8.1 dbus-1-x11-debugsource-1.8.22-24.8.1 libdbus-1-3-1.8.22-24.8.1 libdbus-1-3-debuginfo-1.8.22-24.8.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): dbus-1-debuginfo-32bit-1.8.22-24.8.1 libdbus-1-3-32bit-1.8.22-24.8.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dbus-1-1.8.22-24.8.1 dbus-1-debuginfo-1.8.22-24.8.1 dbus-1-debuginfo-32bit-1.8.22-24.8.1 dbus-1-debugsource-1.8.22-24.8.1 dbus-1-x11-1.8.22-24.8.1 dbus-1-x11-debuginfo-1.8.22-24.8.1 dbus-1-x11-debugsource-1.8.22-24.8.1 libdbus-1-3-1.8.22-24.8.1 libdbus-1-3-32bit-1.8.22-24.8.1 libdbus-1-3-debuginfo-1.8.22-24.8.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dbus-1-1.8.22-24.8.1 dbus-1-debuginfo-1.8.22-24.8.1 dbus-1-debuginfo-32bit-1.8.22-24.8.1 dbus-1-debugsource-1.8.22-24.8.1 dbus-1-x11-1.8.22-24.8.1 dbus-1-x11-debuginfo-1.8.22-24.8.1 dbus-1-x11-debugsource-1.8.22-24.8.1 libdbus-1-3-1.8.22-24.8.1 libdbus-1-3-32bit-1.8.22-24.8.1 libdbus-1-3-debuginfo-1.8.22-24.8.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.8.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): dbus-1-1.8.22-24.8.1 dbus-1-debuginfo-1.8.22-24.8.1 dbus-1-debugsource-1.8.22-24.8.1 dbus-1-x11-debuginfo-1.8.22-24.8.1 dbus-1-x11-debugsource-1.8.22-24.8.1 libdbus-1-3-1.8.22-24.8.1 libdbus-1-3-debuginfo-1.8.22-24.8.1 References: https://bugzilla.suse.com/1025950 https://bugzilla.suse.com/1025951 https://bugzilla.suse.com/974092 From sle-security-updates at lists.suse.com Wed Mar 15 08:09:25 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Mar 2017 15:09:25 +0100 (CET) Subject: SUSE-SU-2017:0696-1: moderate: Security update for gegl Message-ID: <20170315140925.8D916FFC6@maintenance.suse.de> SUSE Security Update: Security update for gegl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0696-1 Rating: moderate References: #789835 Cross-References: CVE-2012-4433 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gegl fixes the following issues: Security issue fixed: - Fix CVE-2012-4433: Fix buffer overflow in and add plausibility checks to ppm-load op (bsc#789835). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-377=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-377=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-377=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gegl-0_2-0.2.0-10.3.3 gegl-0_2-debuginfo-0.2.0-10.3.3 gegl-debuginfo-0.2.0-10.3.3 gegl-debugsource-0.2.0-10.3.3 libgegl-0_2-0-0.2.0-10.3.3 libgegl-0_2-0-debuginfo-0.2.0-10.3.3 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): gegl-0_2-lang-0.2.0-10.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gegl-debuginfo-0.2.0-10.3.3 gegl-debugsource-0.2.0-10.3.3 gegl-devel-0.2.0-10.3.3 libgegl-0_2-0-0.2.0-10.3.3 libgegl-0_2-0-debuginfo-0.2.0-10.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gegl-0_2-0.2.0-10.3.3 gegl-0_2-debuginfo-0.2.0-10.3.3 gegl-debuginfo-0.2.0-10.3.3 gegl-debugsource-0.2.0-10.3.3 libgegl-0_2-0-0.2.0-10.3.3 libgegl-0_2-0-debuginfo-0.2.0-10.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gegl-0_2-lang-0.2.0-10.3.3 References: https://www.suse.com/security/cve/CVE-2012-4433.html https://bugzilla.suse.com/789835 From sle-security-updates at lists.suse.com Wed Mar 15 14:07:59 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Mar 2017 21:07:59 +0100 (CET) Subject: SUSE-SU-2017:0701-1: moderate: Security update for open-vm-tools Message-ID: <20170315200759.764561001E@maintenance.suse.de> SUSE Security Update: Security update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0701-1 Rating: moderate References: #1006796 #1007600 #1011057 #1013496 #1024200 #913727 #938593 #941384 #971031 #978424 #985110 #994598 Cross-References: CVE-2015-5191 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 11 fixes is now available. Description: This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework (CAF) - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand - Fix for quiesced snapshot failure leaving guest file system quiesced (bsc#1006796) - Fix for CVE-2015-5191 (bsc#1007600) - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496) - Add udev rule to increase VMware virtual disk timeout values (bsc#994598) - Fix vmtoolsd init script to run vmtoolsd in background (bsc#971031) - Fix copy-n-paste and drag-n-drop regressions (bsc#978424) - Add new vmblock-fuse.service - Fix a suspend with systemd issue (bsc#913727) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-384=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-384=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): libvmtools0-10.1.0-5.3.1 libvmtools0-debuginfo-10.1.0-5.3.1 open-vm-tools-10.1.0-5.3.1 open-vm-tools-debuginfo-10.1.0-5.3.1 open-vm-tools-debugsource-10.1.0-5.3.1 open-vm-tools-desktop-10.1.0-5.3.1 open-vm-tools-desktop-debuginfo-10.1.0-5.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libvmtools0-10.1.0-5.3.1 libvmtools0-debuginfo-10.1.0-5.3.1 open-vm-tools-10.1.0-5.3.1 open-vm-tools-debuginfo-10.1.0-5.3.1 open-vm-tools-debugsource-10.1.0-5.3.1 open-vm-tools-desktop-10.1.0-5.3.1 open-vm-tools-desktop-debuginfo-10.1.0-5.3.1 References: https://www.suse.com/security/cve/CVE-2015-5191.html https://bugzilla.suse.com/1006796 https://bugzilla.suse.com/1007600 https://bugzilla.suse.com/1011057 https://bugzilla.suse.com/1013496 https://bugzilla.suse.com/1024200 https://bugzilla.suse.com/913727 https://bugzilla.suse.com/938593 https://bugzilla.suse.com/941384 https://bugzilla.suse.com/971031 https://bugzilla.suse.com/978424 https://bugzilla.suse.com/985110 https://bugzilla.suse.com/994598 From sle-security-updates at lists.suse.com Wed Mar 15 14:10:36 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Mar 2017 21:10:36 +0100 (CET) Subject: SUSE-SU-2017:0702-1: moderate: Security update for open-vm-tools Message-ID: <20170315201036.ED7701001E@maintenance.suse.de> SUSE Security Update: Security update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0702-1 Rating: moderate References: #1006796 #1007600 #1011057 #1013496 #1024200 #971031 #994598 Cross-References: CVE-2015-5191 Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework (CAF) - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand - Fix for quiesced snapshot failure leaving guest file system quiesced (bsc#1006796) - Fix for CVE-2015-5191 (bsc#1007600) - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496) - Add udev rule to increase VMware virtual disk timeout values (bsc#994598) - Fix vmtoolsd init script to run vmtoolsd in background (bsc#971031) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-382=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-382=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP2 (x86_64): libvmtools0-10.1.0-8.1 libvmtools0-debuginfo-10.1.0-8.1 open-vm-tools-10.1.0-8.1 open-vm-tools-debuginfo-10.1.0-8.1 open-vm-tools-debugsource-10.1.0-8.1 open-vm-tools-desktop-10.1.0-8.1 open-vm-tools-desktop-debuginfo-10.1.0-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvmtools0-10.1.0-8.1 libvmtools0-debuginfo-10.1.0-8.1 open-vm-tools-10.1.0-8.1 open-vm-tools-debuginfo-10.1.0-8.1 open-vm-tools-debugsource-10.1.0-8.1 open-vm-tools-desktop-10.1.0-8.1 open-vm-tools-desktop-debuginfo-10.1.0-8.1 References: https://www.suse.com/security/cve/CVE-2015-5191.html https://bugzilla.suse.com/1006796 https://bugzilla.suse.com/1007600 https://bugzilla.suse.com/1011057 https://bugzilla.suse.com/1013496 https://bugzilla.suse.com/1024200 https://bugzilla.suse.com/971031 https://bugzilla.suse.com/994598 From sle-security-updates at lists.suse.com Wed Mar 15 14:11:53 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Mar 2017 21:11:53 +0100 (CET) Subject: SUSE-SU-2017:0703-1: important: Security update for flash-player Message-ID: <20170315201153.8FDACFF5E@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0703-1 Rating: important References: #1029374 Cross-References: CVE-2017-2997 CVE-2017-2998 CVE-2017-2999 CVE-2017-3000 CVE-2017-3001 CVE-2017-3002 CVE-2017-3003 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: Security update to 25.0.0.127 (bsc#1029374), fixing the following vulnerabilities advised under APSB17-07: - CVE-2017-2997: This update resolves a buffer overflow vulnerability that could lead to code execution. - CVE-2017-2998, CVE-2017-2999: This update resolves memory corruption vulnerabilities that could lead to code execution. - CVE-2017-3000: This update resolves a random number generator vulnerability used for constant blinding that could lead to information disclosure. - CVE-2017-3001, CVE-2017-3002, CVE-2017-3003: This update resolves use-after-free vulnerabilities that could lead to code execution. - Details: https://helpx.adobe.com/security/products/flash-player/apsb17-07.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-385=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-385=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-25.0.0.127-162.1 flash-player-gnome-25.0.0.127-162.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-25.0.0.127-162.1 flash-player-gnome-25.0.0.127-162.1 References: https://www.suse.com/security/cve/CVE-2017-2997.html https://www.suse.com/security/cve/CVE-2017-2998.html https://www.suse.com/security/cve/CVE-2017-2999.html https://www.suse.com/security/cve/CVE-2017-3000.html https://www.suse.com/security/cve/CVE-2017-3001.html https://www.suse.com/security/cve/CVE-2017-3002.html https://www.suse.com/security/cve/CVE-2017-3003.html https://bugzilla.suse.com/1029374 From sle-security-updates at lists.suse.com Wed Mar 15 14:13:01 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Mar 2017 21:13:01 +0100 (CET) Subject: SUSE-SU-2017:0705-1: moderate: Security update for open-vm-tools Message-ID: <20170315201301.2FC43FF5E@maintenance.suse.de> SUSE Security Update: Security update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0705-1 Rating: moderate References: #1006796 #1007600 #1011057 #1013496 #1024202 #913727 #938593 #941384 #944615 #952645 #971031 #978424 #985110 #994598 Cross-References: CVE-2015-5191 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 13 fixes is now available. Description: This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework (CAF) - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand - Fix for quiesced snapshot failure leaving guest file system quiesced (bsc#1006796) - Fix for CVE-2015-5191 (bsc#1007600) - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496) - Add udev rule to increase VMware virtual disk timeout values (bsc#994598) - Fix vmtoolsd init script to run vmtoolsd in background (bsc#971031) - Fix copy-n-paste and drag-n-drop regressions (bsc#978424) - Add new vmblock-fuse.service - Fix a suspend with systemd issue (bsc#913727) - ESXi Serviceability - GuestInfo Enhancements - Compatibility with all supported versions of VMware vSphere, VMware Workstation 12.0 and VMware Fusion 8.0. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-open-vm-tools-13024=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-open-vm-tools-13024=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libvmtools0-10.1.0-7.1 open-vm-tools-10.1.0-7.1 open-vm-tools-desktop-10.1.0-7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): open-vm-tools-debuginfo-10.1.0-7.1 open-vm-tools-debugsource-10.1.0-7.1 References: https://www.suse.com/security/cve/CVE-2015-5191.html https://bugzilla.suse.com/1006796 https://bugzilla.suse.com/1007600 https://bugzilla.suse.com/1011057 https://bugzilla.suse.com/1013496 https://bugzilla.suse.com/1024202 https://bugzilla.suse.com/913727 https://bugzilla.suse.com/938593 https://bugzilla.suse.com/941384 https://bugzilla.suse.com/944615 https://bugzilla.suse.com/952645 https://bugzilla.suse.com/971031 https://bugzilla.suse.com/978424 https://bugzilla.suse.com/985110 https://bugzilla.suse.com/994598 From sle-security-updates at lists.suse.com Fri Mar 17 05:07:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 12:07:56 +0100 (CET) Subject: SUSE-SU-2017:0713-1: moderate: Security update for sane-backends Message-ID: <20170317110756.B130610027@maintenance.suse.de> SUSE Security Update: Security update for sane-backends ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0713-1 Rating: moderate References: #1027197 Cross-References: CVE-2017-6318 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sane-backends fixes the following issues: - saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory (CVE-2017-6318, bsc#1027197). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-397=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-397=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-397=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-397=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-397=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-397=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-397=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-397=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-397=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): sane-backends-32bit-1.0.24-3.1 sane-backends-autoconfig-1.0.24-3.1 sane-backends-debuginfo-1.0.24-3.1 sane-backends-debuginfo-32bit-1.0.24-3.1 sane-backends-debugsource-1.0.24-3.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): sane-backends-32bit-1.0.24-3.1 sane-backends-autoconfig-1.0.24-3.1 sane-backends-debuginfo-1.0.24-3.1 sane-backends-debuginfo-32bit-1.0.24-3.1 sane-backends-debugsource-1.0.24-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): sane-backends-debuginfo-1.0.24-3.1 sane-backends-debugsource-1.0.24-3.1 sane-backends-devel-1.0.24-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): sane-backends-debuginfo-1.0.24-3.1 sane-backends-debugsource-1.0.24-3.1 sane-backends-devel-1.0.24-3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sane-backends-1.0.24-3.1 sane-backends-debuginfo-1.0.24-3.1 sane-backends-debugsource-1.0.24-3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sane-backends-1.0.24-3.1 sane-backends-debuginfo-1.0.24-3.1 sane-backends-debugsource-1.0.24-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): sane-backends-1.0.24-3.1 sane-backends-debuginfo-1.0.24-3.1 sane-backends-debugsource-1.0.24-3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sane-backends-1.0.24-3.1 sane-backends-32bit-1.0.24-3.1 sane-backends-autoconfig-1.0.24-3.1 sane-backends-debuginfo-1.0.24-3.1 sane-backends-debuginfo-32bit-1.0.24-3.1 sane-backends-debugsource-1.0.24-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): sane-backends-1.0.24-3.1 sane-backends-32bit-1.0.24-3.1 sane-backends-autoconfig-1.0.24-3.1 sane-backends-debuginfo-1.0.24-3.1 sane-backends-debuginfo-32bit-1.0.24-3.1 sane-backends-debugsource-1.0.24-3.1 References: https://www.suse.com/security/cve/CVE-2017-6318.html https://bugzilla.suse.com/1027197 From sle-security-updates at lists.suse.com Fri Mar 17 05:08:28 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 12:08:28 +0100 (CET) Subject: SUSE-SU-2017:0714-1: important: Security update for MozillaFirefox Message-ID: <20170317110828.525B010027@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0714-1 Rating: important References: #1028391 Cross-References: CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed (bsc#1028391): - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-392=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-392=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-392=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-392=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-392=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-392=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-392=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-392=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-392=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.8.0esr-102.1 MozillaFirefox-debugsource-45.8.0esr-102.1 MozillaFirefox-devel-45.8.0esr-102.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.8.0esr-102.1 MozillaFirefox-debugsource-45.8.0esr-102.1 MozillaFirefox-devel-45.8.0esr-102.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.8.0esr-102.1 MozillaFirefox-debuginfo-45.8.0esr-102.1 MozillaFirefox-debugsource-45.8.0esr-102.1 MozillaFirefox-translations-45.8.0esr-102.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-45.8.0esr-102.1 MozillaFirefox-debuginfo-45.8.0esr-102.1 MozillaFirefox-debugsource-45.8.0esr-102.1 MozillaFirefox-translations-45.8.0esr-102.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-45.8.0esr-102.1 MozillaFirefox-debuginfo-45.8.0esr-102.1 MozillaFirefox-debugsource-45.8.0esr-102.1 MozillaFirefox-translations-45.8.0esr-102.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.8.0esr-102.1 MozillaFirefox-debuginfo-45.8.0esr-102.1 MozillaFirefox-debugsource-45.8.0esr-102.1 MozillaFirefox-translations-45.8.0esr-102.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.8.0esr-102.1 MozillaFirefox-debuginfo-45.8.0esr-102.1 MozillaFirefox-debugsource-45.8.0esr-102.1 MozillaFirefox-translations-45.8.0esr-102.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-45.8.0esr-102.1 MozillaFirefox-debuginfo-45.8.0esr-102.1 MozillaFirefox-debugsource-45.8.0esr-102.1 MozillaFirefox-translations-45.8.0esr-102.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.8.0esr-102.1 MozillaFirefox-debuginfo-45.8.0esr-102.1 MozillaFirefox-debugsource-45.8.0esr-102.1 MozillaFirefox-translations-45.8.0esr-102.1 References: https://www.suse.com/security/cve/CVE-2017-5398.html https://www.suse.com/security/cve/CVE-2017-5400.html https://www.suse.com/security/cve/CVE-2017-5401.html https://www.suse.com/security/cve/CVE-2017-5402.html https://www.suse.com/security/cve/CVE-2017-5404.html https://www.suse.com/security/cve/CVE-2017-5405.html https://www.suse.com/security/cve/CVE-2017-5407.html https://www.suse.com/security/cve/CVE-2017-5408.html https://www.suse.com/security/cve/CVE-2017-5409.html https://www.suse.com/security/cve/CVE-2017-5410.html https://bugzilla.suse.com/1028391 From sle-security-updates at lists.suse.com Fri Mar 17 05:08:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 12:08:54 +0100 (CET) Subject: SUSE-SU-2017:0715-1: moderate: Security update for jsch Message-ID: <20170317110854.8B1DB10024@maintenance.suse.de> SUSE Security Update: Security update for jsch ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0715-1 Rating: moderate References: #997542 Cross-References: CVE-2016-5725 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jsch to version 0.1.54 fixes the following issues: Security issues fixed: - CVE-2016-5725: recursive sftp get client-side windows path traversal (bsc#997542). Bugfixes: - sftp-put may send the garbage data in some rare case. - fixed a deadlock bug in KnownHosts#getHostKey(). - SftpProgressMonitor#init() was not invoked in sftp-put by using the output-stream. - KnownHosts#setKnownHosts() should accept the non-existing file. - excluding the user interaction time from the timeout value. - addressing SFTP slow file transfer speed with Titan FTP. - updating copyright messages; 2015 -> 2016 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-391=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): jsch-0.1.54-3.1 References: https://www.suse.com/security/cve/CVE-2016-5725.html https://bugzilla.suse.com/997542 From sle-security-updates at lists.suse.com Fri Mar 17 05:09:19 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 12:09:19 +0100 (CET) Subject: SUSE-SU-2017:0716-1: moderate: Security update for java-1_7_0-ibm Message-ID: <20170317110919.3183A10024@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0716-1 Rating: moderate References: #1027038 Cross-References: CVE-2016-2183 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. (bsc#1027038) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_7_0-ibm-13027=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_7_0-ibm-13027=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_7_0-ibm-13027=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-13027=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-13027=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_7_0-ibm-1.7.0_sr10.1-61.1 java-1_7_0-ibm-alsa-1.7.0_sr10.1-61.1 java-1_7_0-ibm-devel-1.7.0_sr10.1-61.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.1-61.1 java-1_7_0-ibm-plugin-1.7.0_sr10.1-61.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_7_0-ibm-1.7.0_sr10.1-61.1 java-1_7_0-ibm-alsa-1.7.0_sr10.1-61.1 java-1_7_0-ibm-devel-1.7.0_sr10.1-61.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.1-61.1 java-1_7_0-ibm-plugin-1.7.0_sr10.1-61.1 - SUSE Manager 2.1 (s390x x86_64): java-1_7_0-ibm-1.7.0_sr10.1-61.1 java-1_7_0-ibm-devel-1.7.0_sr10.1-61.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.1-61.1 - SUSE Manager 2.1 (x86_64): java-1_7_0-ibm-alsa-1.7.0_sr10.1-61.1 java-1_7_0-ibm-plugin-1.7.0_sr10.1-61.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr10.1-61.1 java-1_7_0-ibm-devel-1.7.0_sr10.1-61.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.1-61.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr10.1-61.1 java-1_7_0-ibm-plugin-1.7.0_sr10.1-61.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.1-61.1 java-1_7_0-ibm-alsa-1.7.0_sr10.1-61.1 java-1_7_0-ibm-devel-1.7.0_sr10.1-61.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.1-61.1 java-1_7_0-ibm-plugin-1.7.0_sr10.1-61.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://bugzilla.suse.com/1027038 From sle-security-updates at lists.suse.com Fri Mar 17 05:09:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 12:09:44 +0100 (CET) Subject: SUSE-SU-2017:0717-1: moderate: Security update for sane-backends Message-ID: <20170317110944.501AC10024@maintenance.suse.de> SUSE Security Update: Security update for sane-backends ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0717-1 Rating: moderate References: #1027197 Cross-References: CVE-2017-6318 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sane-backends fixes the following issues: - saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory (CVE-2017-6318, bsc#1027197). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-sane-backends-13029=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sane-backends-13029=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sane-backends-13029=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): sane-backends-autoconfig-1.0.20-7.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): sane-backends-32bit-1.0.20-7.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): sane-backends-x86-1.0.20-7.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sane-backends-1.0.20-7.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sane-backends-debuginfo-1.0.20-7.8.1 sane-backends-debugsource-1.0.20-7.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): sane-backends-debuginfo-32bit-1.0.20-7.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): sane-backends-debuginfo-x86-1.0.20-7.8.1 References: https://www.suse.com/security/cve/CVE-2017-6318.html https://bugzilla.suse.com/1027197 From sle-security-updates at lists.suse.com Fri Mar 17 05:10:10 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 12:10:10 +0100 (CET) Subject: SUSE-SU-2017:0718-1: important: Security update for xen Message-ID: <20170317111010.40EEE10024@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0718-1 Rating: important References: #1002496 #1012651 #1013657 #1013668 #1014298 #1014507 #1015169 #1016340 #1022871 #1023004 #1024183 #1024834 #907805 Cross-References: CVE-2014-8106 CVE-2016-10013 CVE-2016-10024 CVE-2016-10155 CVE-2016-9101 CVE-2016-9776 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2016-9932 CVE-2017-2615 CVE-2017-2620 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has one errata is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1024183) - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2014-8106: A heap-based buffer overflow in the Cirrus VGA emulator allowed local guest users to execute arbitrary code via vectors related to blit regions (bsc#907805) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014507) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169) - CVE-2016-10013: Xen allowed local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation (bsc#1016340). - CVE-2016-9932: CMPXCHG8B emulation on x86 systems allowed local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix (bsc#1012651). - CVE-2016-9101: A memory leak in hw/net/eepro100.c allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device (bsc#1013668) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013657) - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-10024: Xen allowed local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations (bsc#1014298) This non-security issue was fixed: - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-xen-13030=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-xen-13030=1 - SUSE Manager 2.1: zypper in -t patch sleman21-xen-13030=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-xen-13030=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-13030=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-13030=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): xen-4.2.5_21-35.1 xen-doc-html-4.2.5_21-35.1 xen-doc-pdf-4.2.5_21-35.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 xen-libs-32bit-4.2.5_21-35.1 xen-libs-4.2.5_21-35.1 xen-tools-4.2.5_21-35.1 xen-tools-domU-4.2.5_21-35.1 - SUSE Manager Proxy 2.1 (x86_64): xen-4.2.5_21-35.1 xen-doc-html-4.2.5_21-35.1 xen-doc-pdf-4.2.5_21-35.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 xen-libs-32bit-4.2.5_21-35.1 xen-libs-4.2.5_21-35.1 xen-tools-4.2.5_21-35.1 xen-tools-domU-4.2.5_21-35.1 - SUSE Manager 2.1 (x86_64): xen-4.2.5_21-35.1 xen-doc-html-4.2.5_21-35.1 xen-doc-pdf-4.2.5_21-35.1 xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 xen-libs-32bit-4.2.5_21-35.1 xen-libs-4.2.5_21-35.1 xen-tools-4.2.5_21-35.1 xen-tools-domU-4.2.5_21-35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 xen-libs-4.2.5_21-35.1 xen-tools-domU-4.2.5_21-35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): xen-4.2.5_21-35.1 xen-doc-html-4.2.5_21-35.1 xen-doc-pdf-4.2.5_21-35.1 xen-libs-32bit-4.2.5_21-35.1 xen-tools-4.2.5_21-35.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.96-35.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.96-35.1 xen-libs-4.2.5_21-35.1 xen-tools-domU-4.2.5_21-35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-35.1 xen-debugsource-4.2.5_21-35.1 References: https://www.suse.com/security/cve/CVE-2014-8106.html https://www.suse.com/security/cve/CVE-2016-10013.html https://www.suse.com/security/cve/CVE-2016-10024.html https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9101.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2016-9932.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://bugzilla.suse.com/1002496 https://bugzilla.suse.com/1012651 https://bugzilla.suse.com/1013657 https://bugzilla.suse.com/1013668 https://bugzilla.suse.com/1014298 https://bugzilla.suse.com/1014507 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016340 https://bugzilla.suse.com/1022871 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1024183 https://bugzilla.suse.com/1024834 https://bugzilla.suse.com/907805 From sle-security-updates at lists.suse.com Fri Mar 17 05:12:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 12:12:56 +0100 (CET) Subject: SUSE-SU-2017:0719-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20170317111256.B324410024@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0719-1 Rating: moderate References: #1027038 Cross-References: CVE-2016-2183 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. (bsc#1027038) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-13028=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-13028=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.1-22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.1-22.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.1-22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.1-22.1 java-1_7_1-ibm-plugin-1.7.1_sr4.1-22.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://bugzilla.suse.com/1027038 From sle-security-updates at lists.suse.com Fri Mar 17 05:13:25 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 12:13:25 +0100 (CET) Subject: SUSE-SU-2017:0720-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20170317111325.5378310027@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0720-1 Rating: moderate References: #1027038 Cross-References: CVE-2016-2183 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. (bsc#1027038) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-395=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-395=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-395=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-395=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-395=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-395=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.1-34.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.1-34.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): java-1_7_1-ibm-1.7.1_sr4.1-34.1 java-1_7_1-ibm-alsa-1.7.1_sr4.1-34.1 java-1_7_1-ibm-devel-1.7.1_sr4.1-34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.1-34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.1-34.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.1-34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.1-34.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.1-34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.1-34.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.1-34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.1-34.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.1-34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.1-34.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.1-34.1 java-1_7_1-ibm-devel-1.7.1_sr4.1-34.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.1-34.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.1-34.1 java-1_7_1-ibm-plugin-1.7.1_sr4.1-34.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://bugzilla.suse.com/1027038 From sle-security-updates at lists.suse.com Fri Mar 17 11:11:11 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 18:11:11 +0100 (CET) Subject: SUSE-SU-2017:0726-1: moderate: Security update for java-1_6_0-ibm Message-ID: <20170317171111.101C410026@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0726-1 Rating: moderate References: #1027038 Cross-References: CVE-2016-2183 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for java-1_6_0-ibm to 8.0-4.1 fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. (bsc#1027038) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2017-407=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.41-46.1 java-1_6_0-ibm-fonts-1.6.0_sr16.41-46.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.41-46.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.41-46.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://bugzilla.suse.com/1027038 From sle-security-updates at lists.suse.com Fri Mar 17 11:12:34 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 18:12:34 +0100 (CET) Subject: SUSE-SU-2017:0728-1: moderate: Security update for lighttpd Message-ID: <20170317171234.490EB10026@maintenance.suse.de> SUSE Security Update: Security update for lighttpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0728-1 Rating: moderate References: #932286 #981347 #990847 Cross-References: CVE-2015-3200 CVE-2016-1000212 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for lighttpd fixes the following issues: Security issues fixed: - CVE-2016-1000212: don't allow requests to set the HTTP_PROXY variable. As *CGI apps might pick it up and use it for outgoing requests (bsc#990847). - CVE-2015-3200: log injection via malformed base64 string in Authentication header (bsc#932286). Bugfixes: - added su directive to logrotate file as the directory is owned by lighttpd. (bsc#981347) - fix out of bounds read in mod_scgi (debian#857255) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-409=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-409=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-409=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): lighttpd-mod_cml-1.4.35-3.1 lighttpd-mod_cml-debuginfo-1.4.35-3.1 lighttpd-mod_magnet-1.4.35-3.1 lighttpd-mod_magnet-debuginfo-1.4.35-3.1 lighttpd-mod_mysql_vhost-1.4.35-3.1 lighttpd-mod_mysql_vhost-debuginfo-1.4.35-3.1 lighttpd-mod_rrdtool-1.4.35-3.1 lighttpd-mod_rrdtool-debuginfo-1.4.35-3.1 lighttpd-mod_trigger_b4_dl-1.4.35-3.1 lighttpd-mod_trigger_b4_dl-debuginfo-1.4.35-3.1 lighttpd-mod_webdav-1.4.35-3.1 lighttpd-mod_webdav-debuginfo-1.4.35-3.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): lighttpd-1.4.35-3.1 lighttpd-debuginfo-1.4.35-3.1 lighttpd-debugsource-1.4.35-3.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): lighttpd-1.4.35-3.1 lighttpd-debuginfo-1.4.35-3.1 lighttpd-debugsource-1.4.35-3.1 References: https://www.suse.com/security/cve/CVE-2015-3200.html https://www.suse.com/security/cve/CVE-2016-1000212.html https://bugzilla.suse.com/932286 https://bugzilla.suse.com/981347 https://bugzilla.suse.com/990847 From sle-security-updates at lists.suse.com Fri Mar 17 11:13:23 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 18:13:23 +0100 (CET) Subject: SUSE-SU-2017:0729-1: moderate: Security update for apache2 Message-ID: <20170317171323.6031710027@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0729-1 Rating: moderate References: #1016714 #1016715 Cross-References: CVE-2016-2161 CVE-2016-8743 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive "HttpProtocolOptions Strict" to avoid proxy chain misinterpretation (bsc#1016715). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-apache2-13032=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-apache2-13032=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-apache2-13032=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-13032=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): apache2-devel-2.2.12-69.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.12-69.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): apache2-2.2.12-69.1 apache2-doc-2.2.12-69.1 apache2-example-pages-2.2.12-69.1 apache2-prefork-2.2.12-69.1 apache2-utils-2.2.12-69.1 apache2-worker-2.2.12-69.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.12-69.1 apache2-doc-2.2.12-69.1 apache2-example-pages-2.2.12-69.1 apache2-prefork-2.2.12-69.1 apache2-utils-2.2.12-69.1 apache2-worker-2.2.12-69.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-debuginfo-2.2.12-69.1 apache2-debugsource-2.2.12-69.1 References: https://www.suse.com/security/cve/CVE-2016-2161.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/1016714 https://bugzilla.suse.com/1016715 From sle-security-updates at lists.suse.com Fri Mar 17 11:14:25 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 18:14:25 +0100 (CET) Subject: SUSE-SU-2017:0731-1: moderate: Security update for lighttpd Message-ID: <20170317171425.9020C10024@maintenance.suse.de> SUSE Security Update: Security update for lighttpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0731-1 Rating: moderate References: #932286 #981347 #990847 Cross-References: CVE-2015-3200 CVE-2016-1000212 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for lighttpd fixes the following issues: Security issues fixed: - CVE-2016-1000212: Don't allow requests to set the HTTP_PROXY variable. As *CGI apps might pick it up and use it for outgoing requests. (bsc#990847) - CVE-2015-3200: Log injection via malformed base64 string in Authentication header. (bsc#932286) Bug fixes: - Add su directive to logrotate file as the directory is owned by lighttpd. (bsc#981347) - Fix out of bounds read in mod_scgi. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-lighttpd-13033=1 - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-lighttpd-13033=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-lighttpd-13033=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-lighttpd-13033=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.58.1 lighttpd-mod_cml-1.4.20-2.58.1 lighttpd-mod_magnet-1.4.20-2.58.1 lighttpd-mod_mysql_vhost-1.4.20-2.58.1 lighttpd-mod_rrdtool-1.4.20-2.58.1 lighttpd-mod_trigger_b4_dl-1.4.20-2.58.1 lighttpd-mod_webdav-1.4.20-2.58.1 - SUSE Linux Enterprise Server for SAP 11-SP4 (ppc64 x86_64): lighttpd-mod_cml-1.4.20-2.58.1 lighttpd-mod_magnet-1.4.20-2.58.1 lighttpd-mod_mysql_vhost-1.4.20-2.58.1 lighttpd-mod_rrdtool-1.4.20-2.58.1 lighttpd-mod_trigger_b4_dl-1.4.20-2.58.1 lighttpd-mod_webdav-1.4.20-2.58.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.58.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): lighttpd-debuginfo-1.4.20-2.58.1 lighttpd-debugsource-1.4.20-2.58.1 References: https://www.suse.com/security/cve/CVE-2015-3200.html https://www.suse.com/security/cve/CVE-2016-1000212.html https://bugzilla.suse.com/932286 https://bugzilla.suse.com/981347 https://bugzilla.suse.com/990847 From sle-security-updates at lists.suse.com Fri Mar 17 14:07:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Mar 2017 21:07:58 +0100 (CET) Subject: SUSE-SU-2017:0732-1: important: Security update for MozillaFirefox Message-ID: <20170317200758.0F34310027@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0732-1 Rating: important References: #1027527 #1028391 Cross-References: CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed (bsc#1028391): - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Bugfixes: - fix crashes on Itanium (bsc#1027527) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-13034=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-13034=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-13034=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-13034=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-13034=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-13034=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-13034=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-13034=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-13034=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.8.0esr-68.1 MozillaFirefox-translations-45.8.0esr-68.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.8.0esr-68.1 MozillaFirefox-translations-45.8.0esr-68.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.8.0esr-68.1 MozillaFirefox-translations-45.8.0esr-68.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.8.0esr-68.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.8.0esr-68.1 MozillaFirefox-translations-45.8.0esr-68.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.8.0esr-68.1 MozillaFirefox-translations-45.8.0esr-68.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.8.0esr-68.1 MozillaFirefox-translations-45.8.0esr-68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.8.0esr-68.1 MozillaFirefox-debugsource-45.8.0esr-68.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.8.0esr-68.1 MozillaFirefox-debugsource-45.8.0esr-68.1 References: https://www.suse.com/security/cve/CVE-2017-5398.html https://www.suse.com/security/cve/CVE-2017-5400.html https://www.suse.com/security/cve/CVE-2017-5401.html https://www.suse.com/security/cve/CVE-2017-5402.html https://www.suse.com/security/cve/CVE-2017-5404.html https://www.suse.com/security/cve/CVE-2017-5405.html https://www.suse.com/security/cve/CVE-2017-5407.html https://www.suse.com/security/cve/CVE-2017-5408.html https://www.suse.com/security/cve/CVE-2017-5409.html https://www.suse.com/security/cve/CVE-2017-5410.html https://bugzilla.suse.com/1027527 https://bugzilla.suse.com/1028391 From sle-security-updates at lists.suse.com Mon Mar 20 14:08:09 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Mar 2017 21:08:09 +0100 (CET) Subject: SUSE-SU-2017:0758-1: moderate: Security update for ceph Message-ID: <20170320200809.E385D10022@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0758-1 Rating: moderate References: #1007217 #1008435 #1008894 #1012100 #1014338 #1015748 #1019616 Cross-References: CVE-2016-8626 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update provides Ceph 10.2.5, which brings fixes and enhancements: This security issue was fixed: - CVE-2016-8626: Handle empty POST condition to not allow attackers to crash the ceph-radosgw service. (bsc#1007217) These non-security issues were fixed: - OSD daemon uses 100% CPU load after OSD creation (bsc#1014338) - ceph-deploy fails with dmcrypt flag (bsc#1008435) - OSD's are not mounted after upgrade (bsc#1012100) - ceph-osd service fails to start OSD randomly (bsc#1019616) - Add missing argument comma to ceph-create-keys (bsc#1008894) - Add Install section to systemd rbdmap.service file (bsc#1015748) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-416=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (aarch64 x86_64): ceph-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-base-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-base-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-common-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-common-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-debugsource-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-fuse-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-fuse-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-mds-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-mds-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-mon-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-mon-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-osd-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-osd-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-radosgw-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-radosgw-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-test-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-test-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-test-debugsource-10.2.5+git.1485186288.4e3c6c4-12.2 libcephfs1-10.2.5+git.1485186288.4e3c6c4-12.2 libcephfs1-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 librados2-10.2.5+git.1485186288.4e3c6c4-12.2 librados2-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 libradosstriper1-10.2.5+git.1485186288.4e3c6c4-12.2 libradosstriper1-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 librbd1-10.2.5+git.1485186288.4e3c6c4-12.2 librbd1-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 librgw2-10.2.5+git.1485186288.4e3c6c4-12.2 librgw2-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 python-ceph-compat-10.2.5+git.1485186288.4e3c6c4-12.2 python-cephfs-10.2.5+git.1485186288.4e3c6c4-12.2 python-cephfs-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 python-rados-10.2.5+git.1485186288.4e3c6c4-12.2 python-rados-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 python-rbd-10.2.5+git.1485186288.4e3c6c4-12.2 python-rbd-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 rbd-fuse-10.2.5+git.1485186288.4e3c6c4-12.2 rbd-fuse-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 rbd-mirror-10.2.5+git.1485186288.4e3c6c4-12.2 rbd-mirror-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 rbd-nbd-10.2.5+git.1485186288.4e3c6c4-12.2 rbd-nbd-debuginfo-10.2.5+git.1485186288.4e3c6c4-12.2 References: https://www.suse.com/security/cve/CVE-2016-8626.html https://bugzilla.suse.com/1007217 https://bugzilla.suse.com/1008435 https://bugzilla.suse.com/1008894 https://bugzilla.suse.com/1012100 https://bugzilla.suse.com/1014338 https://bugzilla.suse.com/1015748 https://bugzilla.suse.com/1019616 From sle-security-updates at lists.suse.com Mon Mar 20 17:07:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:07:44 +0100 (CET) Subject: SUSE-SU-2017:0759-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 Message-ID: <20170320230744.5BBF21002A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0759-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.55-52_45 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-419=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-419=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-7-2.1 kgraft-patch-3_12_55-52_45-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-7-2.1 kgraft-patch-3_12_55-52_45-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:07:59 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:07:59 +0100 (CET) Subject: SUSE-SU-2017:0760-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 Message-ID: <20170320230759.28F0B10024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0760-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.62-60_62 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-428=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-7-2.1 kgraft-patch-3_12_62-60_62-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:08:14 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:08:14 +0100 (CET) Subject: SUSE-SU-2017:0761-1: moderate: Security update for php5 Message-ID: <20170320230814.1AAF710024@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0761-1 Rating: moderate References: #1027210 Cross-References: CVE-2015-8994 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issues: Security issue fixed: - CVE-2015-8994: code permission/sensitive data protection vulnerability (bsc#1027210). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-417=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-417=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-417=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-99.1 php5-debugsource-5.5.14-99.1 php5-devel-5.5.14-99.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-99.1 php5-debugsource-5.5.14-99.1 php5-devel-5.5.14-99.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-99.1 apache2-mod_php5-debuginfo-5.5.14-99.1 php5-5.5.14-99.1 php5-bcmath-5.5.14-99.1 php5-bcmath-debuginfo-5.5.14-99.1 php5-bz2-5.5.14-99.1 php5-bz2-debuginfo-5.5.14-99.1 php5-calendar-5.5.14-99.1 php5-calendar-debuginfo-5.5.14-99.1 php5-ctype-5.5.14-99.1 php5-ctype-debuginfo-5.5.14-99.1 php5-curl-5.5.14-99.1 php5-curl-debuginfo-5.5.14-99.1 php5-dba-5.5.14-99.1 php5-dba-debuginfo-5.5.14-99.1 php5-debuginfo-5.5.14-99.1 php5-debugsource-5.5.14-99.1 php5-dom-5.5.14-99.1 php5-dom-debuginfo-5.5.14-99.1 php5-enchant-5.5.14-99.1 php5-enchant-debuginfo-5.5.14-99.1 php5-exif-5.5.14-99.1 php5-exif-debuginfo-5.5.14-99.1 php5-fastcgi-5.5.14-99.1 php5-fastcgi-debuginfo-5.5.14-99.1 php5-fileinfo-5.5.14-99.1 php5-fileinfo-debuginfo-5.5.14-99.1 php5-fpm-5.5.14-99.1 php5-fpm-debuginfo-5.5.14-99.1 php5-ftp-5.5.14-99.1 php5-ftp-debuginfo-5.5.14-99.1 php5-gd-5.5.14-99.1 php5-gd-debuginfo-5.5.14-99.1 php5-gettext-5.5.14-99.1 php5-gettext-debuginfo-5.5.14-99.1 php5-gmp-5.5.14-99.1 php5-gmp-debuginfo-5.5.14-99.1 php5-iconv-5.5.14-99.1 php5-iconv-debuginfo-5.5.14-99.1 php5-imap-5.5.14-99.1 php5-imap-debuginfo-5.5.14-99.1 php5-intl-5.5.14-99.1 php5-intl-debuginfo-5.5.14-99.1 php5-json-5.5.14-99.1 php5-json-debuginfo-5.5.14-99.1 php5-ldap-5.5.14-99.1 php5-ldap-debuginfo-5.5.14-99.1 php5-mbstring-5.5.14-99.1 php5-mbstring-debuginfo-5.5.14-99.1 php5-mcrypt-5.5.14-99.1 php5-mcrypt-debuginfo-5.5.14-99.1 php5-mysql-5.5.14-99.1 php5-mysql-debuginfo-5.5.14-99.1 php5-odbc-5.5.14-99.1 php5-odbc-debuginfo-5.5.14-99.1 php5-opcache-5.5.14-99.1 php5-opcache-debuginfo-5.5.14-99.1 php5-openssl-5.5.14-99.1 php5-openssl-debuginfo-5.5.14-99.1 php5-pcntl-5.5.14-99.1 php5-pcntl-debuginfo-5.5.14-99.1 php5-pdo-5.5.14-99.1 php5-pdo-debuginfo-5.5.14-99.1 php5-pgsql-5.5.14-99.1 php5-pgsql-debuginfo-5.5.14-99.1 php5-phar-5.5.14-99.1 php5-phar-debuginfo-5.5.14-99.1 php5-posix-5.5.14-99.1 php5-posix-debuginfo-5.5.14-99.1 php5-pspell-5.5.14-99.1 php5-pspell-debuginfo-5.5.14-99.1 php5-shmop-5.5.14-99.1 php5-shmop-debuginfo-5.5.14-99.1 php5-snmp-5.5.14-99.1 php5-snmp-debuginfo-5.5.14-99.1 php5-soap-5.5.14-99.1 php5-soap-debuginfo-5.5.14-99.1 php5-sockets-5.5.14-99.1 php5-sockets-debuginfo-5.5.14-99.1 php5-sqlite-5.5.14-99.1 php5-sqlite-debuginfo-5.5.14-99.1 php5-suhosin-5.5.14-99.1 php5-suhosin-debuginfo-5.5.14-99.1 php5-sysvmsg-5.5.14-99.1 php5-sysvmsg-debuginfo-5.5.14-99.1 php5-sysvsem-5.5.14-99.1 php5-sysvsem-debuginfo-5.5.14-99.1 php5-sysvshm-5.5.14-99.1 php5-sysvshm-debuginfo-5.5.14-99.1 php5-tokenizer-5.5.14-99.1 php5-tokenizer-debuginfo-5.5.14-99.1 php5-wddx-5.5.14-99.1 php5-wddx-debuginfo-5.5.14-99.1 php5-xmlreader-5.5.14-99.1 php5-xmlreader-debuginfo-5.5.14-99.1 php5-xmlrpc-5.5.14-99.1 php5-xmlrpc-debuginfo-5.5.14-99.1 php5-xmlwriter-5.5.14-99.1 php5-xmlwriter-debuginfo-5.5.14-99.1 php5-xsl-5.5.14-99.1 php5-xsl-debuginfo-5.5.14-99.1 php5-zip-5.5.14-99.1 php5-zip-debuginfo-5.5.14-99.1 php5-zlib-5.5.14-99.1 php5-zlib-debuginfo-5.5.14-99.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-99.1 References: https://www.suse.com/security/cve/CVE-2015-8994.html https://bugzilla.suse.com/1027210 From sle-security-updates at lists.suse.com Mon Mar 20 17:08:30 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:08:30 +0100 (CET) Subject: SUSE-SU-2017:0762-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20170320230830.94CE510024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0762-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-426=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-8-2.1 kgraft-patch-3_12_59-60_41-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:08:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:08:44 +0100 (CET) Subject: SUSE-SU-2017:0763-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20170320230844.7FB3F10024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0763-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-429=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_64_8-default-6-2.1 kgraft-patch-3_12_62-60_64_8-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:08:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:08:58 +0100 (CET) Subject: SUSE-SU-2017:0764-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 Message-ID: <20170320230858.A3E6B10024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0764-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-431=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_21-default-4-2.1 kgraft-patch-3_12_67-60_64_21-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 From sle-security-updates at lists.suse.com Mon Mar 20 17:09:37 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:09:37 +0100 (CET) Subject: SUSE-SU-2017:0766-1: important: Security update for Linux Kernel Live Patch 18 for SLE 12 Message-ID: <20170320230937.79E0E10024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 18 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0766-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_63 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-424=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-424=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_63-default-3-2.1 kgraft-patch-3_12_60-52_63-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_63-default-3-2.1 kgraft-patch-3_12_60-52_63-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:09:52 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:09:52 +0100 (CET) Subject: SUSE-SU-2017:0767-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 Message-ID: <20170320230952.557EB10024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0767-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-421=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-421=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-7-2.1 kgraft-patch-3_12_60-52_54-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-7-2.1 kgraft-patch-3_12_60-52_54-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:10:23 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:10:23 +0100 (CET) Subject: SUSE-SU-2017:0768-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 Message-ID: <20170320231023.71CC810024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0768-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-432=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-4-11.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 From sle-security-updates at lists.suse.com Mon Mar 20 17:11:04 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:11:04 +0100 (CET) Subject: SUSE-SU-2017:0769-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 Message-ID: <20170320231104.3E9CB10026@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0769-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-420=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-420=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-7-2.1 kgraft-patch-3_12_60-52_49-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-7-2.1 kgraft-patch-3_12_60-52_49-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:11:28 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:11:28 +0100 (CET) Subject: SUSE-SU-2017:0770-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12 Message-ID: <20170320231128.C58A010025@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0770-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_57 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-422=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-422=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_57-default-4-2.1 kgraft-patch-3_12_60-52_57-xen-4-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_57-default-4-2.1 kgraft-patch-3_12_60-52_57-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:11:52 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:11:52 +0100 (CET) Subject: SUSE-SU-2017:0771-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 Message-ID: <20170320231152.A496310024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0771-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.55-52_42 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-418=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-418=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_42-default-7-2.1 kgraft-patch-3_12_55-52_42-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_42-default-7-2.1 kgraft-patch-3_12_55-52_42-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:12:15 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:12:15 +0100 (CET) Subject: SUSE-SU-2017:0772-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12 Message-ID: <20170320231215.7B55710026@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0772-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_60 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-423=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-423=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_60-default-3-2.1 kgraft-patch-3_12_60-52_60-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_60-default-3-2.1 kgraft-patch-3_12_60-52_60-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:12:59 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:12:59 +0100 (CET) Subject: SUSE-SU-2017:0773-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 Message-ID: <20170320231259.6ACC01002A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0773-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-430=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_18-default-5-2.1 kgraft-patch-3_12_67-60_64_18-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 From sle-security-updates at lists.suse.com Mon Mar 20 17:13:25 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:13:25 +0100 (CET) Subject: SUSE-SU-2017:0774-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 Message-ID: <20170320231325.3393910024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0774-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-425=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-8-2.1 kgraft-patch-3_12_57-60_35-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 17:13:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 00:13:40 +0100 (CET) Subject: SUSE-SU-2017:0775-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 Message-ID: <20170320231340.05A3C10024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0775-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-427=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-8-2.1 kgraft-patch-3_12_59-60_45-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 20:07:42 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 03:07:42 +0100 (CET) Subject: SUSE-SU-2017:0776-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 Message-ID: <20170321020742.2A1BD1002A@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0776-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-436=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_24-default-3-2.1 kgraft-patch-3_12_67-60_64_24-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 From sle-security-updates at lists.suse.com Mon Mar 20 20:08:15 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 03:08:15 +0100 (CET) Subject: SUSE-SU-2017:0777-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 Message-ID: <20170321020815.C487310024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0777-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-81 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-435=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 From sle-security-updates at lists.suse.com Mon Mar 20 20:08:49 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 03:08:49 +0100 (CET) Subject: SUSE-SU-2017:0778-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 Message-ID: <20170321020849.7C58410024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0778-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-84 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-434=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-84-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 From sle-security-updates at lists.suse.com Mon Mar 20 20:09:24 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 03:09:24 +0100 (CET) Subject: SUSE-SU-2017:0779-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 Message-ID: <20170321020924.4E66610026@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0779-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.38-93 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-438=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 From sle-security-updates at lists.suse.com Mon Mar 20 20:09:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 03:09:54 +0100 (CET) Subject: SUSE-SU-2017:0780-1: important: Security update for Linux Kernel Live Patch 19 for SLE 12 Message-ID: <20170321020954.01E8710024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0780-1 Rating: important References: #1025013 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_66 fixes one issue. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-437=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-437=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_66-default-2-2.1 kgraft-patch-3_12_61-52_66-xen-2-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_66-default-2-2.1 kgraft-patch-3_12_61-52_66-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 From sle-security-updates at lists.suse.com Mon Mar 20 20:10:17 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 03:10:17 +0100 (CET) Subject: SUSE-SU-2017:0781-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 Message-ID: <20170321021017.2028110024@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0781-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-433=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 From sle-security-updates at lists.suse.com Tue Mar 21 14:07:24 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Mar 2017 21:07:24 +0100 (CET) Subject: SUSE-SU-2017:0786-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 Message-ID: <20170321200724.F188B101F2@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0786-1 Rating: important References: #1025013 #1025254 Cross-References: CVE-2017-5970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.69-60_64_29 fixes several issues. The following security bug was fixed: - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1025013). The following non-security bug was fixed: - Fix for a "Data miscompare on a read" which was observed during the rebuilding of degraded MDRAID VDs. (bsc#1025254) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-443=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_29-default-2-2.1 kgraft-patch-3_12_69-60_64_29-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-5970.html https://bugzilla.suse.com/1025013 https://bugzilla.suse.com/1025254 From sle-security-updates at lists.suse.com Wed Mar 22 14:07:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Mar 2017 21:07:58 +0100 (CET) Subject: SUSE-SU-2017:0797-1: moderate: Security update for apache2 Message-ID: <20170322200758.352B71000A@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0797-1 Rating: moderate References: #1016712 #1016714 #1016715 #1019380 Cross-References: CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for apache2 fixes the following security issues: Security issues fixed: - CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks (bsc#1016712). - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive "HttpProtocolOptions Strict" to avoid proxy chain misinterpretation (bsc#1016715). Bugfixes: - Add missing copy of hcuri and hcexpr from the worker to the health check worker (bsc#1019380). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-450=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-450=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-450=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-21.1 apache2-debugsource-2.4.23-21.1 apache2-devel-2.4.23-21.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): apache2-2.4.23-21.1 apache2-debuginfo-2.4.23-21.1 apache2-debugsource-2.4.23-21.1 apache2-example-pages-2.4.23-21.1 apache2-prefork-2.4.23-21.1 apache2-prefork-debuginfo-2.4.23-21.1 apache2-utils-2.4.23-21.1 apache2-utils-debuginfo-2.4.23-21.1 apache2-worker-2.4.23-21.1 apache2-worker-debuginfo-2.4.23-21.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): apache2-doc-2.4.23-21.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): apache2-2.4.23-21.1 apache2-debuginfo-2.4.23-21.1 apache2-debugsource-2.4.23-21.1 apache2-example-pages-2.4.23-21.1 apache2-prefork-2.4.23-21.1 apache2-prefork-debuginfo-2.4.23-21.1 apache2-utils-2.4.23-21.1 apache2-utils-debuginfo-2.4.23-21.1 apache2-worker-2.4.23-21.1 apache2-worker-debuginfo-2.4.23-21.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): apache2-doc-2.4.23-21.1 References: https://www.suse.com/security/cve/CVE-2016-0736.html https://www.suse.com/security/cve/CVE-2016-2161.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/1016712 https://bugzilla.suse.com/1016714 https://bugzilla.suse.com/1016715 https://bugzilla.suse.com/1019380 From sle-security-updates at lists.suse.com Wed Mar 22 14:08:59 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Mar 2017 21:08:59 +0100 (CET) Subject: SUSE-SU-2017:0798-1: moderate: Security update for virglrenderer Message-ID: <20170322200859.029AF1000A@maintenance.suse.de> SUSE Security Update: Security update for virglrenderer ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0798-1 Rating: moderate References: #1021616 #1021627 #1024232 #1024244 #1024992 #1024993 #1025505 #1025507 #1026723 #1026725 #1026922 #1027108 #1027376 Cross-References: CVE-2016-10163 CVE-2016-10214 CVE-2017-5580 CVE-2017-5937 CVE-2017-5956 CVE-2017-5957 CVE-2017-5993 CVE-2017-5994 CVE-2017-6209 CVE-2017-6210 CVE-2017-6317 CVE-2017-6355 CVE-2017-6386 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for virglrenderer fixes the following issues: Security issues fixed: - CVE-2017-6386: memory leakage while in vrend_create_vertex_elements_state (bsc#1027376) - CVE-2017-6355: integer overflow while creating shader object (bsc#1027108) - CVE-2017-6317: fix memory leak in add shader program (bsc#1026922) - CVE-2017-6210: null pointer dereference in vrend_decode_reset (bsc#1026725) - CVE-2017-6209: stack buffer oveflow in parse_identifier (bsc#1026723) - CVE-2017-5994: out-of-bounds access in vrend_create_vertex_elements_state (bsc#1025507) - CVE-2017-5993: host memory leakage when initialising blitter context (bsc#1025505) - CVE-2017-5957: stack overflow in vrend_decode_set_framebuffer_state (bsc#1024993) - CVE-2017-5956: OOB access while in vrend_draw_vbo (bsc#1024992) - CVE-2017-5937: null pointer dereference in vrend_clear (bsc#1024232) - CVE-2017-5580: OOB access while parsing texture instruction (bsc#1021627) - CVE-2016-10214: host memory leak issue in virgl_resource_attach_backing (bsc#1024244) - CVE-2016-10163: host memory leakage when creating decode context (bsc#1021616) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-452=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-452=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-452=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-452=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): virglrenderer-debugsource-0.5.0-11.1 virglrenderer-devel-0.5.0-11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvirglrenderer0-0.5.0-11.1 libvirglrenderer0-debuginfo-0.5.0-11.1 virglrenderer-debugsource-0.5.0-11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libvirglrenderer0-0.5.0-11.1 libvirglrenderer0-debuginfo-0.5.0-11.1 virglrenderer-debugsource-0.5.0-11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvirglrenderer0-0.5.0-11.1 libvirglrenderer0-debuginfo-0.5.0-11.1 virglrenderer-debugsource-0.5.0-11.1 References: https://www.suse.com/security/cve/CVE-2016-10163.html https://www.suse.com/security/cve/CVE-2016-10214.html https://www.suse.com/security/cve/CVE-2017-5580.html https://www.suse.com/security/cve/CVE-2017-5937.html https://www.suse.com/security/cve/CVE-2017-5956.html https://www.suse.com/security/cve/CVE-2017-5957.html https://www.suse.com/security/cve/CVE-2017-5993.html https://www.suse.com/security/cve/CVE-2017-5994.html https://www.suse.com/security/cve/CVE-2017-6209.html https://www.suse.com/security/cve/CVE-2017-6210.html https://www.suse.com/security/cve/CVE-2017-6317.html https://www.suse.com/security/cve/CVE-2017-6355.html https://www.suse.com/security/cve/CVE-2017-6386.html https://bugzilla.suse.com/1021616 https://bugzilla.suse.com/1021627 https://bugzilla.suse.com/1024232 https://bugzilla.suse.com/1024244 https://bugzilla.suse.com/1024992 https://bugzilla.suse.com/1024993 https://bugzilla.suse.com/1025505 https://bugzilla.suse.com/1025507 https://bugzilla.suse.com/1026723 https://bugzilla.suse.com/1026725 https://bugzilla.suse.com/1026922 https://bugzilla.suse.com/1027108 https://bugzilla.suse.com/1027376 From sle-security-updates at lists.suse.com Wed Mar 22 14:11:20 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Mar 2017 21:11:20 +0100 (CET) Subject: SUSE-SU-2017:0799-1: moderate: Security update for wget Message-ID: <20170322201120.4CD601000A@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0799-1 Rating: moderate References: #1028301 Cross-References: CVE-2017-6508 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wget-13035=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-wget-13035=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wget-13035=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wget-1.11.4-1.40.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): wget-openssl1-1.11.4-1.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wget-debuginfo-1.11.4-1.40.1 wget-debugsource-1.11.4-1.40.1 References: https://www.suse.com/security/cve/CVE-2017-6508.html https://bugzilla.suse.com/1028301 From sle-security-updates at lists.suse.com Wed Mar 22 14:11:45 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Mar 2017 21:11:45 +0100 (CET) Subject: SUSE-SU-2017:0800-1: moderate: Security update for wget Message-ID: <20170322201145.340ABFEDD@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0800-1 Rating: moderate References: #1028301 Cross-References: CVE-2017-6508 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-451=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-451=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-451=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-451=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-451=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): wget-1.14-20.1 wget-debuginfo-1.14-20.1 wget-debugsource-1.14-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): wget-1.14-20.1 wget-debuginfo-1.14-20.1 wget-debugsource-1.14-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): wget-1.14-20.1 wget-debuginfo-1.14-20.1 wget-debugsource-1.14-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): wget-1.14-20.1 wget-debuginfo-1.14-20.1 wget-debugsource-1.14-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): wget-1.14-20.1 wget-debuginfo-1.14-20.1 wget-debugsource-1.14-20.1 References: https://www.suse.com/security/cve/CVE-2017-6508.html https://bugzilla.suse.com/1028301 From sle-security-updates at lists.suse.com Wed Mar 22 14:12:08 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Mar 2017 21:12:08 +0100 (CET) Subject: SUSE-SU-2017:0801-1: moderate: Security update for apache2 Message-ID: <20170322201208.0A27BFEDD@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0801-1 Rating: moderate References: #1016712 #1016714 #1016715 #980663 Cross-References: CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for apache2 provides the following fixes: Security issues fixed: - CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks (bsc#1016712). - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive "HttpProtocolOptions Strict" to avoid proxy chain misinterpretation (bsc#1016715). Bugfixes: - Add NotifyAccess=all to systemd service files to prevent warnings in the log when using mod_systemd (bsc#980663). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-449=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-449=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): apache2-debuginfo-2.4.16-19.1 apache2-debugsource-2.4.16-19.1 apache2-devel-2.4.16-19.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): apache2-2.4.16-19.1 apache2-debuginfo-2.4.16-19.1 apache2-debugsource-2.4.16-19.1 apache2-example-pages-2.4.16-19.1 apache2-prefork-2.4.16-19.1 apache2-prefork-debuginfo-2.4.16-19.1 apache2-utils-2.4.16-19.1 apache2-utils-debuginfo-2.4.16-19.1 apache2-worker-2.4.16-19.1 apache2-worker-debuginfo-2.4.16-19.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): apache2-doc-2.4.16-19.1 References: https://www.suse.com/security/cve/CVE-2016-0736.html https://www.suse.com/security/cve/CVE-2016-2161.html https://www.suse.com/security/cve/CVE-2016-8743.html https://bugzilla.suse.com/1016712 https://bugzilla.suse.com/1016714 https://bugzilla.suse.com/1016715 https://bugzilla.suse.com/980663 From sle-security-updates at lists.suse.com Tue Mar 28 13:08:43 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Mar 2017 21:08:43 +0200 (CEST) Subject: SUSE-SU-2017:0839-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20170328190843.AB5A6FFC0@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0839-1 Rating: moderate References: #1025506 #1027038 Cross-References: CVE-2016-2183 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. (bsc#1027038) Bugfixes: - Require the main pkg in post phase of devel (bsc#1025506) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-468=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-468=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-468=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-468=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.1-26.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr4.1-26.2 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr4.1-26.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.1-26.2 java-1_8_0-ibm-plugin-1.8.0_sr4.1-26.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr4.1-26.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr4.1-26.2 java-1_8_0-ibm-plugin-1.8.0_sr4.1-26.2 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://bugzilla.suse.com/1025506 https://bugzilla.suse.com/1027038 From sle-security-updates at lists.suse.com Tue Mar 28 13:09:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Mar 2017 21:09:40 +0200 (CEST) Subject: SUSE-SU-2017:0841-1: important: Security update for samba Message-ID: <20170328190940.E5C05FFC0@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0841-1 Rating: important References: #1027147 Cross-References: CVE-2017-2619 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-samba-13037=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-samba-13037=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-13037=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-87.1 libnetapi-devel-3.6.3-87.1 libnetapi0-3.6.3-87.1 libsmbclient-devel-3.6.3-87.1 libsmbsharemodes-devel-3.6.3-87.1 libsmbsharemodes0-3.6.3-87.1 libtalloc-devel-3.6.3-87.1 libtdb-devel-3.6.3-87.1 libtevent-devel-3.6.3-87.1 libwbclient-devel-3.6.3-87.1 samba-devel-3.6.3-87.1 samba-test-3.6.3-87.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-87.1 libldb1-3.6.3-87.1 libsmbclient0-3.6.3-87.1 libtalloc2-3.6.3-87.1 libtdb1-3.6.3-87.1 libtevent0-3.6.3-87.1 libwbclient0-3.6.3-87.1 samba-3.6.3-87.1 samba-client-3.6.3-87.1 samba-krb-printing-3.6.3-87.1 samba-winbind-3.6.3-87.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-87.1 libtalloc2-32bit-3.6.3-87.1 libtdb1-32bit-3.6.3-87.1 libtevent0-32bit-3.6.3-87.1 libwbclient0-32bit-3.6.3-87.1 samba-32bit-3.6.3-87.1 samba-client-32bit-3.6.3-87.1 samba-winbind-32bit-3.6.3-87.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): samba-doc-3.6.3-87.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsmbclient0-x86-3.6.3-87.1 libtalloc2-x86-3.6.3-87.1 libtdb1-x86-3.6.3-87.1 libtevent0-x86-3.6.3-87.1 libwbclient0-x86-3.6.3-87.1 samba-client-x86-3.6.3-87.1 samba-winbind-x86-3.6.3-87.1 samba-x86-3.6.3-87.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-87.1 samba-debugsource-3.6.3-87.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-87.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): samba-debuginfo-x86-3.6.3-87.1 References: https://www.suse.com/security/cve/CVE-2017-2619.html https://bugzilla.suse.com/1027147 From sle-security-updates at lists.suse.com Wed Mar 29 10:10:54 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Mar 2017 18:10:54 +0200 (CEST) Subject: SUSE-SU-2017:0848-1: moderate: Security update for python-oslo.middleware Message-ID: <20170329161054.A7CE4FFD4@maintenance.suse.de> SUSE Security Update: Security update for python-oslo.middleware ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0848-1 Rating: moderate References: #1022043 Cross-References: CVE-2017-2592 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-oslo.middleware fixes the following issues: Security issue fixed: - CVE-2017-2592: Using the CatchError class may include sensitive values in the error message accompanying a Traceback, resulting in their disclosure (bsc#1022043). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-477=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): python-oslo.middleware-2.8.0-3.1 References: https://www.suse.com/security/cve/CVE-2017-2592.html https://bugzilla.suse.com/1022043 From sle-security-updates at lists.suse.com Wed Mar 29 10:12:51 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Mar 2017 18:12:51 +0200 (CEST) Subject: SUSE-SU-2017:0853-1: moderate: Security update for libpng16 Message-ID: <20170329161251.1376DFFD5@maintenance.suse.de> SUSE Security Update: Security update for libpng16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0853-1 Rating: moderate References: #1017646 Cross-References: CVE-2016-10087 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-478=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-478=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-478=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-478=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-478=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-478=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-478=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpng16-compat-devel-1.6.8-14.1 libpng16-debugsource-1.6.8-14.1 libpng16-devel-1.6.8-14.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpng16-compat-devel-1.6.8-14.1 libpng16-debugsource-1.6.8-14.1 libpng16-devel-1.6.8-14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpng16-16-1.6.8-14.1 libpng16-16-debuginfo-1.6.8-14.1 libpng16-debugsource-1.6.8-14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpng16-16-1.6.8-14.1 libpng16-16-debuginfo-1.6.8-14.1 libpng16-debugsource-1.6.8-14.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpng16-16-32bit-1.6.8-14.1 libpng16-16-debuginfo-32bit-1.6.8-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpng16-16-1.6.8-14.1 libpng16-16-debuginfo-1.6.8-14.1 libpng16-debugsource-1.6.8-14.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpng16-16-32bit-1.6.8-14.1 libpng16-16-debuginfo-32bit-1.6.8-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpng16-16-1.6.8-14.1 libpng16-16-32bit-1.6.8-14.1 libpng16-16-debuginfo-1.6.8-14.1 libpng16-16-debuginfo-32bit-1.6.8-14.1 libpng16-debugsource-1.6.8-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpng16-16-1.6.8-14.1 libpng16-16-32bit-1.6.8-14.1 libpng16-16-debuginfo-1.6.8-14.1 libpng16-16-debuginfo-32bit-1.6.8-14.1 libpng16-debugsource-1.6.8-14.1 References: https://www.suse.com/security/cve/CVE-2016-10087.html https://bugzilla.suse.com/1017646 From sle-security-updates at lists.suse.com Wed Mar 29 10:13:34 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Mar 2017 18:13:34 +0200 (CEST) Subject: SUSE-SU-2017:0855-1: moderate: Security update for nodejs4 Message-ID: <20170329161334.C2997FFD6@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0855-1 Rating: moderate References: #1000036 #1009528 #1022085 #1022086 Cross-References: CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for nodejs4 fixes the following issues: - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528) - No changes in LTS version 4.7.2 - New upstream LTS release 4.7.1 * build: shared library support is now working for AIX builds * repl: passing options to the repl will no longer overwrite defaults * timers: recanceling a cancelled timers will no longer throw - New upstream LTS version 4.7.0 * build: introduce the configure --shared option for embedders * debugger: make listen address configurable in debugger server * dgram: generalized send queue to handle close, fixing a potential throw when dgram socket is closed in the listening event handler * http: introduce the 451 status code "Unavailable For Legal Reasons" * gtest: the test reporter now outputs tap comments as yamlish * tls: introduce secureContext for tls.connect (useful for caching client certificates, key, and CA certificates) * tls: fix memory leak when writing data to TLSWrap instance during handshake * src: node no longer aborts when c-ares initialization fails * ported and updated system CA store for the new node crypto code - New upstream LTS version 4.6.2 * build: + It is now possible to build the documentation from the release tarball. * buffer: + Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed. * deps: + Upgrade npm in LTS to 2.15.11. * repl: + Enable tab completion for global properties. * url: + url.format() will now encode all "#" in search. - Add missing conflicts to base package. It's not possible to have concurrent nodejs installations. - enable usage of system certificate store on SLE11SP4 by requiring openssl1 (bsc#1000036) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-476=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-476=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le x86_64): nodejs4-4.7.3-14.1 nodejs4-debuginfo-4.7.3-14.1 nodejs4-debugsource-4.7.3-14.1 nodejs4-devel-4.7.3-14.1 npm4-4.7.3-14.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.7.3-14.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs4-4.7.3-14.1 nodejs4-debuginfo-4.7.3-14.1 nodejs4-debugsource-4.7.3-14.1 References: https://www.suse.com/security/cve/CVE-2016-7055.html https://www.suse.com/security/cve/CVE-2017-3731.html https://www.suse.com/security/cve/CVE-2017-3732.html https://bugzilla.suse.com/1000036 https://bugzilla.suse.com/1009528 https://bugzilla.suse.com/1022085 https://bugzilla.suse.com/1022086 From sle-security-updates at lists.suse.com Wed Mar 29 13:08:40 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Mar 2017 21:08:40 +0200 (CEST) Subject: SUSE-SU-2017:0858-1: important: Security update for samba Message-ID: <20170329190840.F0046FFD6@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0858-1 Rating: important References: #1012092 #1019416 #1023847 #1024416 #1027147 #993692 #993707 Cross-References: CVE-2017-2619 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes: - Force usage of ncurses6-config thru NCURSES_CONFIG env var (bsc#1023847). - Add missing ldb module directory (bsc#1012092). - Don't package man pages for VFS modules that aren't built (bsc#993707). - sync_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416). - Document "winbind: ignore domains" parameter; (bsc#1019416). - Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-479=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-479=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-479=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-479=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-479=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsmbclient-devel-4.4.2-36.2 libwbclient-devel-4.4.2-36.2 samba-debuginfo-4.4.2-36.2 samba-debugsource-4.4.2-36.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-binding0-4.4.2-36.2 libdcerpc-binding0-debuginfo-4.4.2-36.2 libdcerpc0-4.4.2-36.2 libdcerpc0-debuginfo-4.4.2-36.2 libndr-krb5pac0-4.4.2-36.2 libndr-krb5pac0-debuginfo-4.4.2-36.2 libndr-nbt0-4.4.2-36.2 libndr-nbt0-debuginfo-4.4.2-36.2 libndr-standard0-4.4.2-36.2 libndr-standard0-debuginfo-4.4.2-36.2 libndr0-4.4.2-36.2 libndr0-debuginfo-4.4.2-36.2 libnetapi0-4.4.2-36.2 libnetapi0-debuginfo-4.4.2-36.2 libsamba-credentials0-4.4.2-36.2 libsamba-credentials0-debuginfo-4.4.2-36.2 libsamba-errors0-4.4.2-36.2 libsamba-errors0-debuginfo-4.4.2-36.2 libsamba-hostconfig0-4.4.2-36.2 libsamba-hostconfig0-debuginfo-4.4.2-36.2 libsamba-passdb0-4.4.2-36.2 libsamba-passdb0-debuginfo-4.4.2-36.2 libsamba-util0-4.4.2-36.2 libsamba-util0-debuginfo-4.4.2-36.2 libsamdb0-4.4.2-36.2 libsamdb0-debuginfo-4.4.2-36.2 libsmbclient0-4.4.2-36.2 libsmbclient0-debuginfo-4.4.2-36.2 libsmbconf0-4.4.2-36.2 libsmbconf0-debuginfo-4.4.2-36.2 libsmbldap0-4.4.2-36.2 libsmbldap0-debuginfo-4.4.2-36.2 libtevent-util0-4.4.2-36.2 libtevent-util0-debuginfo-4.4.2-36.2 libwbclient0-4.4.2-36.2 libwbclient0-debuginfo-4.4.2-36.2 samba-4.4.2-36.2 samba-client-4.4.2-36.2 samba-client-debuginfo-4.4.2-36.2 samba-debuginfo-4.4.2-36.2 samba-debugsource-4.4.2-36.2 samba-libs-4.4.2-36.2 samba-libs-debuginfo-4.4.2-36.2 samba-winbind-4.4.2-36.2 samba-winbind-debuginfo-4.4.2-36.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): samba-doc-4.4.2-36.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libdcerpc-binding0-4.4.2-36.2 libdcerpc-binding0-debuginfo-4.4.2-36.2 libdcerpc0-4.4.2-36.2 libdcerpc0-debuginfo-4.4.2-36.2 libndr-krb5pac0-4.4.2-36.2 libndr-krb5pac0-debuginfo-4.4.2-36.2 libndr-nbt0-4.4.2-36.2 libndr-nbt0-debuginfo-4.4.2-36.2 libndr-standard0-4.4.2-36.2 libndr-standard0-debuginfo-4.4.2-36.2 libndr0-4.4.2-36.2 libndr0-debuginfo-4.4.2-36.2 libnetapi0-4.4.2-36.2 libnetapi0-debuginfo-4.4.2-36.2 libsamba-credentials0-4.4.2-36.2 libsamba-credentials0-debuginfo-4.4.2-36.2 libsamba-errors0-4.4.2-36.2 libsamba-errors0-debuginfo-4.4.2-36.2 libsamba-hostconfig0-4.4.2-36.2 libsamba-hostconfig0-debuginfo-4.4.2-36.2 libsamba-passdb0-4.4.2-36.2 libsamba-passdb0-debuginfo-4.4.2-36.2 libsamba-util0-4.4.2-36.2 libsamba-util0-debuginfo-4.4.2-36.2 libsamdb0-4.4.2-36.2 libsamdb0-debuginfo-4.4.2-36.2 libsmbclient0-4.4.2-36.2 libsmbclient0-debuginfo-4.4.2-36.2 libsmbconf0-4.4.2-36.2 libsmbconf0-debuginfo-4.4.2-36.2 libsmbldap0-4.4.2-36.2 libsmbldap0-debuginfo-4.4.2-36.2 libtevent-util0-4.4.2-36.2 libtevent-util0-debuginfo-4.4.2-36.2 libwbclient0-4.4.2-36.2 libwbclient0-debuginfo-4.4.2-36.2 samba-4.4.2-36.2 samba-client-4.4.2-36.2 samba-client-debuginfo-4.4.2-36.2 samba-debuginfo-4.4.2-36.2 samba-debugsource-4.4.2-36.2 samba-libs-4.4.2-36.2 samba-libs-debuginfo-4.4.2-36.2 samba-winbind-4.4.2-36.2 samba-winbind-debuginfo-4.4.2-36.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-36.2 libdcerpc-binding0-debuginfo-32bit-4.4.2-36.2 libdcerpc0-32bit-4.4.2-36.2 libdcerpc0-debuginfo-32bit-4.4.2-36.2 libndr-krb5pac0-32bit-4.4.2-36.2 libndr-krb5pac0-debuginfo-32bit-4.4.2-36.2 libndr-nbt0-32bit-4.4.2-36.2 libndr-nbt0-debuginfo-32bit-4.4.2-36.2 libndr-standard0-32bit-4.4.2-36.2 libndr-standard0-debuginfo-32bit-4.4.2-36.2 libndr0-32bit-4.4.2-36.2 libndr0-debuginfo-32bit-4.4.2-36.2 libnetapi0-32bit-4.4.2-36.2 libnetapi0-debuginfo-32bit-4.4.2-36.2 libsamba-credentials0-32bit-4.4.2-36.2 libsamba-credentials0-debuginfo-32bit-4.4.2-36.2 libsamba-errors0-32bit-4.4.2-36.2 libsamba-errors0-debuginfo-32bit-4.4.2-36.2 libsamba-hostconfig0-32bit-4.4.2-36.2 libsamba-hostconfig0-debuginfo-32bit-4.4.2-36.2 libsamba-passdb0-32bit-4.4.2-36.2 libsamba-passdb0-debuginfo-32bit-4.4.2-36.2 libsamba-util0-32bit-4.4.2-36.2 libsamba-util0-debuginfo-32bit-4.4.2-36.2 libsamdb0-32bit-4.4.2-36.2 libsamdb0-debuginfo-32bit-4.4.2-36.2 libsmbclient0-32bit-4.4.2-36.2 libsmbclient0-debuginfo-32bit-4.4.2-36.2 libsmbconf0-32bit-4.4.2-36.2 libsmbconf0-debuginfo-32bit-4.4.2-36.2 libsmbldap0-32bit-4.4.2-36.2 libsmbldap0-debuginfo-32bit-4.4.2-36.2 libtevent-util0-32bit-4.4.2-36.2 libtevent-util0-debuginfo-32bit-4.4.2-36.2 libwbclient0-32bit-4.4.2-36.2 libwbclient0-debuginfo-32bit-4.4.2-36.2 samba-client-32bit-4.4.2-36.2 samba-client-debuginfo-32bit-4.4.2-36.2 samba-libs-32bit-4.4.2-36.2 samba-libs-debuginfo-32bit-4.4.2-36.2 samba-winbind-32bit-4.4.2-36.2 samba-winbind-debuginfo-32bit-4.4.2-36.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): samba-doc-4.4.2-36.2 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-36.2 ctdb-debuginfo-4.4.2-36.2 samba-debuginfo-4.4.2-36.2 samba-debugsource-4.4.2-36.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-36.2 libdcerpc-binding0-4.4.2-36.2 libdcerpc-binding0-debuginfo-32bit-4.4.2-36.2 libdcerpc-binding0-debuginfo-4.4.2-36.2 libdcerpc0-32bit-4.4.2-36.2 libdcerpc0-4.4.2-36.2 libdcerpc0-debuginfo-32bit-4.4.2-36.2 libdcerpc0-debuginfo-4.4.2-36.2 libndr-krb5pac0-32bit-4.4.2-36.2 libndr-krb5pac0-4.4.2-36.2 libndr-krb5pac0-debuginfo-32bit-4.4.2-36.2 libndr-krb5pac0-debuginfo-4.4.2-36.2 libndr-nbt0-32bit-4.4.2-36.2 libndr-nbt0-4.4.2-36.2 libndr-nbt0-debuginfo-32bit-4.4.2-36.2 libndr-nbt0-debuginfo-4.4.2-36.2 libndr-standard0-32bit-4.4.2-36.2 libndr-standard0-4.4.2-36.2 libndr-standard0-debuginfo-32bit-4.4.2-36.2 libndr-standard0-debuginfo-4.4.2-36.2 libndr0-32bit-4.4.2-36.2 libndr0-4.4.2-36.2 libndr0-debuginfo-32bit-4.4.2-36.2 libndr0-debuginfo-4.4.2-36.2 libnetapi0-32bit-4.4.2-36.2 libnetapi0-4.4.2-36.2 libnetapi0-debuginfo-32bit-4.4.2-36.2 libnetapi0-debuginfo-4.4.2-36.2 libsamba-credentials0-32bit-4.4.2-36.2 libsamba-credentials0-4.4.2-36.2 libsamba-credentials0-debuginfo-32bit-4.4.2-36.2 libsamba-credentials0-debuginfo-4.4.2-36.2 libsamba-errors0-32bit-4.4.2-36.2 libsamba-errors0-4.4.2-36.2 libsamba-errors0-debuginfo-32bit-4.4.2-36.2 libsamba-errors0-debuginfo-4.4.2-36.2 libsamba-hostconfig0-32bit-4.4.2-36.2 libsamba-hostconfig0-4.4.2-36.2 libsamba-hostconfig0-debuginfo-32bit-4.4.2-36.2 libsamba-hostconfig0-debuginfo-4.4.2-36.2 libsamba-passdb0-32bit-4.4.2-36.2 libsamba-passdb0-4.4.2-36.2 libsamba-passdb0-debuginfo-32bit-4.4.2-36.2 libsamba-passdb0-debuginfo-4.4.2-36.2 libsamba-util0-32bit-4.4.2-36.2 libsamba-util0-4.4.2-36.2 libsamba-util0-debuginfo-32bit-4.4.2-36.2 libsamba-util0-debuginfo-4.4.2-36.2 libsamdb0-32bit-4.4.2-36.2 libsamdb0-4.4.2-36.2 libsamdb0-debuginfo-32bit-4.4.2-36.2 libsamdb0-debuginfo-4.4.2-36.2 libsmbclient0-32bit-4.4.2-36.2 libsmbclient0-4.4.2-36.2 libsmbclient0-debuginfo-32bit-4.4.2-36.2 libsmbclient0-debuginfo-4.4.2-36.2 libsmbconf0-32bit-4.4.2-36.2 libsmbconf0-4.4.2-36.2 libsmbconf0-debuginfo-32bit-4.4.2-36.2 libsmbconf0-debuginfo-4.4.2-36.2 libsmbldap0-32bit-4.4.2-36.2 libsmbldap0-4.4.2-36.2 libsmbldap0-debuginfo-32bit-4.4.2-36.2 libsmbldap0-debuginfo-4.4.2-36.2 libtevent-util0-32bit-4.4.2-36.2 libtevent-util0-4.4.2-36.2 libtevent-util0-debuginfo-32bit-4.4.2-36.2 libtevent-util0-debuginfo-4.4.2-36.2 libwbclient0-32bit-4.4.2-36.2 libwbclient0-4.4.2-36.2 libwbclient0-debuginfo-32bit-4.4.2-36.2 libwbclient0-debuginfo-4.4.2-36.2 samba-4.4.2-36.2 samba-client-32bit-4.4.2-36.2 samba-client-4.4.2-36.2 samba-client-debuginfo-32bit-4.4.2-36.2 samba-client-debuginfo-4.4.2-36.2 samba-debuginfo-4.4.2-36.2 samba-debugsource-4.4.2-36.2 samba-libs-32bit-4.4.2-36.2 samba-libs-4.4.2-36.2 samba-libs-debuginfo-32bit-4.4.2-36.2 samba-libs-debuginfo-4.4.2-36.2 samba-winbind-32bit-4.4.2-36.2 samba-winbind-4.4.2-36.2 samba-winbind-debuginfo-32bit-4.4.2-36.2 samba-winbind-debuginfo-4.4.2-36.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): samba-doc-4.4.2-36.2 References: https://www.suse.com/security/cve/CVE-2017-2619.html https://bugzilla.suse.com/1012092 https://bugzilla.suse.com/1019416 https://bugzilla.suse.com/1023847 https://bugzilla.suse.com/1024416 https://bugzilla.suse.com/1027147 https://bugzilla.suse.com/993692 https://bugzilla.suse.com/993707 From sle-security-updates at lists.suse.com Wed Mar 29 13:10:19 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Mar 2017 21:10:19 +0200 (CEST) Subject: SUSE-SU-2017:0859-1: important: Security update for samba Message-ID: <20170329191019.622E5FFCF@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0859-1 Rating: important References: #1019416 #1024416 #1027147 #993692 #993707 Cross-References: CVE-2017-2619 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes: - Don't package man pages for VFS modules that aren't built (bsc#993707). - sync_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416). - Document "winbind: ignore domains" parameter; (bsc#1019416). - Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-480=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-480=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-480=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-480=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-480=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-480=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-480=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-480=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): samba-test-devel-4.2.4-28.8.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ctdb-debuginfo-4.2.4-28.8.2 ctdb-devel-4.2.4-28.8.2 libdcerpc-atsvc-devel-4.2.4-28.8.2 libdcerpc-atsvc0-4.2.4-28.8.2 libdcerpc-atsvc0-debuginfo-4.2.4-28.8.2 libdcerpc-devel-4.2.4-28.8.2 libdcerpc-samr-devel-4.2.4-28.8.2 libdcerpc-samr0-4.2.4-28.8.2 libdcerpc-samr0-debuginfo-4.2.4-28.8.2 libgensec-devel-4.2.4-28.8.2 libndr-devel-4.2.4-28.8.2 libndr-krb5pac-devel-4.2.4-28.8.2 libndr-nbt-devel-4.2.4-28.8.2 libndr-standard-devel-4.2.4-28.8.2 libnetapi-devel-4.2.4-28.8.2 libregistry-devel-4.2.4-28.8.2 libsamba-credentials-devel-4.2.4-28.8.2 libsamba-hostconfig-devel-4.2.4-28.8.2 libsamba-passdb-devel-4.2.4-28.8.2 libsamba-policy-devel-4.2.4-28.8.2 libsamba-policy0-4.2.4-28.8.2 libsamba-policy0-debuginfo-4.2.4-28.8.2 libsamba-util-devel-4.2.4-28.8.2 libsamdb-devel-4.2.4-28.8.2 libsmbclient-devel-4.2.4-28.8.2 libsmbclient-raw-devel-4.2.4-28.8.2 libsmbconf-devel-4.2.4-28.8.2 libsmbldap-devel-4.2.4-28.8.2 libtevent-util-devel-4.2.4-28.8.2 libwbclient-devel-4.2.4-28.8.2 samba-core-devel-4.2.4-28.8.2 samba-debuginfo-4.2.4-28.8.2 samba-debugsource-4.2.4-28.8.2 samba-test-devel-4.2.4-28.8.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-atsvc0-4.2.4-28.8.2 libdcerpc-atsvc0-debuginfo-4.2.4-28.8.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libdcerpc-atsvc0-4.2.4-28.8.2 libdcerpc-atsvc0-debuginfo-4.2.4-28.8.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-28.8.2 libdcerpc-binding0-debuginfo-4.2.4-28.8.2 libdcerpc0-4.2.4-28.8.2 libdcerpc0-debuginfo-4.2.4-28.8.2 libgensec0-4.2.4-28.8.2 libgensec0-debuginfo-4.2.4-28.8.2 libndr-krb5pac0-4.2.4-28.8.2 libndr-krb5pac0-debuginfo-4.2.4-28.8.2 libndr-nbt0-4.2.4-28.8.2 libndr-nbt0-debuginfo-4.2.4-28.8.2 libndr-standard0-4.2.4-28.8.2 libndr-standard0-debuginfo-4.2.4-28.8.2 libndr0-4.2.4-28.8.2 libndr0-debuginfo-4.2.4-28.8.2 libnetapi0-4.2.4-28.8.2 libnetapi0-debuginfo-4.2.4-28.8.2 libregistry0-4.2.4-28.8.2 libregistry0-debuginfo-4.2.4-28.8.2 libsamba-credentials0-4.2.4-28.8.2 libsamba-credentials0-debuginfo-4.2.4-28.8.2 libsamba-hostconfig0-4.2.4-28.8.2 libsamba-hostconfig0-debuginfo-4.2.4-28.8.2 libsamba-passdb0-4.2.4-28.8.2 libsamba-passdb0-debuginfo-4.2.4-28.8.2 libsamba-util0-4.2.4-28.8.2 libsamba-util0-debuginfo-4.2.4-28.8.2 libsamdb0-4.2.4-28.8.2 libsamdb0-debuginfo-4.2.4-28.8.2 libsmbclient-raw0-4.2.4-28.8.2 libsmbclient-raw0-debuginfo-4.2.4-28.8.2 libsmbclient0-4.2.4-28.8.2 libsmbclient0-debuginfo-4.2.4-28.8.2 libsmbconf0-4.2.4-28.8.2 libsmbconf0-debuginfo-4.2.4-28.8.2 libsmbldap0-4.2.4-28.8.2 libsmbldap0-debuginfo-4.2.4-28.8.2 libtevent-util0-4.2.4-28.8.2 libtevent-util0-debuginfo-4.2.4-28.8.2 libwbclient0-4.2.4-28.8.2 libwbclient0-debuginfo-4.2.4-28.8.2 samba-4.2.4-28.8.2 samba-client-4.2.4-28.8.2 samba-client-debuginfo-4.2.4-28.8.2 samba-debuginfo-4.2.4-28.8.2 samba-debugsource-4.2.4-28.8.2 samba-libs-4.2.4-28.8.2 samba-libs-debuginfo-4.2.4-28.8.2 samba-winbind-4.2.4-28.8.2 samba-winbind-debuginfo-4.2.4-28.8.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.8.2 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.8.2 libdcerpc0-32bit-4.2.4-28.8.2 libdcerpc0-debuginfo-32bit-4.2.4-28.8.2 libgensec0-32bit-4.2.4-28.8.2 libgensec0-debuginfo-32bit-4.2.4-28.8.2 libndr-krb5pac0-32bit-4.2.4-28.8.2 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.8.2 libndr-nbt0-32bit-4.2.4-28.8.2 libndr-nbt0-debuginfo-32bit-4.2.4-28.8.2 libndr-standard0-32bit-4.2.4-28.8.2 libndr-standard0-debuginfo-32bit-4.2.4-28.8.2 libndr0-32bit-4.2.4-28.8.2 libndr0-debuginfo-32bit-4.2.4-28.8.2 libnetapi0-32bit-4.2.4-28.8.2 libnetapi0-debuginfo-32bit-4.2.4-28.8.2 libsamba-credentials0-32bit-4.2.4-28.8.2 libsamba-credentials0-debuginfo-32bit-4.2.4-28.8.2 libsamba-hostconfig0-32bit-4.2.4-28.8.2 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.8.2 libsamba-passdb0-32bit-4.2.4-28.8.2 libsamba-passdb0-debuginfo-32bit-4.2.4-28.8.2 libsamba-util0-32bit-4.2.4-28.8.2 libsamba-util0-debuginfo-32bit-4.2.4-28.8.2 libsamdb0-32bit-4.2.4-28.8.2 libsamdb0-debuginfo-32bit-4.2.4-28.8.2 libsmbclient-raw0-32bit-4.2.4-28.8.2 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.8.2 libsmbclient0-32bit-4.2.4-28.8.2 libsmbclient0-debuginfo-32bit-4.2.4-28.8.2 libsmbconf0-32bit-4.2.4-28.8.2 libsmbconf0-debuginfo-32bit-4.2.4-28.8.2 libsmbldap0-32bit-4.2.4-28.8.2 libsmbldap0-debuginfo-32bit-4.2.4-28.8.2 libtevent-util0-32bit-4.2.4-28.8.2 libtevent-util0-debuginfo-32bit-4.2.4-28.8.2 libwbclient0-32bit-4.2.4-28.8.2 libwbclient0-debuginfo-32bit-4.2.4-28.8.2 samba-32bit-4.2.4-28.8.2 samba-client-32bit-4.2.4-28.8.2 samba-client-debuginfo-32bit-4.2.4-28.8.2 samba-debuginfo-32bit-4.2.4-28.8.2 samba-libs-32bit-4.2.4-28.8.2 samba-libs-debuginfo-32bit-4.2.4-28.8.2 samba-winbind-32bit-4.2.4-28.8.2 samba-winbind-debuginfo-32bit-4.2.4-28.8.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): samba-doc-4.2.4-28.8.2 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ctdb-4.2.4-28.8.2 ctdb-debuginfo-4.2.4-28.8.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-atsvc0-4.2.4-28.8.2 libdcerpc-atsvc0-debuginfo-4.2.4-28.8.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): samba-doc-4.2.4-28.8.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-28.8.2 libdcerpc-binding0-4.2.4-28.8.2 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.8.2 libdcerpc-binding0-debuginfo-4.2.4-28.8.2 libdcerpc0-32bit-4.2.4-28.8.2 libdcerpc0-4.2.4-28.8.2 libdcerpc0-debuginfo-32bit-4.2.4-28.8.2 libdcerpc0-debuginfo-4.2.4-28.8.2 libgensec0-32bit-4.2.4-28.8.2 libgensec0-4.2.4-28.8.2 libgensec0-debuginfo-32bit-4.2.4-28.8.2 libgensec0-debuginfo-4.2.4-28.8.2 libndr-krb5pac0-32bit-4.2.4-28.8.2 libndr-krb5pac0-4.2.4-28.8.2 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.8.2 libndr-krb5pac0-debuginfo-4.2.4-28.8.2 libndr-nbt0-32bit-4.2.4-28.8.2 libndr-nbt0-4.2.4-28.8.2 libndr-nbt0-debuginfo-32bit-4.2.4-28.8.2 libndr-nbt0-debuginfo-4.2.4-28.8.2 libndr-standard0-32bit-4.2.4-28.8.2 libndr-standard0-4.2.4-28.8.2 libndr-standard0-debuginfo-32bit-4.2.4-28.8.2 libndr-standard0-debuginfo-4.2.4-28.8.2 libndr0-32bit-4.2.4-28.8.2 libndr0-4.2.4-28.8.2 libndr0-debuginfo-32bit-4.2.4-28.8.2 libndr0-debuginfo-4.2.4-28.8.2 libnetapi0-32bit-4.2.4-28.8.2 libnetapi0-4.2.4-28.8.2 libnetapi0-debuginfo-32bit-4.2.4-28.8.2 libnetapi0-debuginfo-4.2.4-28.8.2 libregistry0-4.2.4-28.8.2 libregistry0-debuginfo-4.2.4-28.8.2 libsamba-credentials0-32bit-4.2.4-28.8.2 libsamba-credentials0-4.2.4-28.8.2 libsamba-credentials0-debuginfo-32bit-4.2.4-28.8.2 libsamba-credentials0-debuginfo-4.2.4-28.8.2 libsamba-hostconfig0-32bit-4.2.4-28.8.2 libsamba-hostconfig0-4.2.4-28.8.2 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.8.2 libsamba-hostconfig0-debuginfo-4.2.4-28.8.2 libsamba-passdb0-32bit-4.2.4-28.8.2 libsamba-passdb0-4.2.4-28.8.2 libsamba-passdb0-debuginfo-32bit-4.2.4-28.8.2 libsamba-passdb0-debuginfo-4.2.4-28.8.2 libsamba-util0-32bit-4.2.4-28.8.2 libsamba-util0-4.2.4-28.8.2 libsamba-util0-debuginfo-32bit-4.2.4-28.8.2 libsamba-util0-debuginfo-4.2.4-28.8.2 libsamdb0-32bit-4.2.4-28.8.2 libsamdb0-4.2.4-28.8.2 libsamdb0-debuginfo-32bit-4.2.4-28.8.2 libsamdb0-debuginfo-4.2.4-28.8.2 libsmbclient-raw0-32bit-4.2.4-28.8.2 libsmbclient-raw0-4.2.4-28.8.2 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.8.2 libsmbclient-raw0-debuginfo-4.2.4-28.8.2 libsmbclient0-32bit-4.2.4-28.8.2 libsmbclient0-4.2.4-28.8.2 libsmbclient0-debuginfo-32bit-4.2.4-28.8.2 libsmbclient0-debuginfo-4.2.4-28.8.2 libsmbconf0-32bit-4.2.4-28.8.2 libsmbconf0-4.2.4-28.8.2 libsmbconf0-debuginfo-32bit-4.2.4-28.8.2 libsmbconf0-debuginfo-4.2.4-28.8.2 libsmbldap0-32bit-4.2.4-28.8.2 libsmbldap0-4.2.4-28.8.2 libsmbldap0-debuginfo-32bit-4.2.4-28.8.2 libsmbldap0-debuginfo-4.2.4-28.8.2 libtevent-util0-32bit-4.2.4-28.8.2 libtevent-util0-4.2.4-28.8.2 libtevent-util0-debuginfo-32bit-4.2.4-28.8.2 libtevent-util0-debuginfo-4.2.4-28.8.2 libwbclient0-32bit-4.2.4-28.8.2 libwbclient0-4.2.4-28.8.2 libwbclient0-debuginfo-32bit-4.2.4-28.8.2 libwbclient0-debuginfo-4.2.4-28.8.2 samba-32bit-4.2.4-28.8.2 samba-4.2.4-28.8.2 samba-client-32bit-4.2.4-28.8.2 samba-client-4.2.4-28.8.2 samba-client-debuginfo-32bit-4.2.4-28.8.2 samba-client-debuginfo-4.2.4-28.8.2 samba-debuginfo-32bit-4.2.4-28.8.2 samba-debuginfo-4.2.4-28.8.2 samba-debugsource-4.2.4-28.8.2 samba-libs-32bit-4.2.4-28.8.2 samba-libs-4.2.4-28.8.2 samba-libs-debuginfo-32bit-4.2.4-28.8.2 samba-libs-debuginfo-4.2.4-28.8.2 samba-winbind-32bit-4.2.4-28.8.2 samba-winbind-4.2.4-28.8.2 samba-winbind-debuginfo-32bit-4.2.4-28.8.2 samba-winbind-debuginfo-4.2.4-28.8.2 References: https://www.suse.com/security/cve/CVE-2017-2619.html https://bugzilla.suse.com/1019416 https://bugzilla.suse.com/1024416 https://bugzilla.suse.com/1027147 https://bugzilla.suse.com/993692 https://bugzilla.suse.com/993707 From sle-security-updates at lists.suse.com Wed Mar 29 13:11:27 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Mar 2017 21:11:27 +0200 (CEST) Subject: SUSE-SU-2017:0860-1: moderate: Security update for libpng12 Message-ID: <20170329191127.1DB78FFCF@maintenance.suse.de> SUSE Security Update: Security update for libpng12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0860-1 Rating: moderate References: #1017646 #958791 Cross-References: CVE-2015-8540 CVE-2016-10087 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libpng12 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-482=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-482=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-482=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-482=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-482=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-482=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-482=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpng12-compat-devel-1.2.50-19.1 libpng12-debugsource-1.2.50-19.1 libpng12-devel-1.2.50-19.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpng12-compat-devel-1.2.50-19.1 libpng12-debugsource-1.2.50-19.1 libpng12-devel-1.2.50-19.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpng12-0-1.2.50-19.1 libpng12-0-debuginfo-1.2.50-19.1 libpng12-debugsource-1.2.50-19.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpng12-0-1.2.50-19.1 libpng12-0-debuginfo-1.2.50-19.1 libpng12-debugsource-1.2.50-19.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpng12-0-32bit-1.2.50-19.1 libpng12-0-debuginfo-32bit-1.2.50-19.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpng12-0-1.2.50-19.1 libpng12-0-debuginfo-1.2.50-19.1 libpng12-debugsource-1.2.50-19.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpng12-0-32bit-1.2.50-19.1 libpng12-0-debuginfo-32bit-1.2.50-19.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpng12-0-1.2.50-19.1 libpng12-0-32bit-1.2.50-19.1 libpng12-0-debuginfo-1.2.50-19.1 libpng12-0-debuginfo-32bit-1.2.50-19.1 libpng12-debugsource-1.2.50-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpng12-0-1.2.50-19.1 libpng12-0-32bit-1.2.50-19.1 libpng12-0-debuginfo-1.2.50-19.1 libpng12-0-debuginfo-32bit-1.2.50-19.1 libpng12-debugsource-1.2.50-19.1 References: https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-10087.html https://bugzilla.suse.com/1017646 https://bugzilla.suse.com/958791 From sle-security-updates at lists.suse.com Wed Mar 29 13:14:11 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Mar 2017 21:14:11 +0200 (CEST) Subject: SUSE-SU-2017:0862-1: important: Security update for samba Message-ID: <20170329191411.6205BFFD6@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0862-1 Rating: important References: #1019416 #1024416 #1027147 #993692 #993707 Cross-References: CVE-2017-2619 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes: - Don't package man pages for VFS modules that aren't built (bsc#993707). - sync_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416). - Document "winbind: ignore domains" parameter; (bsc#1019416). - Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-481=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-481=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2017-481=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): ctdb-4.2.4-18.35.1 ctdb-debuginfo-4.2.4-18.35.1 libdcerpc-binding0-32bit-4.2.4-18.35.1 libdcerpc-binding0-4.2.4-18.35.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.35.1 libdcerpc-binding0-debuginfo-4.2.4-18.35.1 libdcerpc0-32bit-4.2.4-18.35.1 libdcerpc0-4.2.4-18.35.1 libdcerpc0-debuginfo-32bit-4.2.4-18.35.1 libdcerpc0-debuginfo-4.2.4-18.35.1 libgensec0-32bit-4.2.4-18.35.1 libgensec0-4.2.4-18.35.1 libgensec0-debuginfo-32bit-4.2.4-18.35.1 libgensec0-debuginfo-4.2.4-18.35.1 libndr-krb5pac0-32bit-4.2.4-18.35.1 libndr-krb5pac0-4.2.4-18.35.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.35.1 libndr-krb5pac0-debuginfo-4.2.4-18.35.1 libndr-nbt0-32bit-4.2.4-18.35.1 libndr-nbt0-4.2.4-18.35.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.35.1 libndr-nbt0-debuginfo-4.2.4-18.35.1 libndr-standard0-32bit-4.2.4-18.35.1 libndr-standard0-4.2.4-18.35.1 libndr-standard0-debuginfo-32bit-4.2.4-18.35.1 libndr-standard0-debuginfo-4.2.4-18.35.1 libndr0-32bit-4.2.4-18.35.1 libndr0-4.2.4-18.35.1 libndr0-debuginfo-32bit-4.2.4-18.35.1 libndr0-debuginfo-4.2.4-18.35.1 libnetapi0-32bit-4.2.4-18.35.1 libnetapi0-4.2.4-18.35.1 libnetapi0-debuginfo-32bit-4.2.4-18.35.1 libnetapi0-debuginfo-4.2.4-18.35.1 libregistry0-4.2.4-18.35.1 libregistry0-debuginfo-4.2.4-18.35.1 libsamba-credentials0-32bit-4.2.4-18.35.1 libsamba-credentials0-4.2.4-18.35.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.35.1 libsamba-credentials0-debuginfo-4.2.4-18.35.1 libsamba-hostconfig0-32bit-4.2.4-18.35.1 libsamba-hostconfig0-4.2.4-18.35.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.35.1 libsamba-hostconfig0-debuginfo-4.2.4-18.35.1 libsamba-passdb0-32bit-4.2.4-18.35.1 libsamba-passdb0-4.2.4-18.35.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.35.1 libsamba-passdb0-debuginfo-4.2.4-18.35.1 libsamba-util0-32bit-4.2.4-18.35.1 libsamba-util0-4.2.4-18.35.1 libsamba-util0-debuginfo-32bit-4.2.4-18.35.1 libsamba-util0-debuginfo-4.2.4-18.35.1 libsamdb0-32bit-4.2.4-18.35.1 libsamdb0-4.2.4-18.35.1 libsamdb0-debuginfo-32bit-4.2.4-18.35.1 libsamdb0-debuginfo-4.2.4-18.35.1 libsmbclient-raw0-32bit-4.2.4-18.35.1 libsmbclient-raw0-4.2.4-18.35.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.35.1 libsmbclient-raw0-debuginfo-4.2.4-18.35.1 libsmbclient0-32bit-4.2.4-18.35.1 libsmbclient0-4.2.4-18.35.1 libsmbclient0-debuginfo-32bit-4.2.4-18.35.1 libsmbclient0-debuginfo-4.2.4-18.35.1 libsmbconf0-32bit-4.2.4-18.35.1 libsmbconf0-4.2.4-18.35.1 libsmbconf0-debuginfo-32bit-4.2.4-18.35.1 libsmbconf0-debuginfo-4.2.4-18.35.1 libsmbldap0-32bit-4.2.4-18.35.1 libsmbldap0-4.2.4-18.35.1 libsmbldap0-debuginfo-32bit-4.2.4-18.35.1 libsmbldap0-debuginfo-4.2.4-18.35.1 libtevent-util0-32bit-4.2.4-18.35.1 libtevent-util0-4.2.4-18.35.1 libtevent-util0-debuginfo-32bit-4.2.4-18.35.1 libtevent-util0-debuginfo-4.2.4-18.35.1 libwbclient0-32bit-4.2.4-18.35.1 libwbclient0-4.2.4-18.35.1 libwbclient0-debuginfo-32bit-4.2.4-18.35.1 libwbclient0-debuginfo-4.2.4-18.35.1 samba-32bit-4.2.4-18.35.1 samba-4.2.4-18.35.1 samba-client-32bit-4.2.4-18.35.1 samba-client-4.2.4-18.35.1 samba-client-debuginfo-32bit-4.2.4-18.35.1 samba-client-debuginfo-4.2.4-18.35.1 samba-debuginfo-32bit-4.2.4-18.35.1 samba-debuginfo-4.2.4-18.35.1 samba-debugsource-4.2.4-18.35.1 samba-libs-32bit-4.2.4-18.35.1 samba-libs-4.2.4-18.35.1 samba-libs-debuginfo-32bit-4.2.4-18.35.1 samba-libs-debuginfo-4.2.4-18.35.1 samba-winbind-32bit-4.2.4-18.35.1 samba-winbind-4.2.4-18.35.1 samba-winbind-debuginfo-32bit-4.2.4-18.35.1 samba-winbind-debuginfo-4.2.4-18.35.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): samba-doc-4.2.4-18.35.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-18.35.1 ctdb-debuginfo-4.2.4-18.35.1 libdcerpc-binding0-4.2.4-18.35.1 libdcerpc-binding0-debuginfo-4.2.4-18.35.1 libdcerpc0-4.2.4-18.35.1 libdcerpc0-debuginfo-4.2.4-18.35.1 libgensec0-4.2.4-18.35.1 libgensec0-debuginfo-4.2.4-18.35.1 libndr-krb5pac0-4.2.4-18.35.1 libndr-krb5pac0-debuginfo-4.2.4-18.35.1 libndr-nbt0-4.2.4-18.35.1 libndr-nbt0-debuginfo-4.2.4-18.35.1 libndr-standard0-4.2.4-18.35.1 libndr-standard0-debuginfo-4.2.4-18.35.1 libndr0-4.2.4-18.35.1 libndr0-debuginfo-4.2.4-18.35.1 libnetapi0-4.2.4-18.35.1 libnetapi0-debuginfo-4.2.4-18.35.1 libregistry0-4.2.4-18.35.1 libregistry0-debuginfo-4.2.4-18.35.1 libsamba-credentials0-4.2.4-18.35.1 libsamba-credentials0-debuginfo-4.2.4-18.35.1 libsamba-hostconfig0-4.2.4-18.35.1 libsamba-hostconfig0-debuginfo-4.2.4-18.35.1 libsamba-passdb0-4.2.4-18.35.1 libsamba-passdb0-debuginfo-4.2.4-18.35.1 libsamba-util0-4.2.4-18.35.1 libsamba-util0-debuginfo-4.2.4-18.35.1 libsamdb0-4.2.4-18.35.1 libsamdb0-debuginfo-4.2.4-18.35.1 libsmbclient-raw0-4.2.4-18.35.1 libsmbclient-raw0-debuginfo-4.2.4-18.35.1 libsmbclient0-4.2.4-18.35.1 libsmbclient0-debuginfo-4.2.4-18.35.1 libsmbconf0-4.2.4-18.35.1 libsmbconf0-debuginfo-4.2.4-18.35.1 libsmbldap0-4.2.4-18.35.1 libsmbldap0-debuginfo-4.2.4-18.35.1 libtevent-util0-4.2.4-18.35.1 libtevent-util0-debuginfo-4.2.4-18.35.1 libwbclient0-4.2.4-18.35.1 libwbclient0-debuginfo-4.2.4-18.35.1 samba-4.2.4-18.35.1 samba-client-4.2.4-18.35.1 samba-client-debuginfo-4.2.4-18.35.1 samba-debuginfo-4.2.4-18.35.1 samba-debugsource-4.2.4-18.35.1 samba-libs-4.2.4-18.35.1 samba-libs-debuginfo-4.2.4-18.35.1 samba-winbind-4.2.4-18.35.1 samba-winbind-debuginfo-4.2.4-18.35.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.35.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.35.1 libdcerpc0-32bit-4.2.4-18.35.1 libdcerpc0-debuginfo-32bit-4.2.4-18.35.1 libgensec0-32bit-4.2.4-18.35.1 libgensec0-debuginfo-32bit-4.2.4-18.35.1 libndr-krb5pac0-32bit-4.2.4-18.35.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.35.1 libndr-nbt0-32bit-4.2.4-18.35.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.35.1 libndr-standard0-32bit-4.2.4-18.35.1 libndr-standard0-debuginfo-32bit-4.2.4-18.35.1 libndr0-32bit-4.2.4-18.35.1 libndr0-debuginfo-32bit-4.2.4-18.35.1 libnetapi0-32bit-4.2.4-18.35.1 libnetapi0-debuginfo-32bit-4.2.4-18.35.1 libsamba-credentials0-32bit-4.2.4-18.35.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.35.1 libsamba-hostconfig0-32bit-4.2.4-18.35.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.35.1 libsamba-passdb0-32bit-4.2.4-18.35.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.35.1 libsamba-util0-32bit-4.2.4-18.35.1 libsamba-util0-debuginfo-32bit-4.2.4-18.35.1 libsamdb0-32bit-4.2.4-18.35.1 libsamdb0-debuginfo-32bit-4.2.4-18.35.1 libsmbclient-raw0-32bit-4.2.4-18.35.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.35.1 libsmbclient0-32bit-4.2.4-18.35.1 libsmbclient0-debuginfo-32bit-4.2.4-18.35.1 libsmbconf0-32bit-4.2.4-18.35.1 libsmbconf0-debuginfo-32bit-4.2.4-18.35.1 libsmbldap0-32bit-4.2.4-18.35.1 libsmbldap0-debuginfo-32bit-4.2.4-18.35.1 libtevent-util0-32bit-4.2.4-18.35.1 libtevent-util0-debuginfo-32bit-4.2.4-18.35.1 libwbclient0-32bit-4.2.4-18.35.1 libwbclient0-debuginfo-32bit-4.2.4-18.35.1 samba-32bit-4.2.4-18.35.1 samba-client-32bit-4.2.4-18.35.1 samba-client-debuginfo-32bit-4.2.4-18.35.1 samba-debuginfo-32bit-4.2.4-18.35.1 samba-libs-32bit-4.2.4-18.35.1 samba-libs-debuginfo-32bit-4.2.4-18.35.1 samba-winbind-32bit-4.2.4-18.35.1 samba-winbind-debuginfo-32bit-4.2.4-18.35.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): samba-doc-4.2.4-18.35.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): ctdb-4.2.4-18.35.1 ctdb-debuginfo-4.2.4-18.35.1 References: https://www.suse.com/security/cve/CVE-2017-2619.html https://bugzilla.suse.com/1019416 https://bugzilla.suse.com/1024416 https://bugzilla.suse.com/1027147 https://bugzilla.suse.com/993692 https://bugzilla.suse.com/993707 From sle-security-updates at lists.suse.com Wed Mar 29 22:09:05 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 06:09:05 +0200 (CEST) Subject: SUSE-SU-2017:0864-1: important: Security update for the Linux Kernel Message-ID: <20170330040905.DE69EF7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0864-1 Rating: important References: #1027565 #1028372 #1030573 Cross-References: CVE-2017-2636 CVE-2017-7184 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to fix the following security bugs: - CVE-2017-7184: The Linux kernel allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bnc#1030573, bnc#1028372). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-487=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-487=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-487=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-487=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-487=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-487=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-487=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-487=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.49-92.14.1 kernel-default-debugsource-4.4.49-92.14.1 kernel-default-extra-4.4.49-92.14.1 kernel-default-extra-debuginfo-4.4.49-92.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.49-92.14.1 kernel-obs-build-debugsource-4.4.49-92.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.49-92.14.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.49-92.14.1 kernel-default-base-4.4.49-92.14.1 kernel-default-base-debuginfo-4.4.49-92.14.1 kernel-default-debuginfo-4.4.49-92.14.1 kernel-default-debugsource-4.4.49-92.14.1 kernel-default-devel-4.4.49-92.14.1 kernel-syms-4.4.49-92.14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.49-92.14.1 kernel-macros-4.4.49-92.14.1 kernel-source-4.4.49-92.14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.49-92.14.1 kernel-default-base-4.4.49-92.14.1 kernel-default-base-debuginfo-4.4.49-92.14.1 kernel-default-debuginfo-4.4.49-92.14.1 kernel-default-debugsource-4.4.49-92.14.1 kernel-default-devel-4.4.49-92.14.1 kernel-syms-4.4.49-92.14.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.49-92.14.1 kernel-macros-4.4.49-92.14.1 kernel-source-4.4.49-92.14.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_14-default-1-2.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.49-92.14.1 cluster-md-kmp-default-debuginfo-4.4.49-92.14.1 cluster-network-kmp-default-4.4.49-92.14.1 cluster-network-kmp-default-debuginfo-4.4.49-92.14.1 dlm-kmp-default-4.4.49-92.14.1 dlm-kmp-default-debuginfo-4.4.49-92.14.1 gfs2-kmp-default-4.4.49-92.14.1 gfs2-kmp-default-debuginfo-4.4.49-92.14.1 kernel-default-debuginfo-4.4.49-92.14.1 kernel-default-debugsource-4.4.49-92.14.1 ocfs2-kmp-default-4.4.49-92.14.1 ocfs2-kmp-default-debuginfo-4.4.49-92.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.49-92.14.1 kernel-default-debuginfo-4.4.49-92.14.1 kernel-default-debugsource-4.4.49-92.14.1 kernel-default-devel-4.4.49-92.14.1 kernel-default-extra-4.4.49-92.14.1 kernel-default-extra-debuginfo-4.4.49-92.14.1 kernel-syms-4.4.49-92.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.49-92.14.1 kernel-macros-4.4.49-92.14.1 kernel-source-4.4.49-92.14.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.49-92.14.1 kernel-default-debuginfo-4.4.49-92.14.1 kernel-default-debugsource-4.4.49-92.14.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1027565 https://bugzilla.suse.com/1028372 https://bugzilla.suse.com/1030573 From sle-security-updates at lists.suse.com Wed Mar 29 22:09:58 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 06:09:58 +0200 (CEST) Subject: SUSE-SU-2017:0865-1: important: Security update for the Linux Kernel Message-ID: <20170330040958.9014CF7C9@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0865-1 Rating: important References: #1027565 #1028372 #1030573 Cross-References: CVE-2017-2636 CVE-2017-7184 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to fix the following security bugs: - CVE-2017-7184: The Linux kernel allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bnc#1030573, bnc#1028372). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-485=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-485=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-485=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-485=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-485=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-485=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.69-60.64.35.1 kernel-default-debugsource-3.12.69-60.64.35.1 kernel-default-extra-3.12.69-60.64.35.1 kernel-default-extra-debuginfo-3.12.69-60.64.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.69-60.64.35.1 kernel-obs-build-debugsource-3.12.69-60.64.35.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.69-60.64.35.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.69-60.64.35.1 kernel-default-base-3.12.69-60.64.35.1 kernel-default-base-debuginfo-3.12.69-60.64.35.1 kernel-default-debuginfo-3.12.69-60.64.35.1 kernel-default-debugsource-3.12.69-60.64.35.1 kernel-default-devel-3.12.69-60.64.35.1 kernel-syms-3.12.69-60.64.35.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.69-60.64.35.1 kernel-macros-3.12.69-60.64.35.1 kernel-source-3.12.69-60.64.35.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.69-60.64.35.1 kernel-xen-base-3.12.69-60.64.35.1 kernel-xen-base-debuginfo-3.12.69-60.64.35.1 kernel-xen-debuginfo-3.12.69-60.64.35.1 kernel-xen-debugsource-3.12.69-60.64.35.1 kernel-xen-devel-3.12.69-60.64.35.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.69-60.64.35.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.69-60.64.35.1 kernel-ec2-debuginfo-3.12.69-60.64.35.1 kernel-ec2-debugsource-3.12.69-60.64.35.1 kernel-ec2-devel-3.12.69-60.64.35.1 kernel-ec2-extra-3.12.69-60.64.35.1 kernel-ec2-extra-debuginfo-3.12.69-60.64.35.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_35-default-1-2.1 kgraft-patch-3_12_69-60_64_35-xen-1-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.69-60.64.35.1 kernel-default-debuginfo-3.12.69-60.64.35.1 kernel-default-debugsource-3.12.69-60.64.35.1 kernel-default-devel-3.12.69-60.64.35.1 kernel-default-extra-3.12.69-60.64.35.1 kernel-default-extra-debuginfo-3.12.69-60.64.35.1 kernel-syms-3.12.69-60.64.35.1 kernel-xen-3.12.69-60.64.35.1 kernel-xen-debuginfo-3.12.69-60.64.35.1 kernel-xen-debugsource-3.12.69-60.64.35.1 kernel-xen-devel-3.12.69-60.64.35.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.69-60.64.35.1 kernel-macros-3.12.69-60.64.35.1 kernel-source-3.12.69-60.64.35.1 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1027565 https://bugzilla.suse.com/1028372 https://bugzilla.suse.com/1030573 From sle-security-updates at lists.suse.com Wed Mar 29 22:10:43 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 06:10:43 +0200 (CEST) Subject: SUSE-SU-2017:0866-1: important: Security update for the Linux Kernel Message-ID: <20170330041043.E675CF7C0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0866-1 Rating: important References: #1027565 #1028372 #1030573 Cross-References: CVE-2017-2636 CVE-2017-7184 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to fix the following security bugs: - CVE-2017-7184: The Linux kernel allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bnc#1030573, bnc#1028372). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-486=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-486=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-486=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.61-52.69.2 kernel-macros-3.12.61-52.69.2 kernel-source-3.12.61-52.69.2 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.61-52.69.2 kernel-default-base-3.12.61-52.69.2 kernel-default-base-debuginfo-3.12.61-52.69.2 kernel-default-debuginfo-3.12.61-52.69.2 kernel-default-debugsource-3.12.61-52.69.2 kernel-default-devel-3.12.61-52.69.2 kernel-syms-3.12.61-52.69.1 kernel-xen-3.12.61-52.69.2 kernel-xen-base-3.12.61-52.69.2 kernel-xen-base-debuginfo-3.12.61-52.69.2 kernel-xen-debuginfo-3.12.61-52.69.2 kernel-xen-debugsource-3.12.61-52.69.2 kernel-xen-devel-3.12.61-52.69.2 kgraft-patch-3_12_61-52_69-default-1-2.3 kgraft-patch-3_12_61-52_69-xen-1-2.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.69.2 kernel-default-base-3.12.61-52.69.2 kernel-default-base-debuginfo-3.12.61-52.69.2 kernel-default-debuginfo-3.12.61-52.69.2 kernel-default-debugsource-3.12.61-52.69.2 kernel-default-devel-3.12.61-52.69.2 kernel-syms-3.12.61-52.69.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.69.2 kernel-xen-base-3.12.61-52.69.2 kernel-xen-base-debuginfo-3.12.61-52.69.2 kernel-xen-debuginfo-3.12.61-52.69.2 kernel-xen-debugsource-3.12.61-52.69.2 kernel-xen-devel-3.12.61-52.69.2 kgraft-patch-3_12_61-52_69-default-1-2.3 kgraft-patch-3_12_61-52_69-xen-1-2.3 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.69.2 kernel-macros-3.12.61-52.69.2 kernel-source-3.12.61-52.69.2 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.69.2 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.69.2 kernel-ec2-debuginfo-3.12.61-52.69.2 kernel-ec2-debugsource-3.12.61-52.69.2 kernel-ec2-devel-3.12.61-52.69.2 kernel-ec2-extra-3.12.61-52.69.2 kernel-ec2-extra-debuginfo-3.12.61-52.69.2 References: https://www.suse.com/security/cve/CVE-2017-2636.html https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1027565 https://bugzilla.suse.com/1028372 https://bugzilla.suse.com/1030573 From sle-security-updates at lists.suse.com Thu Mar 30 04:09:19 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:09:19 +0200 (CEST) Subject: SUSE-SU-2017:0867-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 Message-ID: <20170330100919.7463CF7D1@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0867-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.21-81 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-495=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:09:45 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:09:45 +0200 (CEST) Subject: SUSE-SU-2017:0868-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 Message-ID: <20170330100945.75525F7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0868-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.67-60_64_21 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-498=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_21-default-5-2.1 kgraft-patch-3_12_67-60_64_21-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:10:08 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:10:08 +0200 (CEST) Subject: SUSE-SU-2017:0869-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 Message-ID: <20170330101008.BE62FF7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0869-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.21-84 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-493=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-84-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:10:32 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:10:32 +0200 (CEST) Subject: SUSE-SU-2017:0870-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 Message-ID: <20170330101032.87E1EF7D1@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0870-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-488=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-5-14.2 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:10:56 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:10:56 +0200 (CEST) Subject: SUSE-SU-2017:0871-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 Message-ID: <20170330101056.C5FF1F7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0871-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.69-60_64_29 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-497=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_29-default-3-2.1 kgraft-patch-3_12_69-60_64_29-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:11:21 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:11:21 +0200 (CEST) Subject: SUSE-SU-2017:0872-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 Message-ID: <20170330101121.52EDCF7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0872-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.69-60_64_32 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-496=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_69-60_64_32-default-2-2.1 kgraft-patch-3_12_69-60_64_32-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:11:44 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:11:44 +0200 (CEST) Subject: SUSE-SU-2017:0873-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 Message-ID: <20170330101144.06C86F7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0873-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.55-52_45 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-510=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-510=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-8-2.1 kgraft-patch-3_12_55-52_45-xen-8-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-8-2.1 kgraft-patch-3_12_55-52_45-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:12:09 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:12:09 +0200 (CEST) Subject: SUSE-SU-2017:0874-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 Message-ID: <20170330101209.02F42F7D1@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0874-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-504=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-9-2.1 kgraft-patch-3_12_57-60_35-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:12:31 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:12:31 +0200 (CEST) Subject: SUSE-SU-2017:0875-1: important: Security update for Linux Kernel Live Patch 19 for SLE 12 Message-ID: <20170330101231.26B01F7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 19 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0875-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.61-52_66 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-494=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-494=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_61-52_66-default-3-2.1 kgraft-patch-3_12_61-52_66-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_66-default-3-2.1 kgraft-patch-3_12_61-52_66-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:12:55 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:12:55 +0200 (CEST) Subject: SUSE-SU-2017:0876-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12 Message-ID: <20170330101255.D5E91F7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0876-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_60 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-506=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-506=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_60-default-4-2.1 kgraft-patch-3_12_60-52_60-xen-4-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_60-default-4-2.1 kgraft-patch-3_12_60-52_60-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:13:18 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:13:18 +0200 (CEST) Subject: SUSE-SU-2017:0877-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 Message-ID: <20170330101318.E1413F7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0877-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-502=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-9-2.1 kgraft-patch-3_12_59-60_45-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:13:45 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:13:45 +0200 (CEST) Subject: SUSE-SU-2017:0878-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 Message-ID: <20170330101345.291FDF7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0878-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-492=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:14:08 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:14:08 +0200 (CEST) Subject: SUSE-SU-2017:0879-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20170330101408.DBB2BF7C9@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0879-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-501=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_64_8-default-7-2.1 kgraft-patch-3_12_62-60_64_8-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:14:34 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:14:34 +0200 (CEST) Subject: SUSE-SU-2017:0880-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 Message-ID: <20170330101434.EE9A1F7CD@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0880-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-508=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-508=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-8-2.1 kgraft-patch-3_12_60-52_54-xen-8-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-8-2.1 kgraft-patch-3_12_60-52_54-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:15:00 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:15:00 +0200 (CEST) Subject: SUSE-SU-2017:0881-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 Message-ID: <20170330101500.07B59F7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0881-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-509=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-509=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-8-2.1 kgraft-patch-3_12_60-52_49-xen-8-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-8-2.1 kgraft-patch-3_12_60-52_49-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:15:32 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:15:32 +0200 (CEST) Subject: SUSE-SU-2017:0882-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20170330101532.D1E9FF7C9@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0882-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-503=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-9-2.1 kgraft-patch-3_12_59-60_41-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:16:05 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:16:05 +0200 (CEST) Subject: SUSE-SU-2017:0883-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 Message-ID: <20170330101605.47458F7C9@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0883-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.62-60_62 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-500=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-8-2.1 kgraft-patch-3_12_62-60_62-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:16:35 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:16:35 +0200 (CEST) Subject: SUSE-SU-2017:0884-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 Message-ID: <20170330101635.60834F7C9@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0884-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.38-93 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-491=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:17:06 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:17:06 +0200 (CEST) Subject: SUSE-SU-2017:0885-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2 Message-ID: <20170330101706.40ECAF7D1@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0885-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.49-92_11 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-490=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_11-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:17:30 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:17:30 +0200 (CEST) Subject: SUSE-SU-2017:0886-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 Message-ID: <20170330101730.6CA8BF7C9@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0886-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.67-60_64_24 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-489=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_24-default-4-2.1 kgraft-patch-3_12_67-60_64_24-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:17:55 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:17:55 +0200 (CEST) Subject: SUSE-SU-2017:0887-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 Message-ID: <20170330101755.3541EF7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0887-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-499=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_18-default-6-2.1 kgraft-patch-3_12_67-60_64_18-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:18:20 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:18:20 +0200 (CEST) Subject: SUSE-SU-2017:0888-1: important: Security update for Linux Kernel Live Patch 18 for SLE 12 Message-ID: <20170330101820.CE1A6F7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 18 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0888-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_63 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-505=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-505=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_63-default-4-2.1 kgraft-patch-3_12_60-52_63-xen-4-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_63-default-4-2.1 kgraft-patch-3_12_60-52_63-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Thu Mar 30 04:18:51 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Mar 2017 12:18:51 +0200 (CEST) Subject: SUSE-SU-2017:0889-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12 Message-ID: <20170330101851.2EE63F7C0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0889-1 Rating: important References: #1030575 Cross-References: CVE-2017-7184 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_57 fixes one issue. The following security bugs were fixed: - CVE-2017-7184: The XFRM processsing in the Linux kernel 16.10 allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via an integer overflow, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bsc#1030575). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-507=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-507=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_57-default-5-2.1 kgraft-patch-3_12_60-52_57-xen-5-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_57-default-5-2.1 kgraft-patch-3_12_60-52_57-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-7184.html https://bugzilla.suse.com/1030575 From sle-security-updates at lists.suse.com Fri Mar 31 10:13:46 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Mar 2017 18:13:46 +0200 (CEST) Subject: SUSE-SU-2017:0899-1: moderate: Security update for php7 Message-ID: <20170331161346.C091BF7C0@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0899-1 Rating: moderate References: #1027210 Cross-References: CVE-2015-8994 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: Security issue fixed: - CVE-2015-8994: code permission/sensitive data protection vulnerability (bsc#1027210). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-514=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-514=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-514=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-38.1 php7-debugsource-7.0.7-38.1 php7-devel-7.0.7-38.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php7-debuginfo-7.0.7-38.1 php7-debugsource-7.0.7-38.1 php7-devel-7.0.7-38.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-38.1 apache2-mod_php7-debuginfo-7.0.7-38.1 php7-7.0.7-38.1 php7-bcmath-7.0.7-38.1 php7-bcmath-debuginfo-7.0.7-38.1 php7-bz2-7.0.7-38.1 php7-bz2-debuginfo-7.0.7-38.1 php7-calendar-7.0.7-38.1 php7-calendar-debuginfo-7.0.7-38.1 php7-ctype-7.0.7-38.1 php7-ctype-debuginfo-7.0.7-38.1 php7-curl-7.0.7-38.1 php7-curl-debuginfo-7.0.7-38.1 php7-dba-7.0.7-38.1 php7-dba-debuginfo-7.0.7-38.1 php7-debuginfo-7.0.7-38.1 php7-debugsource-7.0.7-38.1 php7-dom-7.0.7-38.1 php7-dom-debuginfo-7.0.7-38.1 php7-enchant-7.0.7-38.1 php7-enchant-debuginfo-7.0.7-38.1 php7-exif-7.0.7-38.1 php7-exif-debuginfo-7.0.7-38.1 php7-fastcgi-7.0.7-38.1 php7-fastcgi-debuginfo-7.0.7-38.1 php7-fileinfo-7.0.7-38.1 php7-fileinfo-debuginfo-7.0.7-38.1 php7-fpm-7.0.7-38.1 php7-fpm-debuginfo-7.0.7-38.1 php7-ftp-7.0.7-38.1 php7-ftp-debuginfo-7.0.7-38.1 php7-gd-7.0.7-38.1 php7-gd-debuginfo-7.0.7-38.1 php7-gettext-7.0.7-38.1 php7-gettext-debuginfo-7.0.7-38.1 php7-gmp-7.0.7-38.1 php7-gmp-debuginfo-7.0.7-38.1 php7-iconv-7.0.7-38.1 php7-iconv-debuginfo-7.0.7-38.1 php7-imap-7.0.7-38.1 php7-imap-debuginfo-7.0.7-38.1 php7-intl-7.0.7-38.1 php7-intl-debuginfo-7.0.7-38.1 php7-json-7.0.7-38.1 php7-json-debuginfo-7.0.7-38.1 php7-ldap-7.0.7-38.1 php7-ldap-debuginfo-7.0.7-38.1 php7-mbstring-7.0.7-38.1 php7-mbstring-debuginfo-7.0.7-38.1 php7-mcrypt-7.0.7-38.1 php7-mcrypt-debuginfo-7.0.7-38.1 php7-mysql-7.0.7-38.1 php7-mysql-debuginfo-7.0.7-38.1 php7-odbc-7.0.7-38.1 php7-odbc-debuginfo-7.0.7-38.1 php7-opcache-7.0.7-38.1 php7-opcache-debuginfo-7.0.7-38.1 php7-openssl-7.0.7-38.1 php7-openssl-debuginfo-7.0.7-38.1 php7-pcntl-7.0.7-38.1 php7-pcntl-debuginfo-7.0.7-38.1 php7-pdo-7.0.7-38.1 php7-pdo-debuginfo-7.0.7-38.1 php7-pgsql-7.0.7-38.1 php7-pgsql-debuginfo-7.0.7-38.1 php7-phar-7.0.7-38.1 php7-phar-debuginfo-7.0.7-38.1 php7-posix-7.0.7-38.1 php7-posix-debuginfo-7.0.7-38.1 php7-pspell-7.0.7-38.1 php7-pspell-debuginfo-7.0.7-38.1 php7-shmop-7.0.7-38.1 php7-shmop-debuginfo-7.0.7-38.1 php7-snmp-7.0.7-38.1 php7-snmp-debuginfo-7.0.7-38.1 php7-soap-7.0.7-38.1 php7-soap-debuginfo-7.0.7-38.1 php7-sockets-7.0.7-38.1 php7-sockets-debuginfo-7.0.7-38.1 php7-sqlite-7.0.7-38.1 php7-sqlite-debuginfo-7.0.7-38.1 php7-sysvmsg-7.0.7-38.1 php7-sysvmsg-debuginfo-7.0.7-38.1 php7-sysvsem-7.0.7-38.1 php7-sysvsem-debuginfo-7.0.7-38.1 php7-sysvshm-7.0.7-38.1 php7-sysvshm-debuginfo-7.0.7-38.1 php7-tokenizer-7.0.7-38.1 php7-tokenizer-debuginfo-7.0.7-38.1 php7-wddx-7.0.7-38.1 php7-wddx-debuginfo-7.0.7-38.1 php7-xmlreader-7.0.7-38.1 php7-xmlreader-debuginfo-7.0.7-38.1 php7-xmlrpc-7.0.7-38.1 php7-xmlrpc-debuginfo-7.0.7-38.1 php7-xmlwriter-7.0.7-38.1 php7-xmlwriter-debuginfo-7.0.7-38.1 php7-xsl-7.0.7-38.1 php7-xsl-debuginfo-7.0.7-38.1 php7-zip-7.0.7-38.1 php7-zip-debuginfo-7.0.7-38.1 php7-zlib-7.0.7-38.1 php7-zlib-debuginfo-7.0.7-38.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-38.1 php7-pear-Archive_Tar-7.0.7-38.1 References: https://www.suse.com/security/cve/CVE-2015-8994.html https://bugzilla.suse.com/1027210 From sle-security-updates at lists.suse.com Fri Mar 31 10:14:24 2017 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Mar 2017 18:14:24 +0200 (CEST) Subject: SUSE-SU-2017:0901-1: moderate: Security update for libpng12-0 Message-ID: <20170331161424.96775FC60@maintenance.suse.de> SUSE Security Update: Security update for libpng12-0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0901-1 Rating: moderate References: #1017646 #958791 Cross-References: CVE-2015-8540 CVE-2016-10087 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libpng12-0 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libpng12-0-13045=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libpng12-0-13045=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libpng12-0-13045=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.43.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.43.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.43.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.43.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libpng12-0-x86-1.2.31-5.43.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpng12-0-debuginfo-1.2.31-5.43.1 libpng12-0-debugsource-1.2.31-5.43.1 References: https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-10087.html https://bugzilla.suse.com/1017646 https://bugzilla.suse.com/958791